Infosec researcher Jonas L has discovered a short string which, when it forms part of a filesystem pathway, will cause any Windows 10 hard drive to be corrupted.

The short string can be delivered to the OS in a number of ways, such as part of a zip drive, a Windows 10 shortcut, specially crafted HTML documents or even as part of a pathway of an icon for a file.

This means for example some-one could create a booby-trapped file on a network drive which, when the directory is browsed, would cause your hard drive to be corrupted.

The cursed string is $i30, an NTFS attribute, and when used like this Command. Use at your risk.  for example, will start killing your hard drive.

It is not known why the string causes your hard drive to become corrupted, but reportedly a number of such triggers have been discovered but generally unfixed by Microsoft.

BleepingComputer asked Microsoft for a comment, and received the following reply:

“Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible.”

Read all the detail at BleepingComputer here.

Comments