• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 16th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » The good old NTFS bug in Windows strikes back but with a different name

The good old NTFS bug in Windows strikes back but with a different name

May 28th, 2017 Jahanzaib Hassan Microsoft, Security, Technology News 0 comments
The good old NTFS bug in Windows strikes back but with a different name
Share on FacebookShare on Twitter

Most of you who are from the Windows 95 era, may remember an NTFS bug allowed hackers to attack the devices through special filenames causing the entire system to go berserk and subsequently display a blue screen of death.

Well, to everyone’s disappointment, the bug is back to haunt those who are running Windows 7 or 8. This time, however, the bug is cunningly placed in an image source file which is loaded once a web page with that image is accessed.

[irp posts=”31677″ name=”Microsoft Windows Devices Responsible For 80% of Malware Infections”]

The special filename: Windows OS has always had a flaw in its file system allowing attackers to exploit a file naming convention that has the potential to render a user’s system utterly useless.

To give you a bit of background, Windows file system has a number of files which are considered as special due to the way they are handled. Primarily, there are some filenames stored in the operating system that refers to files which do not have any actual files. That is, these files refer to the hardware of the system. However, such files can still be accessed despite not having any real existence.

The filenames which can crash your system: Not all of these filenames have the potential to kill your system. However, some files, when accessed in a certain way, can cause damage. For instance, the filename which was used to crash the old Windows operating systems was “con”. This file referred to the monitor and keyboard of your computer.

Although Windows was smart enough to manage any attempts to access the file once properly, it, however, had no idea what to do if it was being accessed twice at the same time. That is, the older bug made a reference in the form of c:\con\con and this resulted in Windows to crash. Now, however, the file is being referenced through an image source. Particular images in a web page will access the special filenames and hence disrupt your entire system.

[irp posts=”25326″ name=”18-year-old Vulnerability Lets Attackers Steal Data From All Versions of Windows”]

Nevertheless, this time round, the filename is not “con”, but another special file called “$MFT”. This filename refers to the metadata stored in the NTFS directory. Although the filesystem blocks any attempts to access the file, it does not do so if it is being accessed through a directory – that is, in the form of c:\$MFT\123.

Doing so forces NTFS to lock the entire system and so you will not be able to access any file. Some browsers try to prevent web pages from accessing these files, Internet Explorer, on the other hand, will allow access. However, the security researcher who discovered this bug said that:

“This problem is not a vulnerability, but having remote access to the machine may disturb its operation. This error is retained up to the latest versions of the Windows, with the exception of the latest updates, starting at a minimum with Windows Vista.”

This video from 0:48 seconds shows how the bug worked on Windows 95


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Bug
  • Computer
  • internet
  • Microsoft
  • security
  • Technology
  • Windows
  • Windows 10
Facebook Twitter Google+ LinkedIn Pinterest
Previous article IT outage chaos: All British Airways Flights Canceled
Next article Google Scraps Judy Malware Infected Apps Downloaded By 36M Android Users
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
How safe is business data stored in third-party supplier websites?

How safe is business data stored in third-party supplier websites?

70% of the entire US population is now on Facebook

70% of the entire US population is now on Facebook

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
How safe is business data stored in third-party supplier websites?
Security

How safe is business data stored in third-party supplier websites?

137
Popular forms of cybercrime you should be aware of
Cyber Crime

Popular forms of cybercrime you should be aware of

738
70% of the entire US population is now on Facebook
Technology News

70% of the entire US population is now on Facebook

386
Hundreds of counterfeit branded shoe stores hacked with web skimmer
Cyber Crime

Hundreds of counterfeit branded shoe stores hacked with web skimmer

354

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us