Microsoft to fix critical NTFS vulnerability on Windows 10 PCs

2 min. read

Published onJanuary 15, 2021

published onJanuary 15, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft is working to fix a critical NTFS vulnerability on Windows 10 that can corrupt users’ hard drives when they open an HTML file, a Windows shortcut, or extract a Zip file that contains a one-line command (viaThe Verge). When the vulnerability is triggered, users will see a pop up saying that they need to restart their PC to repair drive errors, and doing so will initiate the Windows check disk utility on reboot to repair the corrupted disk.

The vulnerability was actually discovered two years ago by Will Dorman, a security researcher at the CERT Coordination Center. If Dormann believed that Windows 10 versions older than 1803 may not be affected,Bleeping Computeris reporting today that the NTFS issue also impacts older versions of Windows XP.

This problem seems to be introduced around the time of Windows 10 1803. Prior versions of Windows do not appear to be affected.I’ll give Microsoft a shot at addressing this before disclosing what the value of is.Though I question how such things get prioritized…

— Will Dormann (@wdormann)January 9, 2021

This vulnerability is pretty serious as it can be hidden in a random file and corrupt your hard drive instantly. Worse, Bleeping Computer discovered that it can also be triggered when the Windows File Explorer simply displays a corrupted shortcut hiding the malicious command in a folder. “To do this, Windows Explorer would attempt to access the crafted icon path inside the file in the background, thereby corrupting the NTFS hard drive in the process,” the report explained.

Microsoft has finally acknowledged this critical vulnerability in a statement to The Verge, promising a fix in a future update. “We are aware of this issue and will provide an update in a future release,” a Microsoft spokesperson said. “The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Microsoft to fix critical NTFS vulnerability on Windows 10 PCs#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft to fix critical NTFS vulnerability on Windows 10 PCs