Any gerbils out there using Windows 7, 8, or 8.1 may want to take note, particularly if they use Internet Explorer on those systems. A security vulnerability has come to light (Google Translation), affecting those operating systems. A malicious local application or even a website (with IE in the mix) can potentially crash a machine simply by sending a carefully-crafted request to access a local file.
The exploit results from a bug in the way Windows handles protected filenames. In this specific case, the offending file is $MFT, which is reserved for a bit of NTFS metadata. There's a hidden $MFT file in the root of every NTFS volume, and normally Windows won't let you access it. A clever trickster figured out that if you use $MFT as if it were a directory—say, by trying to access "C:\$MFT\foo"—the NTFS volume driver will hang. That may not immediately crash the whole system, but it will necessitate a restart eventually.
Most browsers will block any attempt to access local content, but at least on Internet Explorer, the exploit can apparently be triggered simply by using a faulty path as a source for page content like an image. That means that an attacker could craft a page that will cause the machine to lock up and need a reboot. Obviously, local malware can also make use of the exploit, although at that point you arguably have bigger problems.
Microsoft hasn't yet acknowledged the problem nor promised a fix. The exploit doesn't affect Windows 10, so it's possible that the company might not be rushing to offer a patch. And, as we mentioned before, most browsers should simply ignore the remote page's request to use a local data source anyway.
|Intel warms up Coffee Lake with eighth-gen desktop Core details||22|
|Take a sneak peek at our Core i9-7960X and Core i9-7980XE results||7|
|Geil lights up its Evo X ROG-certified RAM||4|
|Google Compute Engine is now powered in part by Pascal||10|
|EVGA slaps 12 GT/s memory on the GTX 1080 Ti FTW3 Elite||14|
|G.Skill unleashes AMD-ready Trident Z RGB kits up to 3200 MT/s||14|
|Asus' ZenFone 4 Pro offers high-end photography and networking||22|
|Radeon 17.9.2 drivers put the pedal to the metal for Project Cars 2||4|
|ROG Strix X299-XE Gaming motherboard is rather groovy||4|
|Fish, you idiot! You should have waited.||+8|