Microsoft quietly fixed the NTFS corruption bug in Insider builds

There is a long-standing bug in Windows that damages the file system with a variety of actions. A single command, a malformed HTML file, or even a shortcut that you see in a ZIP archive can corrupt the file system. Microsoft has already fixed it, but only in Insider Preview builds.

The bug is as follows. A simple command, even when executed by a low privileged user, corrupts an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records.

Warning: Do not test this command on any of your devices containing important data. The file system will be damaged, and you may lose all your data. You have been warned.

The command looks as follows.

The key thing here is the $i30 NTFS index attribute. That NTFS Index Attribute is an attribute associated with directories that contains a list of a directory's files and subfolders. In some cases, the NTFS Index can also include deleted files and folders. Some more details can be found in this post.

The issue is now fixed

Microsoft has resolved the issue in Windows 10 Insider Preview build 21322. The fix is not documented and not mentioned anywhere in the change log, but the command doesn't work any longer. If you attempt to access the above path, Windows 10 will report "The directory name is invalid". The change has only landed in the Dev channel, and not in the Beta channel which hosts 21H1 builds.

It is worth mentioning that some third-party apps have mitigated this vulnerability by checking the user input and preventing him from accessing that location. There is also a third-party patch that can be used to secure your data. It is issued by OCR. Microsoft is expected to release the patch for older Windows 10 versions in the near future.

Source: Bleeping Computer

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: