Windows 10 Zero Day exploit that corrupts NTFS drives

[Andavari]

Windows 10 Zero Day exploit that corrupts NTFS drives instantly with a single one line command

 

The vulnerability exists in Windows 10 v1803 and higher.

 

Read the article:
https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/

Edited January 15, 2021 by Andavari

[nukecad]

Apparently this is not quite the case.

What this bug does is merely tell the operating system that the drive is corrupt, thus 'tricking' it into running a disk check.

The filesystem is not actually corrupt.

Take a look at this:
https://www.youtube.com/watch?v=PtHTqmp-Jt8

[Andavari]

Good that it's just the "old" bug that also existed on XP. XP always had a peculiarity when running ChkDsk stating it was correcting the volume bitmap for whatever reason due to some erroneous error that was never patched. I do know on old XP that running Disk Cleanup with the Recycle Bin box ticked and if there's something for it to remove from the Recycle Bin will cause ChkDsk to fix some erroneous error that Windows 10 never finds, for example on a USB external/portable drive formatted with NTFS. Something similiar happens on XP after Volume Shadow Copy ("VSS") service in used for instance by Tweaking.com Registry Backup - afterwards the internal drive with the largest amount of free space all of a sudden has some erroneous error that ChkDsk will repair.

Maybe time for Microsoft to come up with a new file system because NTFS is very old anyways with some limitations, or they should overhaul it and remove the bugs.

USN journal bug/misery:
Another NTFS quirk is if the USN journal is enabled on for instance USB external/portable backup drives (HDD or SSD), it makes it extremely difficult or impossible to use Safely Remove on those drives in a timely manner which has the potential of corrupting files on the drives as most people will get fed up waiting a long time and just unplug the USB cord. Manually disabling USN journal on those drives makes it possible to Safely Remove them almost instantly. I recently reported such a bug to Microsoft within the last two weeks because something in Win10 was consistently enabling and re-enabling USN journal on USB external/portable drives that were NTFS formatted, it got fixed within 2 or 3 days, and I suspect it was perhaps tied to something Windows Defender was doing because allot of antivirus' trigger enabling USN journal on internal drives just not usually USB drives.

[nukecad]

17 hours ago, Andavari said:

Maybe time for Microsoft to come up with a new file system

Arrgh, Please, No.

Not something else new for them to c**k up, and you know that they would.

[Andavari]

They already have ReFS. But I'd prefer them to fix all the known issues with NTFS.

[nukecad]

Mozilla have now put a block on this bug so that it can't be triggered from Firefox:

https://www.bleepingcomputer.com/news/software/mozilla-fixes-windows-10-ntfs-corruption-bug-in-firefox/

It can still be triggered from Windows itself, and from Chrome.

It's Patch Tuesday later today so MS may fix it as part of that.