Microsoft to fix critical NTFS vulnerability on Windows 10 PCs

2 min. read

Published on January 15, 2021

published on January 15, 2021

Readers help support Windows Report. We may get a commission if you buy through our links.

Microsoft is working to fix a critical NTFS vulnerability on Windows 10 that can corrupt users’ hard drives when they open an HTML file, a Windows shortcut, or extract a Zip file that contains a one-line command (via The Verge). When the vulnerability is triggered, users will see a pop up saying that they need to restart their PC to repair drive errors, and doing so will initiate the Windows check disk utility on reboot to repair the corrupted disk.

The vulnerability was actually discovered two years ago by Will Dorman, a security researcher at the CERT Coordination Center. If Dormann believed that Windows 10 versions older than 1803 may not be affected, Bleeping Computer is reporting today that the NTFS issue also impacts older versions of Windows XP.

This problem seems to be introduced around the time of Windows 10 1803. Prior versions of Windows do not appear to be affected.
I'll give Microsoft a shot at addressing this before disclosing what the value of <specialdir> is.
Though I question how such things get prioritized…

— Will Dormann (@wdormann) January 9, 2021

This vulnerability is pretty serious as it can be hidden in a random file and corrupt your hard drive instantly. Worse, Bleeping Computer discovered that it can also be triggered when the Windows File Explorer simply displays a corrupted shortcut hiding the malicious command in a folder. “To do this, Windows Explorer would attempt to access the crafted icon path inside the file in the background, thereby corrupting the NTFS hard drive in the process,” the report explained.

Microsoft has finally acknowledged this critical vulnerability in a statement to The Verge, promising a fix in a future update. “We are aware of this issue and will provide an update in a future release,” a Microsoft spokesperson said. “The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.