Monday, January 18th 2021

Critical Flaw in Windows 10 Could Corrupt Your Hard Drive

by
AleksandarK
 Discuss (124 Comments)
Windows OS security is taken seriously, as the OS is wide-spread across millions of PCs around the world, however, there may be issues where OS has some security flaw that is found by external researchers. Due to the sheer code base of the new OS like Windows 10, there are a plethora of bugs and security flaws waiting to get discovered by someone. And today, thanks to the team of cybersecurity researchers, we have found out that in Windows 10 file-system called NTFS, there is a bug that corrupts your hard drive by simply triggering a specific variable name in a file.

If the end-user inside Windows 10 tries to access the NTFS attribute called "$i30" in a specific way, the flaw is exploited. The NTFS search index attribute, specifically the string "$i30", is containing a list of files and subfolders in a directory, and there is even a log of deleted files and folders. After running a specific command inside the command line (CMD) or inside the browser, Windows will start to display warnings of "File or directory is corrupted and cannot be read". After that, the OS will prompt a user to restart the machine and repair the damaged drive, so the Windows disk check utility will start. Once corrupted, Windows 10 will start displaying a notification indicating that the main file table (MFT) on the particular disk is corrupted and thus can not operate. Starting from the build Windows 10 Build 1803 the OS is vulnerable until the current version and a possible fix is expected to be released soon.
Sources: Jonas L (Twitter), Siam Alam (Twitter), via Security Newspaper

Related News

Add your own comment

124 Comments on Critical Flaw in Windows 10 Could Corrupt Your Hard Drive

#26
R-T-B
N3utroInstead of giving specific details of a 0day problem that could lead to some people exploiting it, you could just be more vague and wait for a fix.

You're article is basically an invitation for hackers to have fun with this. Shame on you.
That's not how modern security reporting works. We must operate on the principal that knowledge is power, and the bad guys already surely have this knowledge.
Posted on Reply
#27
efikkan
AleksandarKWindows OS security is taken seriously, as the OS is wide-spread across millions of PCs around the world, however, there may be issues where OS has some security flaw that is found by external researchers. Due to the sheer code base of the new OS like Windows 10, there are a plethora of bugs and security flaws waiting to get discovered by someone. And today, thanks to the team of cybersecurity researchers, we have found out that in Windows 10 file-system called NTFS, there is a bug that corrupts your hard drive by simply triggering a specific variable name in a file.
When simply typing one file path in user space causes file system corruption, and typing another causes instant BSODs, then there are fundamental design flaws in the system.
The size code base is irrelevant, such problems are inexcusable. These problems has plagued Windows for decades, and will continue to do so until MS does a complete overhaul of the kernel. Patchwork can't solve this.
lemonadesodaYep. I have another unwanted forced update last night.

And YES I have done all the registry policy and O&O shut ups to stop forced update. But somehow, MS, automagically does it anyway.
What about setting the network connection as metered and disable updates on a metered connection?
Posted on Reply
#28
Xuper
I am experienced them every one or two week.I thought It's from sleep mode.
Posted on Reply
#29
lexluthermiester
efikkanWhen simply typing one file path in user space causes file system corruption, and typing another causes instant BSODs, then there are fundamental design flaws in the system.
The size code base is irrelevant, such problems are inexcusable.
Could not agree more here...
efikkanand will continue to do so until MS does a complete overhaul of the kernel.
...but not with this. What MS needs to do is slow things down development-wise and refine, refine, refine.
Posted on Reply
#31
lexluthermiester
ThrashZoneHi,
Wonder if linux pukes too
No, this is exclusively a Windows problem, AFAIK.
Posted on Reply
#32
ixi
FreedomEclipseWindows 10 - the gift that keeps on giving.
Make better OS.
Posted on Reply
#33
efikkan
lexluthermiester...but not with this. What MS needs to do is slow things down development-wise and refine, refine, refine.
Fundamental design flaws in the kernel, driver model and the file system can't be solved with just refinements, a total overhaul of the NT kernel is required. It should not be possible to damage or comprimise a system like this from user space, yet Windows has a seemlingly endless stream of such bugs.
Posted on Reply
#34
windwhirl
efikkanFundamental design flaws in the kernel, driver model and the file system can't be solved with just refinements, a total overhaul of the NT kernel is required.
Off-topic, but I kinda been wanting to ask Microsoft (hah, if only) why they never pushed for more than just two privilege rings after all the other platform compatibility plans (Alpha, PowerPC, MIPS, etc.) got scrapped, considering there were some opportunities here and there (probably Vista with its massive changes would have been the best time to just push all the pain at once and be done with it). I know ARMv7 has three levels, while x86 has four at least.
Posted on Reply
#35
trparky
Outside of academic or small open source projects, there's not been a new operating system kernel written in decades. Writing a new kernel from scratch is a monumental task and one that someone doesn't just wake up one morning and decide "Oh, I'm going to write a new operating system kernel today". That just doesn't happen. Even the Linux kernel is twenty years old (or more) and has been hacked on and hacked on for just as long. Sure, there's been some big changes inside the Linux kernel but largely it's the same stuff. I highly doubt that Linus Torvalds would say to rewrite the whole damn kernel and if you tried to tell him to do that, he'd tell you where to go and how to get there in a very swear word laden message.

Oh, and by the way, I watched a YouTube video where a malformed NTFS file system crashes even Linux, BSD, and MacOSX. Simply plugging in a USB drive with said malformed NTFS file system will crash even those operating systems.
Posted on Reply
#36
Night
Honestly this is useful info, if you run a simple batch script without knowing what this command does, you get corrupt NTFS. I used to write these scripts and to be honest this doesn't seem malicious at first, maybe just a bit suspicious. Useful if you like to check the scripts before you run them.
Posted on Reply
#37
80-watt Hamster
Night... I used to write these scripts and to be honest this doesn't seem malicious at first, maybe just a bit suspicious ...
*looks at Night's avatar*

I am not filled with confidence.
.
.
.

:p
Posted on Reply
#38
AusWolf
"If the end-user inside Windows 10 tries to access the NTFS attribute called "$i30" in a specific way..."

Why would I even want to do that? :wtf:
Posted on Reply
#39
lexluthermiester
efikkanFundamental design flaws in the kernel, driver model and the file system can't be solved with just refinements, a total overhaul of the NT kernel is required.
That is an opinion not everyone agrees with. For example Windows 7 does not suffer from the problem detailed in the article above. Most of the problems with Windows 10 are solvable without over-hauling the kernel. Microsoft just needs to take the time to actually do it.
Posted on Reply
#40
R-T-B
The NT kernel is actually an incredibly cool piece of tech that dates back to the Microsoft collaborative effort on OS/2 with IBM. It's not something that needs a redesign, it's always being tweaked this way or that. It's very adaptable.
Posted on Reply
#41
windwhirl
trparkyOutside of academic or small open source projects, there's not been a new operating system kernel written in decades. Writing a new kernel from scratch is a monumental task and one that someone doesn't just wake up one morning and decide "Oh, I'm going to write a new operating system kernel today". That just doesn't happen. Even the Linux kernel is twenty years old (or more) and has been hacked on and hacked on for just as long. Sure, there's been some big changes inside the Linux kernel but largely it's the same stuff. I highly doubt that Linus Torvalds would say to rewrite the whole damn kernel and if you tried to tell him to do that, he'd tell you where to go and how to get there in a very swear word laden message.
I imagine the main reason why new kernels don't really take off is software compatibility. Not many want to deal with all the main kernels of this era, that is Linux, Windows and whatever macOS is (dare I mention BSD, too?). If they had to deal with a thousand others, with very different concepts each of how to handle things (plus those microkernels that decidedly do not handle some stuff at all), devs would go mad. Heck, how many care to go outside of whatever main platform they use/code for?

That is besides the fact that new kernels need a lot of work, which you clearly stated.
R-T-BThe NT kernel is actually an incredibly cool piece of tech that dates back to the Microsoft collaborative effort on OS/2 with IBM. It's not something that needs a redesign, it's always being tweaked this way or that. It's very adaptable.
You know, if I had the programming/coding knowledge for it, I'd love to have a one-on-one with the people behind the NT 3.1 kernel and ask perhaps even the silliest questions about how it came to be. I honestly would feel like the child that it's being told a fantasy story with how I'd be so invested in that :D :laugh:
Posted on Reply
#42
sam_86314
Looks like there's another similar issue.


www.bleepingcomputer.com/news/security/windows-10-bug-crashes-your-pc-when-you-access-this-location/

Entering the following string into cmd or a web browser will cause a BSOD (Try this at your own risk, preferably in a VM).



Similar to the NTFS issue, this doesn't do anything in versions older than 1709. Even Windows 7 and XP are unaffected. Kinda makes me wonder what M$ changed that would cause this.

M$ needs to get their shit together.

EDIT: Apparently the NTFS flaw in the article isn't as severe as people think it is.


I guess it corrupts some metadata file somewhere, which causes the entire FS to be marked as dirty, which triggers the chkdisk scan. Accessing other $i30 attributes doesn't do anything.

Also apparently it works in XP, but not 7.

EDIT 2: Just tried both flaws in a Win10 1809 VM. The BSOD one caused the VM to lock up and restart, no BSOD.

The NTFS one caused chkdisk to run upon rebooting, and pretty much nothing else happened. The VM started right back up as if nothing happened. Interestingly I didn't get any notifications that anything happened after running the command. Cmd returned that the file was corrupted, and I also manually checked the disk for errors, and it said it needed to repair the disk. I also ran SFC after rebooting and it passed with no errors.

Pretty sure the NTFS one is mostly harmless (save for maybe some extra wear on your boot drive), and the BSOD one carries any risks associated with system crashes.
Posted on Reply
#43
Frick
Fishfaced Nincompoop
3roldsame... I hate it that MS force updates the OS even if most of what the new shit we get is useless features.
lemonadesodaYep. I have another unwanted forced update last night.

And YES I have done all the registry policy and O&O shut ups to stop forced update. But somehow, MS, automagically does it anyway.
I'm all for MS forcing people like you to update. If people had the option they would just never update machines, not even for security.
Posted on Reply
#44
300BaudBob
trparkyOutside of academic or small open source projects, there's not been a new operating system kernel written in decades. Writing a new kernel from scratch is a monumental task and one that someone doesn't just wake up one morning and decide "Oh, I'm going to write a new operating system kernel today". That just doesn't happen. Even the Linux kernel is twenty years old (or more) and has been hacked on and hacked on for just as long. Sure, there's been some big changes inside the Linux kernel but largely it's the same stuff. I highly doubt that Linus Torvalds would say to rewrite the whole damn kernel and if you tried to tell him to do that, he'd tell you where to go and how to get there in a very swear word laden message.

Oh, and by the way, I watched a YouTube video where a malformed NTFS file system crashes even Linux, BSD, and MacOSX. Simply plugging in a USB drive with said malformed NTFS file system will crash even those operating systems.
Periodically I enjoy writing up specs for an all new OS. Just for fun...a what if I could do this. Of course I don't have a thousand years to write it or the money to hire a team to shorten the time. Just a crazy old coder with delusions of grandeur.
Posted on Reply
#45
rtwjunkie
PC Gaming Enthusiast
N3utroInstead of giving specific details of a 0day problem that could lead to some people exploiting it, you could just be more vague and wait for a fix.

You're article is basically an invitation for hackers to have fun with this. Shame on you.
You don’t realize this information has already been published? The sources are on the main page.
Posted on Reply
#46
DeathtoGnomes
lexluthermiesterand refine, refine, refine.
not something m$ does easily, its not like they listen to their community much or read their own support forums.
Posted on Reply
#47
Arc1t3ct
I really like Windows 10. I hope they fix this soon.
Posted on Reply
#48
Octopuss
Over at Guru3D, they wrote this is been reported since 2018 or something. What the actual F if true?
Posted on Reply
#49
Aquinus
Resident Wat-man
I feel like my decision to use just Linux and Mac OS is becoming more and more justified as time goes on.
sam_86314Pretty sure the NTFS one is mostly harmless (save for maybe some extra wear on your boot drive), and the BSOD one carries any risks associated with system crashes.
Haha. No. When NTFS disks aren't unmounted cleanly, a bit doesn't get set on the disk which indicates that there wasn't a clean shutdown. If you BSOD and your install gets wrecked, that bit doesn't get set and if you try to go into Linux and mount the filesystem, it won't do it because that bit isn't set and fixing it without Windows is a freaking nightmare. Not to mention that it's scary because you're writing raw data to the disk with something like dd to fix it. This was literally the last nail in the coffin when I actively chose to stop using Windows.

NTFS is hot garbage when you compare it to options like APFS, ext4, btrfs, and f2fs.
Posted on Reply
#50
lexluthermiester
FrickI'm all for MS forcing people like you to update. If people had the option they would just never update machines, not even for security.
Gotta disagree with you there. It's not your place or even Microsoft's place to tell people what they have to do with their own PC's.
OctopussOver at Guru3D, they wrote this is been reported since 2018 or something. What the actual F if true?
To be fair, how many people are A. Going to actually know enough to have the ability to type that command, and B. Will actually do it?
AquinusNTFS is hot garbage when you compare it to options like APFS, ext4, btrfs, and f2fs.
That is both an unfair and inaccurate comparison. Let's stay within the realm of reality shall we..
Posted on Reply
Add your own comment
Nov 25th, 2024 03:34 EST change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts