Microsoft Fixes Critical Windows 10 NTFS Storage Corruption Bug, But Not For Everyone
If you are looking for a tiny bit of good news this weekend, here you go—Microsoft has apparently figured out a way to prevent a weird and potentially destructive Windows 10 bug from scrambling your hard drive with relative ease. There is a catch, though, and it is not an insignificant one. The fix is only available to Windows Insiders who download the latest build in the Dev channel.
Unfortunately for Microsoft, the company missed an opportunity to generate some goodwill points by not being able to dish out a fix in this month's Patch Tuesday update. The bug itself is actually three years old, and was brought to the public’s attention by security researcher and Twitter user Jonas L (@jonasLyk), who in January called it a "specially nasty vulnerability in NTFS."
What makes the bug so nasty is that it can be triggered simply by opening a specially crafted file containing a single-line command, which directs PCs to a path that trips up Windows. When it was discovered, it was confirmed that the mischievous line of code could be hidden in a variety of file types, including ZIP archives, batch files, and even Windows shortcuts.
The Windows shortcut route is especially worrisome—a user would not even need to manually click on the icon, and instead could have their drive corrupted just by opening a file directory containing the icon.
"We are aware of this issue and will provide an update in a future release," Microsoft said in a statement at the time. "The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers."
It seems Microsoft has quietly addressed the issue in its latest Windows 10 Insider build (21322), within the Dev channel. According to the folks at BleepingComputer, the latest test build blocks Windows 10 from trying to access the problematic path that previously could corrupt an NTFS storage drive. Instead of falling on its face, Windows 10 shows a message saying, "The directory name is invalid."
So technically, there is a fix available. Unfortunately, it is not broadly available, and we have no idea when it will be pushed out to the public. Best case scenario is that Microsoft includes it in next month's Patch Tuesday update, or even as a standalone release. However, it is also possible that this fix will be part of a future feature update for Windows 10, meaning the vulnerability could potentially stick around for several more weeks or even months.
