Microsoft Windows 10 zero-day unpatched exploit authorize the attackers to corrupt an NTFS-formatted hard drive with the help of only one-line command. According to the experts, this one line code will be hidden inside a Windows shortcut file, a ZIP archive, batch files, or multiple other types of elements to initiate the hard-drive errors that corrupt the file-system index instantly.
Infosec researcher Jones L posted on Twitter and drew attention towards this NTFS vulnerability that impacting Windows 10 that has not been fixed yet.
This entire vulnerability is can be triggered by the single-line command that instantly corrupts the NTFS formatted hard-drive, after that the Windows prompting the user to restart their computer to repair the corrupted disk drive.
The researchers also said that this all started with Windows 10 build 1803 updates.
Working of Windows 10 Bug
A hard-drive can become corrupted by trying to get access to the $i30 string and NTFS attribute on a folder in a way.
Note: Executing such commands on a live system will able to corrupt the drive and make it unacceptable. If you want to run this command check this in a virtual machine.
This NTFS Index attribute or string used in this attack is associate with directories that contains the list of files and subfolders. But it is very unclear that this corrupts the drive that holds the Registry key that would able to diagnose the issues that don’t work.
Once this command is executed the Windows open the command prompt and by hitting the enter button then the user will see an error message that
“The File or directory is corrupted and unreadable”
After that Windows will start displaying the notifications that force the user to restart the PC and repair the corrupted disk volume. As the user hits the reboot button the Windows check the utility disk and starts repairing the hard-drive.
As the drive is corrupted the Windows will generate errors in the Event Log that says that Master File Table for the inserted device is having the corrupted record.
Another Ways to Exploit this Vulnerability
According to the experts, the attackers may use this command to insert malicious files into the Windows system. As this shortcut file is downloaded on Windows the users view the folders present in the file. While executing such tasks the Windows Explorer would access the crafted file in the background and start corrupting the NTFS drive.
As the file is executed the restart message will appear on the screen and as the user clicks on it the shortcut file is opened into the system.
Other Consequences
The hackers also deliver the payload into the victim’s system using this exploit. The researcher also said that other functions can compromise using this bug.
In some tests, the experts noticed that one of the Windows 10 chkdsk utility is fixed the hard-drive error on reboot, the exploit file that crafted into a Windows shortcut with an icon set C:\:$i30:$bitmap would be replaced with empty bits.
This signifies that the shortcut file was enough capable to pull this attack if this happens. The victim is not likely to download a Windows shortcut file from the internet.
To make this attack more effective the attacker can also force the users to download the ZIP file while delivering the crafted file. The attacker also sneaks multiple malicious Windows shortcut files into a legitimate ZIP archive file.
Once the user will download the ZIP file it will automatically be triggered when extracted into the system. This is because the compressed file that holds the Windows shortcut would not trigger the exploit until it gets extracted into the system.
According to the experts, this is a serious vulnerability, and know for years, it is also reported to Microsoft but they do nothing to fix it.
Now, Microsoft Customer team says that they will do proper investigation and they will provide proper updates and solution for those who are infected by this bug
