Microsoft fixes NTFS file system crashes in Windows 10

by ·

Previously, some researchers accidentally discovered that Microsoft’s NTFS file system was flawed, and users only needed to access a path containing certain special strings and it would crash.

Although this problem is unlikely to cause a serious security problem, the prankster can create a file containing this special string to induce the user to download and trigger the failure.

At the same time, the researchers reported the vulnerability to Microsoft for a long time but did not receive attention. It was not until the media was widely reported that Microsoft responded that it would fix the vulnerability in time.

However, Microsoft did not fix the vulnerability in the routine update released this month. The latest news is that Microsoft is testing the fix in the Windows 10 Insider Preview version.

The research found that the index system attribute of the Windows NTFS file system contains the $i30 string, which is actually the NTFS attribute associated with the directory.

In some cases, even if files are deleted, the index system still includes deleted files or folders until these files or folders are completely deleted.

Therefore, this kind of indexing system is very useful in response to certain incidents, such as attack tracing or investigation and evidence collection, but why does this serious problem occur?

InfoSec researcher Jonas L found that access to this attribute will cause disk damage. After investigation, the researcher believes that it may be related to the Windows registry.

When the attribute is loaded, the system will immediately pop up the file or directory is damaged and unreadable prompt, prompting the user to restart the system so that the system can try to repair the disk.

The repair process may last for several hours or even longer. Of course, sometimes the repair cannot be completed, resulting in a cyclic blue screen of death until the user reinstalls the system.

If you are lucky, the system automatically completes the repair, and the Windows Event Manager will see the error record of the MFT of the master file table of the specific drive.

Although Microsoft did not specify, the researchers have tested in Windows 10 Insider Preview Build 21322 and proved that Microsoft has fixed this error.

Running a special string in this beta version will not cause the NTFS file system to crash. At the same time, the system reports that this is an invalid directory name and shields it.

Microsoft did not mention this problem in the Windows 10 Insider Preview Build 21322 changelog, but the test shows that Microsoft is indeed repairing, so Microsoft may release the patch next month.

Via: bleepingcomputer

Tags: