NTFS filesystem bug could crash Windows 7, 8, and 8.1

— 4:39 PM on May 26, 2017

Any gerbils out there using Windows 7, 8, or 8.1 may want to take note, particularly if they use Internet Explorer on those systems. A security vulnerability has come to light (Google Translation), affecting those operating systems. A malicious local application or even a website (with IE in the mix) can potentially crash a machine simply by sending a carefully-crafted request to access a local file.

The exploit results from a bug in the way Windows handles protected filenames. In this specific case, the offending file is $MFT, which is reserved for a bit of NTFS metadata. There's a hidden $MFT file in the root of every NTFS volume, and normally Windows won't let you access it. A clever trickster figured out that if you use $MFT as if it were a directory—say, by trying to access "C:\$MFT\foo"—the NTFS volume driver will hang. That may not immediately crash the whole system, but it will necessitate a restart eventually.

Most browsers will block any attempt to access local content, but at least on Internet Explorer, the exploit can apparently be triggered simply by using a faulty path as a source for page content like an image. That means that an attacker could craft a page that will cause the machine to lock up and need a reboot. Obviously, local malware can also make use of the exploit, although at that point you arguably have bigger problems.

Microsoft hasn't yet acknowledged the problem nor promised a fix. The exploit doesn't affect Windows 10, so it's possible that the company might not be rushing to offer a patch. And, as we mentioned before, most browsers should simply ignore the remote page's request to use a local data source anyway.

Tip: You can use the A/Z keys to walk threads.
View options