Microsoft says it’s planning to fix a bizarre Windows 10 bug that could corrupt a hard drive just by looking at an icon. Security researcher Jonas L first warned about the bug earlier this week, describing it as a “nasty vulnerability.” Attackers can hide a specially crafted line inside a ZIP file, folder, or even a simple Windows shortcut. All a Windows 10 user needs to do is extract the ZIP file or simply look at a folder that contains a malicious shortcut and it will automatically trigger hard drive corruption.
Will Dormann, a vulnerability analyst at the CERT Coordination Center (CERT/CC), confirmed the findings, and notes that there could be more ways to trigger the NTFS corruption. Dormann also revealed the vulnerability has existed in Windows 10 for nearly three years, and that he reported another NTFS issue two years ago that still hasn’t been fixed.
“We are aware of this issue and will provide an update in a future release,” says a Microsoft spokesperson in a statement to The Verge. “The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”
Seems like it can also be triggered when you paste the command in the URL of a browser except ie so far pic.twitter.com/7XsGhrowps
— Siam Alam (@Slmi0xC) January 15, 2021
Others have found that the vulnerability also occurs if you simply paste the offending string into the address bar in a browser. Bleeping Computer has also tested the bug in a variety of different ways, and notes that it will prompt Windows 10 users to reboot a PC to repair the corrupted disk records. The reboot will trigger the Windows chkdsk process, which should successfully repair the corruption.
The repair process isn’t always automatic, though. Dormann says it may require manual intervention to successfully repair the corrupted disk records. The bug also doesn’t require admin rights to trigger or special write permissions. That could make it more problematic for IT admins if chkdsk fails to automatically repair affected drives.