Corrupting NTFS With A Single Shortcut

Source: Slashdot Corrupting NTFS With A Single Shortcut

Do Not Try This At Home … Or Anywhere For That Matter

Starting with Windows 10 1803 and continuing to this day is a simple and rather uncouth trick to corrupt a NTFS disk and prompt a reboot, which may not successfully launch.  It is a single line which can be delivered via a variety of methods includinga a ZIP archive, batch files, or even an shortcut and in the case of the shortcut you don’t need to launch it; it’s mere existence is enough to trash your drive.

The reason why C:\:$i30:$bitmap will crash a machine is a mystery for now, but it does work on even up to date machines, so don’t go playing with it.  Launching that command or creating the shortcut will first trigger a pop up warning that The file or directory is corrupted and unreadable followed immediately by prompts to reboot. Upon reboot CHKDSK will do it’s best to recover your corrupted file system but as many of us know, that is not guaranteed to resolve the issue.

At this time the security researcher Jonas L, who first discovered this bug back in August has neither been successful at determining why the corruption occurs nor does it seem the researcher has been able to gain much traction at Microsoft; the bug works on even a fully updated system.  There is much speculation as to the cause as the filename is not invalid and actually part of the file system which is why it can do this, however the registry entry and tracing tool which would prove this hypothesis is not showing the expected behaviour.

So for now, resist the temptation unless you are on a VM you have backed up and be careful with those strange zip files!  Make sure you have the fix for your SSD too as this time you may need to run this tool.

 

In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed. When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

1 Comment

  1. Andy

    Copied from someone’s post:

    the whole thing is a whole lot of nothing.

    It’s essentially an NTFS bug that trigger/set hard-drive “dirty” flag, which usually means Windows will schedule chkdsk on next start up.
    It is a bug, as explained here (https://www.youtube.com/watch?v=PtHTqmp-Jt8), as marking a disk as “dirty” normally requires elevated priviledges/admin.

    I’d suppose it would be an addition to the collection of “tools” those phone/website scammers could use that make it looks impressively legitimate.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!