Any gerbils out there using Windows 7, 8, or 8.1 may want to take note, particularly if they use Internet Explorer on those systems. A security vulnerability has come to light (Google Translation), affecting those operating systems. A malicious local application or even a website (with IE in the mix) can potentially crash a machine simply by sending a carefully-crafted request to access a local file.
The exploit results from a bug in the way Windows handles protected filenames. In this specific case, the offending file is $MFT, which is reserved for a bit of NTFS metadata. There's a hidden $MFT file in the root of every NTFS volume, and normally Windows won't let you access it. A clever trickster figured out that if you use $MFT as if it were a directory—say, by trying to access "C:\$MFT\foo"—the NTFS volume driver will hang. That may not immediately crash the whole system, but it will necessitate a restart eventually.
Most browsers will block any attempt to access local content, but at least on Internet Explorer, the exploit can apparently be triggered simply by using a faulty path as a source for page content like an image. That means that an attacker could craft a page that will cause the machine to lock up and need a reboot. Obviously, local malware can also make use of the exploit, although at that point you arguably have bigger problems.
Microsoft hasn't yet acknowledged the problem nor promised a fix. The exploit doesn't affect Windows 10, so it's possible that the company might not be rushing to offer a patch. And, as we mentioned before, most browsers should simply ignore the remote page's request to use a local data source anyway.
|Corsair sells a majority stake to private equity for $525 million||0|
|AMD turned a $25 million operating profit in Q2 2017||43|
|Rumor: Radeon RX Vega benched in 3DMark Fire Strike||42|
|National Merry-Go-Round Day Shortbread||6|
|Flash will be dead by the end of 2020||37|
|Adata wants to brighten your life with its XPG Spectrix D40 RAM||7|
|Rumor: Geekbench entry hints at 16-core Core i9-7960X performance||20|
|GeForce 384.94 drivers bring a bevy of security fixes||10|
|Thermaltake Smart RGB PSUs dazzle budget builders||10|