Microsoft has confirmed the existence of a vulnerability in the Windows 10 NTFS file system that can corrupt hard drive data with a simple hidden command.
The security researcher Jonas L. has already drawn attention to this vulnerability in Windows 10 that has not yet been fixed. According to this, an NTFS file system can be damaged with a simple one-liner via the command prompt or via a prepared file. The command can be executed with simple user rights.
The problem is in one of the attributes used by NTFS to index files and folders that have been deleted — that can be especially useful for retrieval or forensic work.
However, Jonas L has found that if you try to access this attribute from a command terminal, the drive will be corrupted, and stored data can be lost. It is not yet clear why this occurs, but other researchers such as those at BleepingComputer have been able to replicate the same results.
There are two details that make the situation worse. The first is that it is very easy to cause this problem, since it is only necessary to open a terminal and execute the command in question (which we will not publish for safety).
The second problem is that because the command is so basic, you don’t need advanced permissions to run it. Therefore, any program or user connected to the computer can use it, such as an external attacker.
It is enough to open a compressed file, a web page, or a shortcut to execute the command without realizing it and corrupt our storage. It is even possible to create a file with a specific icon, which, when loaded by Windows Explorer, execute the command.
An attacker who wanted to do damage would only have to share a modified file to execute the command in question. Furthermore, the door opens to exploit this vulnerability in other ways and by other vectors.
Despite this, Microsoft has not yet released a patch to fix this problem, prompting the researcher to publish a new notice, stating that this ‘bug’ is “critically underestimated” because of the damage it can do and how easy it is to be a victim of it.
The good news is that a Microsoft representative has confirmed that the company is aware of this issue and will release an update that will fix it. The bad news that there is still no specific date. Microsoft recommends using caution when opening unknown files or accepting file transfers.
