Windows 10 update patches up a frightful security hole

By published

Windows 10 vulnerability has reportedly existed since 2018

Lock on Laptop Screen
(Image credit: Future)
Audio player loading…

Microsoft has finally fixed a vulnerability in Windows 10 (opens in new tab) that could potentially enable threat actors to crash the operating system simply by opening a specially crafted folder.

According to reports, Microsoft initially patched the bug in Windows Insider builds in February, before pushing it to all Windows 10 (opens in new tab) users last week with the latest round of Patch Tuesday (opens in new tab) updates.

Tracked as CVE-2021-28312, the vulnerability has reportedly been classified as a distributed denial of services (DDoS) (opens in new tab) flaw.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

Security researcher Jonas Lykkegård first discovered the zero-day bug in Windows 10 (opens in new tab) all the way back in August 2020. It is said to allow users and programs, even those with low privileges, to mark an NTFS disk drive (opens in new tab) as corrupt just by accessing the special folder.

Easy to trigger

Lykkegård told BleepingComputer that the flaw became exploitable probably with Windows 10 build 1803, released in April 2018.

Worryingly, the bug was relatively easy to trigger. Before the migitation, simply changing into the specially crafted folder, either via the command prompt, from the file manager (opens in new tab), or via any other means would cause Windows 10 to mark the drive as dirty. The user would then be prompted to reboot their computer and run chkdsk, which would in turn fail to mark it as clean and prevent the device from booting up.

Unsurprisingly, several malicious apps quickly began circulating on Discord (opens in new tab) and other social media that exploited the vulnerability to render Windows 10 installations useless.

However, BleepingComputer has confirmed the bug has been successfully mitigated with the latest update.

Via BleepingComputer (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
See more Computing news