In January of this year, a security researcher revealed a flaw in Windows 10, specifically in the NTFS driver for hard drives, which could corrupt the entire file system of the same by executing a simple command. This failure was detected for the first time in August 2020, and, despite being reported by Microsoft, the company never responded to it. The ruling, unsurprisingly, began to gain popularity once it was unveiled, and eventually the company appears to have taken action.
To recap a bit, what this bug does is corrupt the entire partition table when trying to enter a protected directory on the system. This could be done in a number of ways. For example, you could create a link on a website to a local resource that would allow data to be corrupted from the browser, or a script that would automatically access it. It is also possible to do it ourselves by executing a command like the following from CMD:
cd c:/$i30:$bitmap
Running this command corrupts the file index so that the NTFS-formatted hard drive becomes “dirty.” Windows begins to show warnings to try to analyze and repair it and, in addition, it saves logs in the event viewer that indicate that the Master File Table (MFT) of the hard disk is corrupt.
Microsoft does not give importance to the failure ensuring that doing a CHKDSK to the hard disk fixes it. However, we have seen instances across the network where the MFT has become so corrupt that it cannot be repaired. Therefore, it is a very easy to exploit and potentially dangerous flaw for our data.
Microsoft already tests a solution to the NTFS bug
Some programs, like Firefox, have already started to include patches on their own. In this way, if a user or a website tries to open a protected NTFS directory , it will be the browser itself that blocks it. But this is not enough.
Now, Windows 10 build 21322 seems to have finally included an undocumented change aimed precisely at protecting users from this flaw. As we can see, from now on, if we try to execute a command like the one above to enter protected NTFS directories, we will see a message that does not indicate that the directory name is invalid.
Of course, the hard drive is now protected, and it is not marked as corrupt when trying to access these kinds of protected paths.
A change just for Insider Dev?
It is strange that Microsoft has secretly included this patch only for users of build 21322 and it did not come with the February security or quality patches, not even in the new 21H1 beta builds .
We hope that Microsoft will bring this fix to all users with the new security patches of March 2021, scheduled for March 9. However, at the moment there is only silence at Microsoft. It would be a very serious negligence to wait more than 6 months, until 21H2, to bring this correction to the stable versions of Windows 10. Although, in the case of Microsoft, everything is possible.
