Microsoft says it’s planning to repair a weird Home windows 10 bug that might corrupt a tough drive simply by taking a look at an icon. Safety researcher Jonas L first warned concerning the bug earlier this week, describing it as a “nasty vulnerability.” Attackers can disguise a specifically crafted line inside a ZIP file, folder, or perhaps a easy Home windows shortcut. All a Home windows 10 consumer must do is extract the ZIP file or just take a look at a folder that accommodates a malicious shortcut and it’ll mechanically set off exhausting drive corruption.
Will Dormann, a vulnerability analyst on the CERT Coordination Heart (CERT/CC), confirmed the findings, and notes that there could possibly be extra methods to set off the NTFS corruption. Dormann additionally revealed the vulnerability has existed in Home windows 10 for practically three years, and that he reported another NTFS issue two years in the past that also hasn’t been mounted.
“We’re conscious of this concern and can present an replace in a future launch,” says a Microsoft spokesperson in a press release to The Verge. “Using this method depends on social engineering and as at all times we encourage our prospects to observe good computing habits on-line, together with exercising warning when opening unknown information, or accepting file transfers.”
Others have discovered that the vulnerability additionally happens in case you merely paste the offending string into the tackle bar in a browser. Bleeping Computer has also tested the bug in a wide range of alternative ways, and notes that it’ll immediate Home windows 10 customers to reboot a PC to restore the corrupted disk information. The reboot will set off the Home windows chkdsk course of, which ought to efficiently restore the corruption.
The restore course of isn’t at all times computerized, although. Dormann says it might require guide intervention to efficiently restore the corrupted disk information. The bug additionally doesn’t require admin rights to set off or particular write permissions. That would make it extra problematic for IT admins if chkdsk fails to mechanically restore affected drives.