Microsoft says it’s planning to repair a weird Home windows 10 bug that might corrupt a tough drive simply by an icon. Safety researcher Jonas L first warned concerning the bug earlier this week, describing it as a “nasty vulnerability.” Attackers can disguise a specifically crafted line inside a ZIP file, folder, or perhaps a easy Home windows shortcut. All a Home windows 10 person must do is extract the ZIP file or just take a look at a folder that comprises a malicious shortcut and it’ll robotically set off arduous drive corruption.
Will Dormann, a vulnerability analyst on the CERT Coordination Middle (CERT/CC), confirmed the findings, and notes that there may very well be extra methods to set off the NTFS corruption. Dormann additionally revealed the vulnerability has existed in Home windows 10 for practically three years, and that he reported another NTFS issue two years in the past that also hasn’t been mounted.
“We’re conscious of this situation and can present an replace in a future launch,” says a Microsoft spokesperson in a press release to The Verge. “The usage of this method depends on social engineering and as at all times we encourage our prospects to apply good computing habits on-line, together with exercising warning when opening unknown information, or accepting file transfers.”
Others have discovered that the vulnerability additionally happens should you merely paste the offending string into the deal with bar in a browser. Bleeping Computer has also tested the bug in a wide range of alternative ways, and notes that it’s going to immediate Home windows 10 customers to reboot a PC to restore the corrupted disk data. The reboot will set off the Home windows chkdsk course of, which ought to efficiently restore the corruption.
The restore course of isn’t at all times automated, although. Dormann says it could require handbook intervention to efficiently restore the corrupted disk data. The bug additionally doesn’t require admin rights to set off or particular write permissions. That would make it extra problematic for IT admins if chkdsk fails to robotically restore affected drives.