Microsoft Investigating Windows 10 Exploit That Can Easily Corrupt Your Hard Drive
Something as simple as looking at a shortcut could potentially put your entire system at risk.
Microsoft is addressing a new Windows 10 exploit that can corrupt your hard drive with extreme ease, which could make it a nightmare for IT administrators globally. The exploit allows attackers to hide a single line of text in a file as innocent as a shortcut or zip file. What makes it so dangerous is that the file in question doesn't need to be explicitly interacted with--a user can simply open a folder with a compromised shortcut inside it for the exploit to be enacted.
The loophole was discovered by Security researcher Jonas L earlier in the week, before being corroborated by Will Dormann, a vulnerability analyst at the CERT Coordination Center. Dormann explained that the exploit has existed within Windows 10 for years already, citing other potential NTFS flaws that Microsoft has yet to address.
Thankfully, the exploit does sometimes trigger Windows' automatic chkdsk process, which will automatically repair the drive after a restart. The recovery process is far more complicated if this solution fails, which has been reported to be possible, meaning the attack is still very concerning for Microsoft.
"We are aware of this issue and will provide an update in a future release," Microsoft said in a statement to The Verge. "The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers."
Until Microsoft addresses the issue, it's perhaps safest to be extra cautious when opening or interacting with files you don't recognize.