Updated with comments from Microsoft.
Beware: there appears to be an unpatched flaw in Windows 10 that allows a short, simple one-line command to destroy a hard drive.
According to Twitter user @jonasLyk, this command will instantly He says it can destroy it.
Worse yet, this flaw can be easily exploited by malicious hackers and embedded in email attachments, video files, or even web pages.
Simply opening a file or page can crash a PC, and it is unclear if the hard drive can always be recovered. Even seeing a specially formatted icon could trigger this flaw.
Will Dorman, an information security expert at the government-funded CERT Coordination Center in Pittsburgh, confirmed that the flaw is real.
Bleeping Computer even posted a video reproducing the flaw and rendering the C (main) drive unreadable on a virtual PC. The virtual machine in the video was unable to restore the drive after several reboots.
According to Bleeping Computer, in some cases the drive can be repaired with the chkdsk (check disk) utility. In other cases, however, the disk's master file table (MFT), which is an index of all the files on the drive, is corrupted along with the files. Repairing this would require third-party software.
To avoid attacks that take advantage of this flaw, simply change the PC's hard drive to FAT32, the same file format used by USB flash drives, SD cards, and other removable storage devices. Doing this is very time-consuming, as it requires first making a backup and then essentially rebuilding the system.
It may also be safe if you are running Windows 10 version 1709 or earlier, which was released in October 2017. The flaw affects all builds of Windows 10 since version 1803, @jonasLyk told Bleeping Computer, and Dormann confirmed it.
It is not clear why this particular command borks hard drives. None of the elements of the command are special or unusual and will be familiar to many Windows users who frequently use the command line interface.
The only reason this flaw has not been discovered before is that the active command may not normally be paired with a given implementation.
"I have no idea why it breaks things, and it's a lot of work to find it," @jonasLyk told Bleeping Computer.
"I'll leave it to the people who have the source code, namely Microsoft.
I won't tell you what the command is because I don't want you to try it at home. But if you have a virtual machine, you can find the command in the Bleeping Computer article. Be careful.
Tom's Guide has reached out to Microsoft for comment on this issue and will update this article as soon as we hear back.
After our inquiry, a Microsoft spokesperson provided us with this statement:
"We are aware of this issue and will provide an update in a future release. The use of this technique relies on social engineering, and as always, we encourage our customers to practice good online computing habits, including using caution when opening unknown files and accepting file transfers. For more information on safe online use, seehttps://www.microsoft.com/en-us/digital-skills/online-safety-resources."
.
Comments