Monday, January 18th 2021

Critical Flaw in Windows 10 Could Corrupt Your Hard Drive

by
AleksandarK
 Discuss (124 Comments)
Windows OS security is taken seriously, as the OS is wide-spread across millions of PCs around the world, however, there may be issues where OS has some security flaw that is found by external researchers. Due to the sheer code base of the new OS like Windows 10, there are a plethora of bugs and security flaws waiting to get discovered by someone. And today, thanks to the team of cybersecurity researchers, we have found out that in Windows 10 file-system called NTFS, there is a bug that corrupts your hard drive by simply triggering a specific variable name in a file.

If the end-user inside Windows 10 tries to access the NTFS attribute called "$i30" in a specific way, the flaw is exploited. The NTFS search index attribute, specifically the string "$i30", is containing a list of files and subfolders in a directory, and there is even a log of deleted files and folders. After running a specific command inside the command line (CMD) or inside the browser, Windows will start to display warnings of "File or directory is corrupted and cannot be read". After that, the OS will prompt a user to restart the machine and repair the damaged drive, so the Windows disk check utility will start. Once corrupted, Windows 10 will start displaying a notification indicating that the main file table (MFT) on the particular disk is corrupted and thus can not operate. Starting from the build Windows 10 Build 1803 the OS is vulnerable until the current version and a possible fix is expected to be released soon.
Sources: Jonas L (Twitter), Siam Alam (Twitter), via Security Newspaper

Related News

Add your own comment

124 Comments on Critical Flaw in Windows 10 Could Corrupt Your Hard Drive

#51
HD64G
So much so for a big company that stopped supporting their previous OS before the one forced on many users get out of the beta stage... :mad:
Posted on Reply
#52
ThrashZone
FrickI'm all for MS forcing people like you to update. If people had the option they would just never update machines, not even for security.
Hi,
Security for one of their own lame apps I don't use and likely would love to uninstall if I haven't already lol
HD64GSo much so for a big company that stopped supporting their previous OS before the one forced on many users get out of the beta stage... :mad:
Hi,
10 is never out of beta stage is one beta after another.
Posted on Reply
#53
Muck Muster
3roldsame... I hate it that MS force updates the OS even if most of what the new shit we get is useless features.
Yeah.. . my temp files get piled with useless installers. Though my machine glides like a champ with them hangin' on, I muse at finding 1 or 2gb of useless installers loungin' around my computer.
Posted on Reply
#54
lemonadesoda
FrickI'm all for MS forcing people like you to update. If people had the option they would just never update machines, not even for security.
Enforce a machine to be updated to a more stable build. I agree with that concept.

MS externally Forcing an untimely reboot on a private machine, without owner agreeing to it, to a new OS build, causing loss of time and work and potentially farking a machine. Do not agree with that. It’s pretty shady ethically and legally.

So, the question should be, what method could be designed to enforce the updating of machines without forcing reboots that have not been agreed to. There are a thousand different ways to make that work.
Posted on Reply
#55
Aquinus
Resident Wat-man
lexluthermiesterThat is both an unfair and inaccurate comparison. Let's stay within the realm of reality shall we..
Then perhaps you should enlighten me. What's so great about NTFS where it excels beyond APFS, ext4, btrfs, and f2fs?
Posted on Reply
#56
Frick
Fishfaced Nincompoop
ThrashZoneHi,
Security for one of their own lame apps I don't use and likely would love to uninstall if I haven't already lol
Lame apps like the 0 day stuff they've found in Windows itself?
lexluthermiesterGotta disagree with you there. It's not your place or even Microsoft's place to tell people what they have to do with their own PC's.
It shouldn't be. Like how it shouldn't be up to manufacturers of anything to enforce any security for anything, but the thing is that attitude is actively bad for us. Botnets wouldn't be a problem if people was sensible about security, but they aren't, so someone has to be.
Posted on Reply
#57
AusWolf
AquinusThen perhaps you should enlighten me. What's so great about NTFS where it excels beyond APFS, ext4, btrfs, and f2fs?
I don't think the question is what makes NTFS great, but what makes it so much worse like you described. I for one, have never had any issues with NTFS. The incorrect shutdown issue can be resolved by using the safe removal feature, or shutting your PC down before disconnecting your drives. Each of these takes 2 clicks maximum.
lemonadesodaEnforce a machine to be updated to a more stable build. I agree with that concept.

MS externally Forcing an untimely reboot on a private machine, without owner agreeing to it, to a new OS build, causing loss of time and work and potentially farking a machine. Do not agree with that. It’s pretty shady ethically and legally.

So, the question should be, what method could be designed to enforce the updating of machines without forcing reboots that have not been agreed to. There are a thousand different ways to make that work.
There are many options in Windows 10 already. Active hours, deferring updates, custom reboot time once your uptades have been installed...

Posted on Reply
#58
ThrashZone
FrickLame apps like the 0 day stuff they've found in Windows itself?

It shouldn't be. Like how it shouldn't be up to manufacturers of anything to enforce any security for anything, but the thing is that attitude is actively bad for us. Botnets wouldn't be a problem if people was sensible about security, but they aren't, so someone has to be.
Hi,
Yet I'm still on win-7 and the world hasn't ended without that patch plus any spectre/ meltdown nonsense either :-)
Posted on Reply
#59
DeathtoGnomes
FrickBotnets wouldn't be a problem if people was sensible about security, but they aren't,
Most people ignore any warnings about security, hell, most are not even taught about basic security, there are those that just lack common sense. The question is, is it m$'s responsibility teach or just plain warn us??

It usually winds up being too late to do anything about the brick sitting next to the lava lamp you have sitting on your RGB embedded computer desk, guess they'll learn next time and be more sensible, right? :shadedshu:
Posted on Reply
#60
Frick
Fishfaced Nincompoop
DeathtoGnomesMost people ignore any warnings about security, hell, most are not even taught about basic security, there are those that just lack common sense. The question is, is it m$'s responsibility teach or just plain warn us??

It usually winds up being too late to do anything about the brick sitting next to the lava lamp you have sitting on your RGB embedded computer desk, guess they'll learn next time and be more sensible, right? :shadedshu:
That's the question, and it's not an easy one. I mean yeah MS deserves flak for pushing bad updates (and drivers that bricked computers...) but I really think it's the lesser of evils, the other one being people just not updating. I'm sure you've seen unupdated XP computers riddled with nasty stuff and the user running everything as admin by default.
Posted on Reply
#61
lexluthermiester
AquinusThen perhaps you should enlighten me. What's so great about NTFS where it excels beyond APFS, ext4, btrfs, and f2fs?
How about Windows won't run on them? Or perhaps that NTFS is very stable, reliable and nearly error proof? And before you mention that drive disconnection thing, that it a Windows problem, not an NTFS problem.
DeathtoGnomesThe question is, is it m$'s responsibility teach or just plain warn us??
No, it is not. But it is also not their place to tell us what, when and how we may or may not use our own PC's.
FrickIt shouldn't be. Like how it shouldn't be up to manufacturers of anything to enforce any security for anything, but the thing is that attitude is actively bad for us. Botnets wouldn't be a problem if people was sensible about security, but they aren't, so someone has to be.
That requires education of the public, not strong-arm enforcement of rules that don't always make sense are certainly do not respect our rights as users.
Posted on Reply
#62
lemonadesoda
AusWolfI don't think the question is what makes NTFS great, but what makes it so much worse like you described. I for one, have never had any issues with NTFS. The incorrect shutdown issue can be resolved by using the safe removal feature, or shutting your PC down before disconnecting your drives. Each of these takes 2 clicks maximum.


There are many options in Windows 10 already. Active hours, deferring updates, custom reboot time once your uptades have been installed...

Come back and comment after you have tried deferring updates, and Windows reboots you overnight when you have work on the desktop, in MS office, etc. You are talking theory, and not practice. Just listen to the people in this thread that have had W10 reboot on them when they didnt want it.
Posted on Reply
#63
DeathtoGnomes
lexluthermiesterNo, it is not. But it is also not their place to tell us what, when and how we may or may not use our own PC's.
Yea and they still try to tell us things. Its the "I know what you want better than you do" syndrome
Posted on Reply
#64
Frick
Fishfaced Nincompoop
lexluthermiesterThat requires education of the public, not strong-arm enforcement of rules that don't always make sense are certainly do not respect our rights as users.
Like how anyone connected to the internet has access to all this knowledge so there shouldn't be anymore ignorance, right? If the internet has taught us anything it is that people are aggressively uninterested in education and we as a spiecies cannot be trusted to do the right thing, especially when the right thing is slightly inconvenient. Like updating your OS, or picking non terrible passwords.
ThrashZoneHi,
Yet I'm still on win-7 and the world hasn't ended without that patch plus any spectre/ meltdown nonsense either :)
And I've never been robbed, so logically robberies is a myth.
Posted on Reply
#65
ThrashZone
Frick
Like how anyone connected to the internet has access to all this knowledge so there shouldn't be anymore ignorance, right? If the internet has taught us anything it is that people are aggressively uninterested in education and we as a spiecies cannot be trusted to do the right thing, especially when the right thing is slightly inconvenient. Like updating your OS, or picking non terrible passwords.



And I've never been robbed, so logically robberies is a myth.
Hi,
Nope just a bad example of yours really but I do have a gun carry permit = Check ;)

There is more to security than os patches and MS browser which have always been targets
Remote access..... disabled = Check
Mbam Pro license = Check
Ublock Origin browser security = Check
Don't use MS apps = Check
Posted on Reply
#66
Aquinus
Resident Wat-man
lexluthermiesterHow about Windows won't run on them? Or perhaps that NTFS is very stable, reliable and nearly error proof? And before you mention that drive disconnection thing, that it a Windows problem, not an NTFS problem.
A filesystem is pretty useless if it's not stable, reliable, or error proof so that's a pretty low bar. The benefits come from all the features that these file systems implement beyond doing what any FS should be capable of doing. Just because Windows can't run them doesn't mean NTFS is better. It means that Microsoft shoves it down your throat without giving you the option.
Posted on Reply
#67
lexluthermiester
Frickwe as a spiecies cannot be trusted to do the right thing
That is an assumption you have no right or merit to make.
FrickAnd I've never been robbed, so logically robberies is a myth.
That statement lacks both logical context and sense.
AquinusA filesystem is pretty useless if it's not stable, reliable, or error proof so that's a pretty low bar.
You made the statement that NTFS is lacking, so prove up, how is it so bad?
DeathtoGnomesYea and they still try to tell us things. Its the "I know what you want better than you do" syndrome
Such is a deeply flawed "god-complex" kind of thinking that needs serious smack-down, not adherence.
Posted on Reply
#68
AusWolf
lemonadesodaCome back and comment after you have tried deferring updates, and Windows reboots you overnight when you have work on the desktop, in MS office, etc. You are talking theory, and not practice. Just listen to the people in this thread that have had W10 reboot on them when they didnt want it.
What makes you think I'm not talking from my own experience?

I have deferred updates countless times, set my active hours to when I'm actually using the PC, and never had a single automatic reboot. I occasionally have updates running in the background, but when they're done, I get a reminder that my PC will need a restart as soon as I'm ready. That's it.

I've been using Windows 10 basically since day one, so I know what I'm talking about. Those people that you refer to are either using an ancient version (pre-1809), or haven't changed the settings that they need to change. The picture I posted is an actual screenshot from the update settings. If you set it to off, you will no longer experience the random restart syndrome. Magic.

Old Windows OSes didn't give you anything, you had to install and configure everything yourself. Windows 10 gives you a basic set of apps and settings. If you don't like them, change them. Don't be lazy.
FrickLike how anyone connected to the internet has access to all this knowledge so there shouldn't be anymore ignorance, right? If the internet has taught us anything it is that people are aggressively uninterested in education and we as a spiecies cannot be trusted to do the right thing, especially when the right thing is slightly inconvenient. Like updating your OS, or picking non terrible passwords.

And I've never been robbed, so logically robberies is a myth.
1. Drawing any sort of conclusion about humanity as a whole ignores the infinite number of individual differences, and as such, is totally pointless and false.
2. You are describing 'attitude', which is an individual variable, and has nothing to do with the fact that using a PC and the internet requires some basic knowledge. Like I said above: just because you don't know about certain things, it doesn't mean that you shouldn't care to know about them.
Posted on Reply
#69
Aquinus
Resident Wat-man
lexluthermiesterYou made the statement that NTFS is lacking, so prove up, how is it so bad?
Lack of compatibility with POSIX file permissions is a good start which limits interoperability with non-Windows operating systems since practically everything else is POSIX compliant so there is no effective way to handle permissions on these systems. Copying a file with btrfs doesn't actually copy all of the data until new data is written which is a nice perk which also lends itself to really fast sub-volume snapshotting due to being CoW (APFS does this too.) Btrfs also has support for more than one kind of file compression at the file system level depending on your needs. Btrfs also checksums files and supports more than just CRC (such as SHA256,) which is useful for ensuring data integrity instead of assuming that bits don't flip. Btrfs also basically has a transaction log of all the changes to the file system which allows for efficient streaming of data for backups. Btrfs also has the added benefit of being open source.

Like I said before:
AquinusA filesystem is pretty useless if it's not stable, reliable, or error proof so that's a pretty low bar. The benefits come from all the features that these file systems implement beyond doing what any FS should be capable of doing. Just because Windows can't run them doesn't mean NTFS is better. It means that Microsoft shoves it down your throat without giving you the option.
Posted on Reply
#70
windwhirl
AquinusLack of compatibility with POSIX file permissions is a good start which limits interoperability with non-Windows operating systems since practically everything else is POSIX compliant so there is no effective way to handle permissions on these systems. Copying a file with btrfs doesn't actually copy all of the data until new data is written which is a nice perk which also lends itself to really fast sub-volume snapshotting due to being CoW (APFS does this too.) Btrfs also has support for more than one kind of file compression at the file system level depending on your needs. Btrfs also checksums files and supports more than just CRC (such as SHA256,) which is useful for ensuring data integrity instead of assuming that bits don't flip. Btrfs also basically has a transaction log of all the changes to the file system which allows for efficient streaming of data for backups. Btrfs also has the added benefit of being open source.

Like I said before:
On that matter, are CoW and file checksum automatically enabled on all cases or must be manually enabled by the user for each drive/volume/partition/etc. ?
Posted on Reply
#71
Aquinus
Resident Wat-man
windwhirlOn that matter, are CoW and file checksum automatically enabled on all cases or must be manually enabled by the user for each drive/volume/partition/etc. ?
Both btrfs and apfs are CoW by design. Checksumming is on by default on btrfs, but can be disabled (opt-out.) APFS does checksumming on certain files, not all.
Posted on Reply
#72
lexluthermiester
AquinusLack of compatibility with POSIX file permissions is a good start which limits interoperability with non-Windows operating systems since practically everything else is POSIX compliant so there is no effective way to handle permissions on these systems.
Interesting, but not a flaw so much as it's deliberate engineering choice.
AquinusCopying a file with btrfs doesn't actually copy all of the data until new data is written which is a nice perk which also lends itself to really fast sub-volume snapshotting due to being CoW (APFS does this too.)
Now that is a flaw. Copying a file without actually copying the file? Flawed design indeed.
AquinusBtrfs also has support for more than one kind of file compression at the file system level depending on your needs. Btrfs also checksums files and supports more than just CRC (such as SHA256,)
Those are nice features, however NTFS has similar features of it's own.
AquinusBtrfs also has the added benefit of being open source.
Now THAT's a good point. No argument there. However that doesn't mean NTFS is not stable.

You kinda failed to sell your argument there.

Microsoft has MORE than it's share of problems, but the NTFS file system isn't one of them.
Posted on Reply
#73
Melvis
Windows 7 users be like
Posted on Reply
#74
ThrashZone
MelvisWindows 7 users be like
Hi,
You can't handle the truth lol
Posted on Reply
Add your own comment
Jun 13th, 2024 13:49 EDT change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts