Home NTFS filesystem bug could crash Windows 7, 8, and 8.1
News

NTFS filesystem bug could crash Windows 7, 8, and 8.1

Zak Killian
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

Any gerbils out there using Windows 7, 8, or 8.1 may want to take note, particularly if they use Internet Explorer on those systems. A security vulnerability has come to light (Google Translation), affecting those operating systems. A malicious local application or even a website (with IE in the mix) can potentially crash a machine simply by sending a carefully-crafted request to access a local file.

The exploit results from a bug in the way Windows handles protected filenames. In this specific case, the offending file is $MFT, which is reserved for a bit of NTFS metadata. There's a hidden $MFT file in the root of every NTFS volume, and normally Windows won't let you access it. A clever trickster figured out that if you use $MFT as if it were a directory—say, by trying to access "C:\$MFT\foo"—the NTFS volume driver will hang. That may not immediately crash the whole system, but it will necessitate a restart eventually.

Most browsers will block any attempt to access local content, but at least on Internet Explorer, the exploit can apparently be triggered simply by using a faulty path as a source for page content like an image. That means that an attacker could craft a page that will cause the machine to lock up and need a reboot. Obviously, local malware can also make use of the exploit, although at that point you arguably have bigger problems.

Microsoft hasn't yet acknowledged the problem nor promised a fix. The exploit doesn't affect Windows 10, so it's possible that the company might not be rushing to offer a patch. And, as we mentioned before, most browsers should simply ignore the remote page's request to use a local data source anyway.