Microsoft is fixing a bug that very easily corrupts NTFS

There is an old bug in Windows that corrupts the file system during various actions. A simple command, an invalid HTML file, or even a shortcut you see in a ZIP archive can damage the file system. Windows 10, as of version 1803, and apparently Windows 8/8.1 are among the vulnerable operating systems.

Security researcher Jonas L has discovered an NTFS vulnerability in Windows 10 that has not yet been fixed. The researcher told BleepingComputer that the vulnerability can be exploited from Windows 10 build 1803, the Windows 10 April 2018 update, and still works in the current version. I’ve heard that Windows 8 and Windows 8.1 are also affected by this problem, and even Windows XP. However, Windows 7 is not affected. It’s in other people’s reports. Vinero did not check the old systems itself.

How it works

This is a very serious matter. A simple command, even if executed by a user with few privileges, corrupts an NTFS formatted hard drive, causing Windows to ask the user to restart the computer to repair the damaged drive entries.

Disclaimer : Do not test this check on any of your devices that contain sensitive data. The file system will get corrupted and you risk losing all your data. You’ve been warned.

The team is composed as follows.

The key to this system is the NTFS index attribute $i30. The NTFS index attribute is a directory-linked attribute that lists the files and subdirectories in a directory. In some cases, the NTFS index may also contain deleted files and folders.

I have no idea why that got messed up, and it would be a lot of work to figure that out, because the registry key that should trigger the BSOD about anti-corruption is not working. So I leave that to the people responsible for the source code,

…the investigator said.

The above command can damage any drive, not just the C: drive. After pressing the Enter key, an error message appears indicating that the file or folder is corrupt and unreadable.

Windows 10 will prompt the user to restart the computer to repair the damaged drive. Upon restart, the Windows CheckDisk application is launched and the file system is repaired.

It can be activated by different methods

It’s not just the team at the top that’s the problem. A specially designed shortcut (.url), where the icon location is set to C::$i30:$bitmap, triggers a vulnerability even if the user has never opened the file. As soon as the file explorer tries to display such an icon, the disk is immediately damaged. You just need to view them in the file explorer.

If such a file is included in a ZIP archive, this ZIP archive causes a security breach every time it is extracted. It can also be saved in an ISO, VHD or VHDX file.

The researcher stated that an HTML page created with resources from a network source would do the same.

In the end, users decided that the above string :$i30 in the browser’s address bar was sufficient.


The Verge contacted Microsoft, and a spokesperson assured that they are already working on fixing the problem.

We are aware of this issue and will address it in a future release. The use of this technique is based on social engineering. As always, we encourage our customers to practice using the Internet and to be cautious when opening unknown files or accepting file transfers.

So at the time of writing, there is no alternative to this vulnerability. Be careful when downloading and viewing files. If you suspect a threat, use a console file manager like Far that does not display or retrieve icons.

Support us.

Vinero is counting a lot on your support. You can help the site continue to provide you with interesting and useful content and software by using these options:

Related Tags:

windows bug icon corrupts your hardwindows bug corrupts your hard driveslashdotxbox

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *