mood Posted February 27, 2021 Share Posted February 27, 2021 Microsoft fixes Windows 10 drive corruption bug — what you need to know Microsoft has fixed a Windows 10 bug that could cause NTFS volumes to become corrupted by merely accessing a particular path or viewing a specially crafted file. Last month, BleepingComputer reported on a new Windows bug that allows any users, including those with low privileges, to mark an NTFS volume as dirty. All a Windows user had to do to trigger the bug was to try to access a special path, shown in the image below. Accessing path marks drive as corrupted Once Windows tried to access the path, it would state that the "The file of directory is corrupted and unreadable." and then marks the drive letter as corrupted and in need of repair. Windows then prompts the user to reboot the computer and run chkdsk to fix the corruption. Microsoft has said that the drive is not actually corrupted and Windows chkdsk will fix the problem. Unfortunately, in one of our tests and others, chkdsk did not fix the issue, and Windows 10 refused to boot again. Microsoft fixes Windows 10 NTFS corruption bug After the bug was disclosed, there was a hope that Microsoft would push out a fix as part of the February Patch Tuesday. When that did not happen, Mozilla Firefox 85.0.1 added a check to prevent the path from being accessed, and OSR released an unofficial patch that blocked the path in Windows. With this week's release of Windows 10 Insider build 21322, Microsoft has included an undocumented fix that prevents the path from being accessed. Now when you attempt to access the path, Windows 10 will report "The directory name is invalid," as shown below, and no longer marks the NTFS volume as corrupted. NTFS corruption bug fixed in Windows 10 'Dev' channel Unfortunately, this fix has only landed in the Windows 10 Insider 'Dev' channel and not the Windows 10 21H1 'Beta' preview, the next feature update to be released this spring. Unless Microsoft uplifts this fix to a Windows version being released sooner, we will likely be stuck with this bug for some time. Source: Microsoft fixes Windows 10 drive corruption bug — what you need to know Ha91, FlyLowrie, funkyy and 1 other 3 1 Link to comment Share on other sites More sharing options...
mood Posted April 17, 2021 Author Share Posted April 17, 2021 Microsoft fixes Windows 10 bug that marks drives as corrupted Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. In January, we reported on a new Windows 10 vulnerability discovered by Jonas Lykkegård that allows any user or program, even those with low privileges, to mark an NTFS drive as corrupted simply by accessing the special folder. What is particularly concerning is how easy it is easy to trigger the bug. By simply changing to the folder in a command prompt, accessing it from the Run: field, opening it from File Explorer, Windows 10 would mark the drive as dirty and prompt you to reboot your computer and run chkdsk, as shown below. Accessing an NTFS path triggers a corruption warning To make matters worse, threat actors and pranksters began distributing fake tools, malicious shortcuts, or malware [1, 2, 3, 4] on Discord and social media that, when executed, would access the folder and trigger the bug. Threat actors could also use the bug to force a crash of a breached system to hide their activities. While the error generated by the bug stated the drive was corrupted, Microsoft clarified that volume was only marked as dirty, and a reboot and chkdsk would quickly mark it as clean. Unfortunately, in one of our and other people's tests, chkdsk did not fix the issue, and Windows 10 refused to boot again. Microsoft fixes the NTFS corruption bug In February, Microsoft quietly started testing the fix within Windows Insider builds. This week, as part of the April 2021 Patch Tuesday, Microsoft has finally fixed the vulnerability in all supported versions of Windows 10. Microsoft has classified this bug as a DDoS vulnerability and is tracking it as CVE-2021-28312 with the title 'Windows NTFS Denial of Service Vulnerability.' After installing this week's Patch Tuesday updates, BleepingComputer can confirm that the bug no longer works as it will now just display an error stating that "The directory name is invalid," as shown below. Accessing the path no longer marks a drive as corrupted BleepingComputer strongly recommends that all Windows users install the latest Patch Tuesday security updates. Not only for this vulnerability but the 107 other vulnerabilities fixed this month. Source: Microsoft fixes Windows 10 bug that marks drives as corrupted Link to comment Share on other sites More sharing options...
frenchiveruti Posted May 8, 2021 Share Posted May 8, 2021 Ugh, way to go MS. Took you a while to fix this. I guess I can finally update when this is released, been stuck in 18xx for too long haha Link to comment Share on other sites More sharing options...
Ryrynz Posted May 11, 2021 Share Posted May 11, 2021 On 5/9/2021 at 10:38 AM, frenchiveruti said: Ugh, way to go MS. Took you a while to fix this. I guess I can finally update when this is released, been stuck in 18xx for too long haha 'Cos it so wasn't an edge case or anything. Headlines always make these things to be a bigger deal than they are. So tired of it. Link to comment Share on other sites More sharing options...
Recommended Posts