Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Windows 10 (and prior) bug corrupts your hard drive on seeing this file's icon (Zero-day, not fixed)
Bleeping Computer ^ | Jan 14, 2021 | Ax Sharma

Posted on 01/15/2021 8:43:27 AM PST by dayglored

An unpatched zero-day in Microsoft Windows 10 (and prior) allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.

In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly.

"Critically underestimated" NTFS vulnerability

In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed.

When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records.

The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version.

What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems.

A drive can become corrupted by merely trying to access the $i30 NTFS attribute on a folder in a certain way.

[Much more information, pics, examples, etc. at the article link...]

(Excerpt) Read more at bleepingcomputer.com ...


TOPICS: Business/Economy; Computers/Internet; Hobbies
KEYWORDS: diskcorruption; internet; microsoft; tech; windows; windows10; windowspinglist; zeroday
Navigation: use the links below to view more comments.
first previous 1-2021-4041-44 next last
To: dayglored

Thank you!

(Off to create a system image now!)


21 posted on 01/15/2021 9:40:31 AM PST by Pete from Shawnee Mission
[ Post Reply | Private Reply | To 2 | View Replies]

To: nuconvert
> SO what is the one-line command and how do I know if my computer is in jeopardy?

The means for triggering the flaw are in the article.

If you're running Windows XP or later up to and including the latest Windows 10, your computer is vulnerable to this corruption.

That said, it's not going to suddenly corrupt itself -- you or a bad guy would have to do it intentionally. So: 1) don't execute the command that does it, and b) secure your system to be as safe as possible from bad guys.

I assume you know how to do the latter. If not, and you're running Windows, I recommend that you start learning quick. :-)

22 posted on 01/15/2021 10:02:31 AM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 19 | View Replies]

To: dayglored

How long until the log in screen demands faelty to BLM and Biden to allow you to log in?


23 posted on 01/15/2021 10:20:57 AM PST by Organic Panic (Flinging poo is not a valid argument)
[ Post Reply | Private Reply | To 1 | View Replies]

This is really not a big deal, interesting yes but really bad no.

It does not corrupt data or the hard drive in reality, just throws an error msg.


24 posted on 01/15/2021 10:37:00 AM PST by algore
[ Post Reply | Private Reply | To 23 | View Replies]

To: dayglored
If you're running Windows XP or later up to and including the latest Windows 10, your computer is vulnerable to this corruption.

It's been around 20 years?

25 posted on 01/15/2021 11:01:03 AM PST by Right Wing Assault (Die-ggl,TWT,FCBK,NYT,WPo,Hwd,CNN,NFL,BLM,CAIR,Antf,SPLC,ESPN,NPR,NBA,ARP,MSNBC )
[ Post Reply | Private Reply | To 22 | View Replies]

To: dayglored
Don't know if it's related to this, but a couple of weeks ago my wife was having some problems with her laptop (Windows 8.1) so I tried to run System Restore back to a point a couple of months ago.

A message came up ... System restore failed while scanning file system on drive C. Drive might be corrupt. Try System Restore after chkdsk /R on this disk. Unspecified error occurred (0x81000204).

I wasn't sure how to do that chkdsk thing, so right now she is just borrowing my laptop. Any ideas for how I might help get her rolling again?

26 posted on 01/15/2021 11:06:23 AM PST by deoetdoctrinae (Become a monthly donor and stamp out FReepathons.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Organic Panic
> How long until the log in screen demands faelty to BLM and Biden to allow you to log in?

How long until the MS-Word spell/grammar-check starts flagging politically incorrect speech?

"It looks like you're writing from a problematic, conservative point of view. We have corrected your comments to align with the approved narrative."

27 posted on 01/15/2021 12:08:28 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 23 | View Replies]

To: Right Wing Assault
> It's been around 20 years?

The NTFS filesystem was designed in the early 1990's. Life was more innocent back then.

28 posted on 01/15/2021 12:09:47 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 25 | View Replies]

To: deoetdoctrinae
> ...I wasn't sure how to do that chkdsk thing...

Before anything else, please attempt to take a full backup of the disk, onto an external drive.

  1. You need to do this with administrator privilege, so do it while logged in as the Administrator, or a user who is a member of the Administrators Group.
  2. Open a Command Prompt ("DOS-box") window.
  3. Type this command:
    chkdsk /f /r
  4. Hit Enter.
  5. Answer the question in the affirmative (type y).
  6. Exit from the command prompt.
  7. Restart (reboot) the computer. The CHKSDK program will run before Windows comes up. It will print a lot of status information for your amusement. Hopefully it will fix any problems it finds. Depending on the size of your disk and how much stuff is on it, CHKDSK could take anywhere from a few minutes to a few hours.
  8. As soon as possible, take another full backup of the disk onto an external drive.

29 posted on 01/15/2021 12:21:37 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 26 | View Replies]

To: dayglored
“Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible,” a Microsoft spokesperson told BleepingComputer.

Oh. That's reassuring.

Can this bug be exploited to provide admin access to hackers?

Will the bug be fixed, or will Microsoft just tell people to run chkdsk /f ?

I would try chkdsk /f before going to chkdsk /r.

30 posted on 01/15/2021 12:55:21 PM PST by TChad (The MSM, having nuked its own credibility, is now bombing the rubble.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored
Thanks very much for the info. I just spotted an ad from Office Depot for a Western Digital 1TB external hard drive on sale for $54.99. Will be picking one up tomorrow and try out your instructions. Thanks again!
31 posted on 01/15/2021 2:27:51 PM PST by deoetdoctrinae (Become a monthly donor and stamp out FReepathons.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: deoetdoctrinae

Sounds good. Be aware that if the computer’s disk is having corruption problems, it’s likely that the backup process will encounter errors. So use a backup program that has some form of option to “ignore read errors and continue”, otherwise the backup will fail and stop partway through. Most commercial (and many free) backup programs have a way to do that.


32 posted on 01/15/2021 2:41:20 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 31 | View Replies]

To: dayglored
Here's the fix.


33 posted on 01/15/2021 2:52:17 PM PST by McGruff (We're no better than a third world country now)
[ Post Reply | Private Reply | To 1 | View Replies]

To: McGruff

Maybe not. The update at the end of the article indicates that this problem exists all the way back to Windows XP. So it’s likely that Windows 7 is vulnerable too.


34 posted on 01/15/2021 2:55:00 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 33 | View Replies]

To: dayglored

Thanks for the information.

For those of us who STILL haven’t memorized all the flags for Dark Operating System commands, here is a handy reference page.

https://kb.wisc.edu/helpdesk/page.php?id=903#menu


35 posted on 01/15/2021 6:36:26 PM PST by BraveMan
[ Post Reply | Private Reply | To 2 | View Replies]

To: dayglored

Does it corrupt Microsoft Edge?


36 posted on 01/16/2021 10:09:51 AM PST by nuconvert ( Warning: Accused of being a radical militarist. Approach with caution.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: nuconvert

Disk corruption can and will mess up anything at all, including Edge. But I don’t get the impression, reading the article, that the corruption focuses on any given application. The flaw that triggers the problem has been part of Windows/NTFS for over a decade, so it long pre-dates any thought of Edge.


37 posted on 01/16/2021 1:05:52 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 36 | View Replies]

To: dayglored

Thanks


38 posted on 01/16/2021 1:15:21 PM PST by nuconvert ( Warning: Accused of being a radical militarist. Approach with caution.)
[ Post Reply | Private Reply | To 37 | View Replies]

To: dayglored
I backed up her drive to the WD external drive that I bought today. Did the safely eject thing, then did the chkdsk /f
/r command per your info...(You need to do this with administrator privilege, so do it while logged in as the Administrator, or a user who is a member of the Administrators Group.)

She is the only one that uses that computer, so I just assumed she had Administrator privileges. But when I entered that command, this shows up...access denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode.

I'm stymied for the moment. Any ideas as to how to gain those privileges?

39 posted on 01/16/2021 1:16:43 PM PST by deoetdoctrinae (Become a monthly donor and stamp out FReepathons.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: deoetdoctrinae
Are you running the "Home" version or the "Pro" version?

If "Home", you'll need to login as "Owner" or whatever they call the first user under Win10 Home. I'm pretty sure "Owner" is an Administrator.

If "Pro", you can start the Command Prompt with a right-click and "Run-As" and tell it to start as an Administrator.

(Maybe in Home you can right-click and do a "Run-As". I don't have a Home setup to test that on.)

That's all I can think of offhand, let me know what you learn from the above.

40 posted on 01/16/2021 1:47:05 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 39 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-44 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson