NTFS Metadata Bug Torpedoes Windows 7 And 8.1 PCs With Four-Character String

It hasn’t exactly been a sterling month with regards to security for Microsoft. The company was rocked by WannaCry, a ransomware outbreak that spread across the globe. Now we’re learning of a new vulnerability that revolves around a hidden Windows metadata file called $MFT.

$MFT is used by the NTFS filesystem, and resides in the root directory of Windows operating systems.  Accessing it is a big no-no as far as Windows is concerned, and will result in the operating putting a permanent lock on the file.

This locking behavior is exactly what happens in the case of the exploit initially discovered by Aladdin RD security researchers earlier this week. A specially crafted website (looking to inflict harm on unwitting users) could use this exploit to crash your PC – the potential victim would only need to visit the site for a successful attack. Pulling off the trick is as simple as creating a directory called $MFT to store images on the website. When your browser (in this case, Internet Explorer) attempts to access those images and your operating system sees those four characters, all hell breaks loose.

Windows (as expected) locks local access to $MFT and halts all operations on an affected machine. Your PC will slow down, stop responding, or simply just throw up a BSOD as a sign of surrender. The only way to fully recover from the “attack” is to reboot your machine.

According the researchers, Windows 7 and Windows 8.1 (both still supported by Microsoft) are affected by the $MFT exploit. Windows 10 users are thankfully spared from this trickery. According to Ars Technica, Microsoft has been alerted to the $MFT bug, but has provided no guidance on whether it is considered a priority matter or if a patch will be released.