Accessing This Evil Windows 10 Icon Could Scramble Your Hard Drive, Don't Fall For It
We've got 99 problems but Windows 10 ain't one. Just kidding—sometimes Windows 10 is one of those problems. We've had good luck with Windows 10 ourselves, but are aware of various issues people have encountered over the years. One of the stranger ones is a lingering bug that could easily corrupt your hard drive, just by downloading a icon.
Security researcher and Twitter user Jonas L brought attention to the nearly three-year old bug in Windows 10, calling it a "nasty vulnerability" because it can be triggered just by opening a specially crafted file with a single-line command.
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED
— Jonas L (@jonasLyk) January 9, 2021
-
There is a specially nasty vulnerability in NTFS right now.
Triggerable by opening special crafted name in any folder anywhere.'
The vulnerability will instant pop up complaining about yuor harddrive is corrupted when path is opened pic.twitter.com/E0YqHQ369N
The folks at Bleeping Computer tested the theory and confirmed its nastiness in multiple tests, noting that the problematic one-line of code can be hidden inside various different files—Windows shortcuts, ZIP archives, batch files, and so forth. When triggered, the bug corrupts a hard drive, prompting Windows to reboot and attempt a repair via the built-in Check Disk utility.
This bug has lingered in Windows since the April 2018 Update for Windows 10, and it still works in the latest, fully patched build (including after applying the newest Patch Tuesday update that went out to PCs earlier this week). And it can be easily triggered standard accounts in Windows 10.
For whatever reason, it's a simple "$i30" NTFS attribute that trips the operating system up. This tiny string is associated with directories containing a list of files and subfolders. This is troubling because it provides an easy vector for attackers. They could create a Windows shortcut file with its icon location set to the problematic single-line command, and if that icon finds its way onto a PC, the user's hard drive will get corrupted.
The user would not even need to manually click on the icon—they would just need to view the folder it resides in, which prompts Windows Explorer to access it in the background to display the icon. Next thing you know, your PC is rebooting and attempting to repair the hard drive.
"We are aware of this issue and will provide an update in a future release," Microsoft said in a statement. "The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers."
Interestingly enough, nobody seems to know why exactly the single-line command trips up systems, only that it does. There could be other attack vectors as well. Hopefully a fix will be pushed out soon, but in the meantime, heed Microsoft's advice above.
