There’s a Windows 10 bug out there in the wild today that can corrupt your computer with the greatest of ease. With a issue has to do with directing Windows 10 to open a file – or extracting a ZIP file, or opening an HTML file – and the list goes on. At the moment, this vulnerability remains live and in-effect for the masses. Microsoft is aware of the issue and is apparently working on a fix right this minute.
Security researcher Jonas L spoke up about this NTFS vulnerability earlier this week. The trigger does not need any special credentials or write permissions, it can be triggered by any sort of user on a Windows 10 machine.
As noted by Jonas L, “triggered by opening a special crafted name in any folder anywhere, the vulnerability will instantly pop up complaining about ‘your harddrive is corrupted’ when path is opened.” The vulnerability can be triggered remotely if the user has any sort of service that allows “file opens of specific names” to occur.
As demonstrated by researcher Siam Alam, this vulnerability can be triggered by something so seemingly inconsequential as pasting said command in a URL of a browser – any browser except Internet Explorer, of all things.
The vulnerability has to do with the $i30 NTFS attribute of any folder “in a certain way” according to Bleeping Computer. If you happen upon any file request or command including $i30 being sent to you by anyone – even someone you think you know well – avoid it. At least until this vulnerability is repaired by Microsoft.
Until this vulnerability is fixed, we’d recommend taking extra caution in accessing files downloaded from the internet, copying and pasting lines of code sent to you by outside sources, and opening basically any sort of ZIP file.