NTFS bug allows websites to crash Windows 7 or Windows 8 PCs
Windows 7 users may want to forget this month as soon as possible. Recently, the widely spread WannaCry ransomware virus had infected computers around the world, of which majority of those affected were Windows 7 users. And, now in what looks like a major throwback from the 1990s, a new bug has been discovered that can slow down and crash systems running Windows Vista, Windows 7 or Windows 8/8.1, reports ArsTechnica. Malicious users can abuse this bug to attack other people’s systems by using certain bad filenames to lock their system or crash it with a blue screen of death (BSOD).
For those unfamiliar, this newly discovered bug is an upgraded version of an annoying old bug known as concon. This was a computer bug that appeared in the Windows 95 and Windows 98 operating systems and was considered as a security vulnerability because malicious web pages would crash systems with links such as file:///C:/con/con.
So, how does this new iteration of bug work? This bug allows a malicious website to load an image file with the “$MFT” name in the directory path. “$MFT” is a filename given to a special metadata file that’s used by Windows’ NTFS filesystems. Since the file exists in the root directory of each NTFS volume, it’s hidden from view and inaccessible to most software. However, it is handled by the NTFS driver in special ways.
When someone tries embedding certain bad filenames by using them as image sources, it can lock the system or occasionally crash with a BSOD. For instance, if you are trying to open the file c:\$MFT\123, the NTFS driver locks the filesystem and never releases it, which in turn prevents any apps that are running from accessing data on the hard drive. This ultimately causes the affected system to slow down, hang, or worse, crash by making way for the dreaded BSOD. The only way that you can get yourself out of this situation is by rebooting your system.
While Microsoft has been informed of the bug, it is not clear as of yet when it will release a fix for the problem. Meanwhile, Windows 10 users remain unaffected by the new bug.
Source: ArsTechnica