It seems that exploiting Windows 10 bugs has become a favorite sport for hackers. The Lifehacker website released today (19) a bug that allows a simple string of characters to completely corrupt a computer’s hard drive.
Tests conducted by experts from the BleepingComputer website, proved that this “little line” can be delivered hidden inside a Windows shortcut file, or a ZIP file, or even batch files, in addition to other vectors capable of triggering disk errors that corrupt the file system index at the time.
When triggered, the malicious string causes the common “restart to repair hard drive errors” in Windows 10. Although your data is likely to be correct, the truth is that you will only be sure if you run a chkdsk.
The discovery of the bug
The bug was detailed by security researcher Jonas L, and confirmed by Will Doorman of CERT, an organization based in Pennsylvania, USA, which assists network administrators in security solutions.
Jonas L told BleepingComputer that the flaw became exploitable after the release of Windows 10 build 1803, the Windows 10 update from April 2018, and continues to work today. Doorman agrees that this flaw is one of many in the operating system, which has not been resolved for years.
BleepingComputer’s tests also found that the text string is effective even if a shortcut icon just points to the location with the corrupted text. That is, you don’t even need to click or open the file; just seeing it on your desktop already does the damage. The string works on ZIP, HTML and URL’s files.
To The Verge, Microsoft said it was investigating the problem, which will provide an update in the future and which relies on “our customers’ good online habits”. Translating: Stay smart! Do not click on suspicious links or open unknown files!