Windows 10 update patches up a frightful security hole
Windows 10 vulnerability has reportedly existed since 2018
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas finally fixed a vulnerability inWindows 10that could potentially enable threat actors to crash the operating system simply by opening a specially crafted folder.
According to reports, Microsoft initially patched the bug in Windows Insider builds in February, before pushing it to allWindows 10users last week with the latest round ofPatch Tuesdayupdates.
Tracked as CVE-2021-28312, the vulnerability has reportedly been classified as adistributed denial of services (DDoS)flaw.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
Security researcher Jonas Lykkegård first discovered the zero-day bug inWindows 10all the way back in August 2020. It is said to allow users and programs, even those with low privileges, to mark an NTFSdisk driveas corrupt just by accessing the special folder.
Easy to trigger
Lykkegård toldBleepingComputerthat the flaw became exploitable probably withWindows 10build 1803, released in April 2018.
Worryingly, the bug was relatively easy to trigger. Before the migitation, simply changing into the specially crafted folder, either via the command prompt, from thefile manager, or via any other means would cause Windows 10 to mark the drive as dirty. The user would then be prompted to reboot their computer and run chkdsk, which would in turn fail to mark it as clean and prevent the device from booting up.
Unsurprisingly, several malicious apps quickly began circulating onDiscordand other social media that exploited the vulnerability to render Windows 10 installations useless.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
However,BleepingComputerhas confirmed the bug has been successfully mitigated with the latest update.
ViaBleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
iStorage Group acquires Kanguru Solutions as it looks to expand security offering
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
