Windows 10 bug corrupts your hard drive on seeing this file's icon https://www.bleepingcomputer.com/ne...ts-your-hard-drive-on-seeing-this-files-icon/ "An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly..."
I read from people submiting bug reports to Microsoft's bug bounty that Microsoft is underestimating bugs on purpose and sometimes patching vulnerabilities just before processing bug reports so they don't have to acknowledge and pay for them.
i mean if they already have the vulnerabilities fixed, assuming they didnt get em from the bug reports, then why not
This sounds crazy, how can such a simple command corrupt the file system? I also wonder if you can perhaps block this with HIPS by denying direct access to disk.
This doesn't surprise me. And meanwhile, I've been writing and copying 100s of gigabytes in 1000s of files to NTFS volumes with Debian and after 8 months, not a single error.
I thought the same thing but I guess it will not work since this is internal bug in the NTFS itself and not execution of a third-party code. It should be tested tho. Also if chkdsk fails to repair the MFT I am wondering if TestDisk would help here: Advanced NTFS Boot and MFT Repair https://www.cgsecurity.org/wiki/Advanced_NTFS_Boot_and_MFT_Repair At least MS is working on a fix. Microsoft to fix Windows 10 bug that can corrupt a hard drive just by looking at an icon https://www.theverge.com/2021/1/15/22232589/microsoft-ntfs-windows-10-bug-icon-file-flaw-vulnerability-comment I am not worried since I have a full system image with Macrium Reflect but it would be nice to have this annoying thing fixed.
Yes it depends if it needs ''direct access" to disk in the first place. For example SpyShelter does monitor this, I rarely get this alert though. Only system tools like SpeedFan and HWiNFO needed it on my system.
My advice is read the posted comments in the bleepingcomputer.com article like this one: Appears only certain Win OS versions are adversely affected by this. Also appears SSD's versus HDD's are also more affected.
I know what you mean. I have Comodo Firewall which also monitoring for "Direct Disk Access" but if this access is requested by the OS itself I guess that I will not see a pop-up from Comodo. That's why I said this should be tested but I don't have VirtualBox/VMWare system at the moment. I have read it but in the comments section I noticed that even Windows XP with NTFS is affected as well but the results vary from system to system.
It might be informative to note what :$i30:$bitmap is used for: https://www.osforensics.com/faqs-and-tutorials/how-to-scan-ntfs-i30-entries-deleted-files.html . What appears to be happening with this cd use of:$i30:$bitmap is the NTFS file index is being corrupted somehow. Now cd is the DOS command for change directory. What is a bit amazing is that the command would not give some type of access error or the like when tying to directly access the NTFS file index.
Well, I came across this while looking around in there. Hopefully, this "bug" didn't affect anyone reading. I personally would have to be driven to the brink to resort to using a third party "temporary fix." But there is one until Microsoft attends to it. https://www.bleepingcomputer.com/ne...corruption-bug-gets-unofficial-temporary-fix/
hi, plat. there's also this one in case you missed it too: https://www.wilderssecurity.com/thr...your-pc-when-you-access-this-location.435964/
Oh wow, OK thanks. My post is just a follow up to these articles, detailing a "temporary fix" by a third party on GitHub. Hopefully, no one around here would need it.
Installed this driver on Win 10 x(64) 20H2 w/o any issues. Rebooted to insure there were no additional issues. Note if looking for this driver when loaded, it is a File System driver. Also driver is both Microsoft and vendor signed. As such, there should be no problems w/Secure Boot.
I also installed the OSR driver on Windows 10 x64 20H2 and restarted, no problems observed. (I use Microsoft Defender but haven't been able to determine if it has a detection for the malicious string.)
Microsoft fixes Windows 10 bug that can corrupt NTFS drives https://www.bleepingcomputer.com/ne...-windows-10-bug-that-can-corrupt-ntfs-drives/
