Critical Flaw in Windows 10 Could Corrupt Your Hard Drive

[lexluthermiester]

Instead of giving specific details of a 0day problem that could lead to some people exploiting it, you could just be more vague and wait for a fix.

Your article is basically an invitation for hackers to have fun with this. Shame on you.

Really? So you think hackers who want to exploit this problem are going to look up TechPowerUp for hacking info? Hmmm?

Think about that very carefully while you ponder your next condescending comment.

 

[R-T-B]

Instead of giving specific details of a 0day problem that could lead to some people exploiting it, you could just be more vague and wait for a fix.

You're article is basically an invitation for hackers to have fun with this. Shame on you.

That's not how modern security reporting works. We must operate on the principal that knowledge is power, and the bad guys already surely have this knowledge.

 

[efikkan]

Windows OS security is taken seriously, as the OS is wide-spread across millions of PCs around the world, however, there may be issues where OS has some security flaw that is found by external researchers. Due to the sheer code base of the new OS like Windows 10, there are a plethora of bugs and security flaws waiting to get discovered by someone. And today, thanks to the team of cybersecurity researchers, we have found out that in Windows 10 file-system called NTFS, there is a bug that corrupts your hard drive by simply triggering a specific variable name in a file.

When simply typing one file path in user space causes file system corruption, and typing another causes instant BSODs, then there are fundamental design flaws in the system.
The size code base is irrelevant, such problems are inexcusable. These problems has plagued Windows for decades, and will continue to do so until MS does a complete overhaul of the kernel. Patchwork can't solve this.

Yep. I have another unwanted forced update last night.

And YES I have done all the registry policy and O&O shut ups to stop forced update. But somehow, MS, automagically does it anyway.

What about setting the network connection as metered and disable updates on a metered connection?

 

[Xuper]

I am experienced them every one or two week.I thought It's from sleep mode.

 

[lexluthermiester]

When simply typing one file path in user space causes file system corruption, and typing another causes instant BSODs, then there are fundamental design flaws in the system.
The size code base is irrelevant, such problems are inexcusable.

Could not agree more here...

and will continue to do so until MS does a complete overhaul of the kernel.

...but not with this. What MS needs to do is slow things down development-wise and refine, refine, refine.

 

[ThrashZone]

Hi,
Wonder if linux pukes too

 

[lexluthermiester]

Hi,
Wonder if linux pukes too

No, this is exclusively a Windows problem, AFAIK.

 

[ixi]

Windows 10 - the gift that keeps on giving.

Make better OS.

 

[efikkan]

...but not with this. What MS needs to do is slow things down development-wise and refine, refine, refine.

Fundamental design flaws in the kernel, driver model and the file system can't be solved with just refinements, a total overhaul of the NT kernel is required. It should not be possible to damage or comprimise a system like this from user space, yet Windows has a seemlingly endless stream of such bugs.

 

[windwhirl]

Fundamental design flaws in the kernel, driver model and the file system can't be solved with just refinements, a total overhaul of the NT kernel is required.

Off-topic, but I kinda been wanting to ask Microsoft (hah, if only) why they never pushed for more than just two privilege rings after all the other platform compatibility plans (Alpha, PowerPC, MIPS, etc.) got scrapped, considering there were some opportunities here and there (probably Vista with its massive changes would have been the best time to just push all the pain at once and be done with it). I know ARMv7 has three levels, while x86 has four at least.

 

[trparky]

Outside of academic or small open source projects, there's not been a new operating system kernel written in decades. Writing a new kernel from scratch is a monumental task and one that someone doesn't just wake up one morning and decide "Oh, I'm going to write a new operating system kernel today". That just doesn't happen. Even the Linux kernel is twenty years old (or more) and has been hacked on and hacked on for just as long. Sure, there's been some big changes inside the Linux kernel but largely it's the same stuff. I highly doubt that Linus Torvalds would say to rewrite the whole damn kernel and if you tried to tell him to do that, he'd tell you where to go and how to get there in a very swear word laden message.

Oh, and by the way, I watched a YouTube video where a malformed NTFS file system crashes even Linux, BSD, and MacOSX. Simply plugging in a USB drive with said malformed NTFS file system will crash even those operating systems.

 

[Night]

Honestly this is useful info, if you run a simple batch script without knowing what this command does, you get corrupt NTFS. I used to write these scripts and to be honest this doesn't seem malicious at first, maybe just a bit suspicious. Useful if you like to check the scripts before you run them.

 

[80-watt Hamster]

... I used to write these scripts and to be honest this doesn't seem malicious at first, maybe just a bit suspicious ...

*looks at Night's avatar*

I am not filled with confidence.
.
.
.

 

[AusWolf]

"If the end-user inside Windows 10 tries to access the NTFS attribute called "$i30" in a specific way..."

Why would I even want to do that?

 

[lexluthermiester]

Fundamental design flaws in the kernel, driver model and the file system can't be solved with just refinements, a total overhaul of the NT kernel is required.

That is an opinion not everyone agrees with. For example Windows 7 does not suffer from the problem detailed in the article above. Most of the problems with Windows 10 are solvable without over-hauling the kernel. Microsoft just needs to take the time to actually do it.

 

[R-T-B]

The NT kernel is actually an incredibly cool piece of tech that dates back to the Microsoft collaborative effort on OS/2 with IBM. It's not something that needs a redesign, it's always being tweaked this way or that. It's very adaptable.

 

[windwhirl]

Outside of academic or small open source projects, there's not been a new operating system kernel written in decades. Writing a new kernel from scratch is a monumental task and one that someone doesn't just wake up one morning and decide "Oh, I'm going to write a new operating system kernel today". That just doesn't happen. Even the Linux kernel is twenty years old (or more) and has been hacked on and hacked on for just as long. Sure, there's been some big changes inside the Linux kernel but largely it's the same stuff. I highly doubt that Linus Torvalds would say to rewrite the whole damn kernel and if you tried to tell him to do that, he'd tell you where to go and how to get there in a very swear word laden message.

I imagine the main reason why new kernels don't really take off is software compatibility. Not many want to deal with all the main kernels of this era, that is Linux, Windows and whatever macOS is (dare I mention BSD, too?). If they had to deal with a thousand others, with very different concepts each of how to handle things (plus those microkernels that decidedly do not handle some stuff at all), devs would go mad. Heck, how many care to go outside of whatever main platform they use/code for?

That is besides the fact that new kernels need a lot of work, which you clearly stated.

The NT kernel is actually an incredibly cool piece of tech that dates back to the Microsoft collaborative effort on OS/2 with IBM. It's not something that needs a redesign, it's always being tweaked this way or that. It's very adaptable.

You know, if I had the programming/coding knowledge for it, I'd love to have a one-on-one with the people behind the NT 3.1 kernel and ask perhaps even the silliest questions about how it came to be. I honestly would feel like the child that it's being told a fantasy story with how I'd be so invested in that

 

[sam_86314]

Looks like there's another similar issue.

Windows 10 bug crashes your PC when you access this location

A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands.

www.bleepingcomputer.com

Entering the following string into cmd or a web browser will cause a BSOD (Try this at your own risk, preferably in a VM).

Similar to the NTFS issue, this doesn't do anything in versions older than 1709. Even Windows 7 and XP are unaffected. Kinda makes me wonder what M$ changed that would cause this.

M$ needs to get their shit together.

EDIT: Apparently the NTFS flaw in the article isn't as severe as people think it is.

I guess it corrupts some metadata file somewhere, which causes the entire FS to be marked as dirty, which triggers the chkdisk scan. Accessing other $i30 attributes doesn't do anything.

Also apparently it works in XP, but not 7.

EDIT 2: Just tried both flaws in a Win10 1809 VM. The BSOD one caused the VM to lock up and restart, no BSOD.

The NTFS one caused chkdisk to run upon rebooting, and pretty much nothing else happened. The VM started right back up as if nothing happened. Interestingly I didn't get any notifications that anything happened after running the command. Cmd returned that the file was corrupted, and I also manually checked the disk for errors, and it said it needed to repair the disk. I also ran SFC after rebooting and it passed with no errors.

Pretty sure the NTFS one is mostly harmless (save for maybe some extra wear on your boot drive), and the BSOD one carries any risks associated with system crashes.

 

[Frick]

same... I hate it that MS force updates the OS even if most of what the new shit we get is useless features.

Yep. I have another unwanted forced update last night.

And YES I have done all the registry policy and O&O shut ups to stop forced update. But somehow, MS, automagically does it anyway.

I'm all for MS forcing people like you to update. If people had the option they would just never update machines, not even for security.

 

[300BaudBob]

Outside of academic or small open source projects, there's not been a new operating system kernel written in decades. Writing a new kernel from scratch is a monumental task and one that someone doesn't just wake up one morning and decide "Oh, I'm going to write a new operating system kernel today". That just doesn't happen. Even the Linux kernel is twenty years old (or more) and has been hacked on and hacked on for just as long. Sure, there's been some big changes inside the Linux kernel but largely it's the same stuff. I highly doubt that Linus Torvalds would say to rewrite the whole damn kernel and if you tried to tell him to do that, he'd tell you where to go and how to get there in a very swear word laden message.

Oh, and by the way, I watched a YouTube video where a malformed NTFS file system crashes even Linux, BSD, and MacOSX. Simply plugging in a USB drive with said malformed NTFS file system will crash even those operating systems.

Periodically I enjoy writing up specs for an all new OS. Just for fun...a what if I could do this. Of course I don't have a thousand years to write it or the money to hire a team to shorten the time. Just a crazy old coder with delusions of grandeur.

 

[rtwjunkie]

Instead of giving specific details of a 0day problem that could lead to some people exploiting it, you could just be more vague and wait for a fix.

You're article is basically an invitation for hackers to have fun with this. Shame on you.

You don’t realize this information has already been published? The sources are on the main page.

 

[DeathtoGnomes]

and refine, refine, refine.

not something m$ does easily, its not like they listen to their community much or read their own support forums.

 

[Arc1t3ct]

I really like Windows 10. I hope they fix this soon.

 

[Octopuss]

Over at Guru3D, they wrote this is been reported since 2018 or something. What the actual F if true?

 

[Aquinus]

I feel like my decision to use just Linux and Mac OS is becoming more and more justified as time goes on.

Pretty sure the NTFS one is mostly harmless (save for maybe some extra wear on your boot drive), and the BSOD one carries any risks associated with system crashes.

Haha. No. When NTFS disks aren't unmounted cleanly, a bit doesn't get set on the disk which indicates that there wasn't a clean shutdown. If you BSOD and your install gets wrecked, that bit doesn't get set and if you try to go into Linux and mount the filesystem, it won't do it because that bit isn't set and fixing it without Windows is a freaking nightmare. Not to mention that it's scary because you're writing raw data to the disk with something like dd to fix it. This was literally the last nail in the coffin when I actively chose to stop using Windows.

NTFS is hot garbage when you compare it to options like APFS, ext4, btrfs, and f2fs.