A hole in Windows 10 allows hackers to crash the system with just one command. Due to a security breach, an attacker can hide a malicious command in a shortcut or in a ZIP file, among other vectors. In some cases, users don’t even need to open the file to trigger code execution that causes an error on the hard disk.
According to website information Bleeping calculator, researcher Jonas L has warned about this vulnerability since August 2020. When exploited, the bug immediately affects hard drives formatted as NTFS.
After executing the command, which occurs when trying to access the $ i30 NTFS property in a folder in a specific way, Windows displays the message “the file or folder is damaged and unreadable” and prompts you to start Restart your computer to fix the disco. According to Jonas L, this vulnerability has been opened since Windows 10 build 1803, the 2018 update, and has yet to be patched.
This command can damage any drive, not just Local Disk (C :). Researcher also pointed out that a registry key that could be used to diagnose this error was inactive.
Still follow Bleeping calculatorThere are more sophisticated ways to exploit the vulnerability. One allows attackers to create a Windows shortcut file and set the icon’s location to C: : $ i30: $ bitmap, which would trigger the vulnerability even if the user has never opened the file.
Microsoft says it is aware of the bug and will provide an update to the affected devices “as soon as possible”.
With information: Bleeping calculator