[German]Microsoft has also fixed the Windows NTFS bug, which could lead to NTFS system drive corruption, on Patchday (4/13/2021) with the rolled-out security updates for Windows 10. Here is some information on the subject.
Actually, I had lost track of Ganz because I thought this had been fixed for a long time. Now the issue has come to my attention the last few hours on Facebook, through this comment (thanks for that) and from colleagues here.
The NTFS volume bug
In the implementation of the NTFS file system used by Windows 10, a previously unpatched vulnerability was disclosed in January 2021 (see my blog post Windows 10: Vulnerability allows to destroy NTFS media content). The disclosure was made by @jonasLyk as of January 9, 2021 on Twitter- see the following tweet.
Access to a prepared folder is enough to exploit the vulnerability. The whole thing can be triggered remotely (e.g. downloading a prepared shortcut file or ZIP archive). This vulnerability allows attackers to mark the contents of an NTFS volume used under Windows 10 as corrupted. A disk check is then triggered on reboot, which can fix the error – but in rare cases the system can no longer boot.
The command shown accesses the $130 attribute of an NTFS volume. Via this $I30 attribute, the NTFS file system maintains an index of all files/subdirectories belonging to a directory. The bug is present as of Windows 10 version 1803. Microsoft had classified the bug as CVE-2021-28312 (Windows NTFS Denial of Service Vulnerability).
Fix announced, fix rolled out now
At the end of January 2021, there was already an unofficial fix for this bug, which I had presented in the blog post Windows 10 NTFS bug gets unofficial fix from OSR. But as an administrator, I wouldn't necessarily want to install such unofficial fixes. Then at the end of February 2021, I had hinted in the blog post Fix for Windows 10 bug that causes NTFS volume corruption is coming, that Microsoft was working on a fix for the bug that allows file system errors to be triggered on NTFS drives.
Bleeping Computer colleagues had noticed that Microsoft included an undocumented fix in Windows 10 Insider build 21322 that prevents access to the path that triggers the error. Now, Bleeping Computer colleagues write in this post that Microsoft has fixed the bug in all supported Windows 10 versions with the April 13, 2021 security updates. However, I didn't find anything in the official description of the updates (and in the post Patchday: Windows 10 updates (April 13, 2021)) during a quick search.
Cookies helps to fund this blog: Cookie settings