Running head: WINDOWS 10 BUG 1
WINDOWS 10 BUG 1
An Unpatched Zero-Day in Microsoft Windows 10
Name
Institution
Course
Tutor
An unpatched zero-day is a windows 10 bug that corrupts the hard drive. The article "Windows 10 bug corrupts your hard drive on seeing this file's icon" gives an in-depth insight on the bug exploits through a series of tests done by BleepingComputer team(Abrams, 2021). The article handles this broad subject in three areas; it describes what the bug in windows is, how it is caused, and how it can be exploited. Basically, an unpatched zero-day allows attackers to corrupt a hard drive, NTFS-formatted, with a one-line command. Nonetheless, this NTFS issue is expected in the older Windows XP versions (FAT32 vs. NTFS: Choose Your Own Format, n.d.).
This windows bug is caused by the NTFS vulnerability, which can be exploited by attackers. They take advantage by using a single-line command that immediately corrupts the hard-drive. This attack prompts the user to restart the computer to repair the NTFS-formatted hard disk records. Moreover, this exploit in the NTFS vulnerability was more substantial in the windows 10 build 1803. Additionally, standard and low privileged accounts on windows can lead to the NTFS vulnerability. The attribute '$i30', referred to as NTFS Index Attribute gives directories with a list of directory's files in the system. Moreover, the path can also be accessed in the background as long as the user opens the "C:\" folder. Ideally, the attribute is useful, especially for forensic and incident response scenarios. However, it also causes the corruption of hard-disk drives.
The NFS vulnerability is often caused by a Proof of Concepts (PoC) exploit. At times this exploit can be caused by the user not opening a file that contains it (4 BSOD Errors That Can Kill Your PC and Their Solutions, 2017). This is achieved by accessing the icon of the "C:\: $i30: $bitmap" shortcut file path, which triggers the vulnerability. As soon as the user downloads this shortcut file on Windows 10; windows explorer will, in return, try to display the file's icon. The windows explorer does this in the background. The aftermath of this process is the NTFS hard-drive corruption that the user did not perform intentionally.
There are various ways in which the windows bug can be exploited. For instance, remote servers could be used as a tool by these attackers in triggering the exploit (Sharma, 2021). HTML pages are an excellent example that allows network shares hence makes the embedding of the resources possible. Therefore, the $i30 path can be referenced from the shared drive and network shares. Research shows that this makes it likely to corrupt the NTFS Master File Table (MFT). Sometimes the exploit file, C:\: $i30: $bitmap, is cleared after performing the hard-drive errors repair on reboot action. The contents of this exploit file are immediately replaced with empty bytes. This type of attack would be favorable for the user since it would only occur as a one-time attack.
However, this is never the case. The attackers would usually trick the user into accessing the ZIP archive that would result in persistent attacks. The attacker puts in many legitimate files in the ZIP archive together with the malicious shortcut files. Consequently, each time a user extracts the ZIP file, the exploit is triggered. On the contrary, the repairing process only empties the extracted windows and not the compressed copy. The knowledge provided by this article is useful in many cases. Most importantly, learning about it makes it easy to start fixing the bug. Therefore, a user knows what to expect from these potential attacks. Furthermore, the user is in a better position to solve this problem. Notably, Microsoft has known about this issue for a long time, yet nothing seems to imply they are working towards solving it; the vulnerabilities remain unpatched. As the article states, the Microsoft spokesperson is yet to communicate this issue to the BleepingComputer team.
References
4 BSOD Errors That Can Kill Your PC and their Solutions. (2017, November 12). https://geekflare.com/windows-bsod-error/
Abrams, L. (2021, January 17). Windows 10 bug crashes your PC when you access this location. BleepingComputer. https://www.bleepingcomputer.com/news/security/windows-10-bug-crashes-your-pc-when-you-access-this-location/
FAT32 vs. NTFS: Choose Your Own Format. (n.d.). Retrieved January 21, 2021, from https://www.pcmag.com/news/fat32-vs-ntfs-choose-your-own-format
Sharma, A. (2021, January 14). Windows 10 bug corrupts your hard drive on seeing this file’s icon. BleepingComputer. https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/