Fix for Windows 10 bug that causes NTFS volume corruption is coming

[German]Microsoft has begun to fix a bug that allows to trigger file system errors on NTFS drives and forces a chkdsk operation. At least the Windows 10 Insider Preview build 21322 contains an undocumented fix for this issue.


Some Background about the issue

There is a vulnerability in the implementation of the NTFS file system used by Windows 10. It is enough to place a suitably crafted file on an NTFS volume to trigger the flaw. The allows attackers to corrupt the contents of an NTFS volume used under Windows 10 and force Windows 10 into a file system check. This repairs the NTFS volume in most cases.

I had covered the details in mid January 2021 within my blog post Windows 10: Vulnerability allows to destroy NTFS media content. Firefox developers had implemented a filter in Firefox 85.0.1 that makes it impossible to exploit the vulnerability in the browser (see Firefox 85.0.1 and 78.7.1 ESR released).  Developers of OSR had also released an open-source filter driver that prevents exploitation of theNTFS bug, which can be used to corrupt NTFS volumes. I had reported in the blog post Windows 10 NTFS bug gets unofficial fix from OSR.

Microsoft fixes the bug for insiders

Colleagues at Bleeping Computer have now noticed that Microsoft is working on fixing the bug. With the release of Windows 10 Insider build 21322 this week, Microsoft included an undocumented fix that prevents access to the path that triggers the bug. If a user tries to access the path that triggered the error, Windows 10 reports "The directory name is invalid." The NTFS volume is no longer marked as damaged. So far, the fix is only available for Insiders testing in the Developer Channel.

Similar articles:
Windows 10: Vulnerability allows to destroy NTFS media content
Windows 10 NTFS bug gets unofficial fix from OSR
Firefox 85.0.1 and 78.7.1 ESR released

Cookies helps to fund this blog: Cookie settings

This entry was posted in issue, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *