Microsoft is working to fix a critical NTFS vulnerability on Windows 10 that can corrupt users’ hard drives when they open an HTML file, a Windows shortcut, or extract a Zip file that contains a one-line command (via The Verge). When the vulnerability is triggered, users will see a pop up saying that they need to restart their PC to repair drive errors, and doing so will initiate the Windows check disk utility on reboot to repair the corrupted disk.
The vulnerability was actually discovered two years ago by Will Dorman, a security researcher at the CERT Coordination Center. If Dormann believed that Windows 10 versions older than 1803 may not be affected, Bleeping Computer is reporting today that the NTFS issue also impacts older versions of Windows XP.
This problem seems to be introduced around the time of Windows 10 1803. Prior versions of Windows do not appear to be affected.
I’ll give Microsoft a shot at addressing this before disclosing what the value of <specialdir> is.
Though I question how such things get prioritized…
— Will Dormann (@wdormann) January 9, 2021
This vulnerability is pretty serious as it can be hidden in a random file and corrupt your hard drive instantly. Worse, Bleeping Computer discovered that it can also be triggered when the Windows File Explorer simply displays a corrupted shortcut hiding the malicious command in a folder. “To do this, Windows Explorer would attempt to access the crafted icon path inside the file in the background, thereby corrupting the NTFS hard drive in the process,” the report explained.
Microsoft has finally acknowledged this critical vulnerability in a statement to The Verge, promising a fix in a future update. “We are aware of this issue and will provide an update in a future release,” a Microsoft spokesperson said. “The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”