Microsoft has fixed a bug that could allow the threat actor to create specially designed downloads that crash Windows 10 simply by opening the folder where they were downloaded.
In January, we reported a new vulnerability in Windows 10, discovered by Jonas Lykkegård, which allows any user or program, even those with low privileges, to mark an NTFS device as damaged only by accessing a special folder.
Of particular concern is how easy it is to trigger the error. By simply navigating to the folder on the command line, accessing it from the Run: field, opening it from File Explorer, Windows 1
To make matters worse, threats and pranksters began distributing fake tools, malicious shortcuts, or malware. [1, 2, 3, 4] in Discord and social media, which, when executed, will have access to the folder and trigger the error.
Threatened actors can also use the mistake to force a broken system to hide their activities.
While the error generated by the error stated that the device was damaged, Microsoft clarified that the volume was only marked as dirty and the reboot and chkdsk would quickly mark it as clean.
Unfortunately, in one of our and other people’s tests, chkdsk did not solve the problem and Windows 10 refused to reboot.
Microsoft has fixed the NTFS error
In February, Microsoft quietly began testing the fix on Windows Insider compilations. This week, as part of April 2021, Tuesday, Microsoft finally fixed the vulnerability in all supported versions of Windows 10.
Microsoft classifies this error as a DDoS vulnerability and tracks it as CVE-2021-28312 under the heading “Windows NTFS Denial of Service Vulnerability”.
After installing Tuesday’s updates for Patch this week, BleepingComputer can confirm that the error no longer works, as it will now display an error stating that “Directory name is invalid”, as shown below.
BleepingComputer strongly recommends that all Windows users install the latest Patch Tuesday security updates. Not only for this vulnerability, but also for the 107 other vulnerabilities removed this month.