Vulnerability in the NTFS file system allows you to trigger an emergency shutdown Windows 7, 8 and Vista

PC users with experience can remember the mistakes of the operating systems Windows 95 and 98. Some file names were able to lead to a crash of the OS. Attackers could use this to attack personal computers.

As it turned out, a similar bug is present in newer operating systems Windows 7, Windows 8.1 and Windows Vista. To do this, the hackers only need to get the victim to open a nonexistent file on a specially crafted path. We are talking about the vulnerability of the NTFS file system, allowing attackers to cause a hang or crash

The problem described by the Russian Explorer under the name Anatolymik. Attackers can remember proekspluatirovat gap or forcing the user to open non-existent file directly using the Run command, or quietly downloading the access path to the web page as the image URL.

The file is able to show users a blue screen of death, malicious web pages can use such image files. If you go to a page, using any browser, the computer will crash.

The cause of the problem lies in the $MFT file. This file is the most important in the partition because it monitors all files on the volume, their physical location on the hard disk, the logical location within the folder and various metadata. Users cannot access the file because it can lead to the destruction of all data.

If you use the name of an $MFT file as the name of the directory (C:$MFTfoo) could hang or crash Windows. If the system freezes, the only way to solve the problem is to restart the computer. The bug works in browsers Internet Explorer and Firefox but not working in Chrome.

Microsoft is already aware of the problem, but information about the technical issue updates for Windows 7, Windows 8.1 and Windows Vista has not yet been reported.

Clifton Nichols

Clifton Nichols

Hi! Iā€™m Clifton and I am a full-stack engineer with a passion for building performant and scalable applications that are beautiful and easy to use.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *