May 27, 2017 weblog
NTFS bug allows sites to crash Windows 7, 8.1
(Tech Xplore)—By Friday numerous tech sites including Ars Technica, delivered the bug discovery news, this time of strange NTFS bug making web pages crash for those still running Windows 7 or 8.1 on their PCs. NTFS refers to the NT file system.
"Remember the blue screen of death? It's kind of like that," said Engadget.
Actually, the bug causes the computer to slow down or crash.
Windows 10 PCs are not affected by this bug.
Peter Bright, Ars Technica, looked at what was going on what was going on, saying "certain bad filenames make the system lock up or occasionally crash with a blue screen of death, and malicious webpages can embed those filenames by using them as image sources. If you visit such a page (in any browser), your PC will hang shortly after and possibly crash outright."
Windows Central said "it takes advantage of special file names to cause the crash."
The exploit results from a bug in the way Windows handles protected filenames, said Zac Killian in The Tech Report.
"In this specific case, the offending file is $MFT, which is reserved for a bit of NTFS metadata."
Killian went on to explain that there is a hidden $MFT file in the root of every NTFS volume; normally Windows will not let you access it. Nonetheless, "'A clever trickster figured out that if you use $MFT as if it were a directory—say, by trying to access "C:$MFTfoo"—the NTFS volume driver will hang," he added.
Wayne Williams, managing editor, BetaNews, said, "the NTFS driver takes out a lock on the file and doesn't release it. This ultimately causes the affected system to slow down, and possibly bluescreen. The only way out of it is to reboot your system."
Catalin Cimpanu in BleepingComputer wrote that "The issue can be exploited when the user tries to open a non-existent file with a malformed path." This can happen, he said, when the user attempts to open the file directly, via a Run command or other means, "or the path is secretly loaded in the background of a web page, as an image's source URL."
Who noticed the bug, anyway?
BleepingComputer said a Russian system programmer working for Alladin RD, a security company, found it and shared details on a blogging platform, Habrahabr.
The Verge, meanwhile, went ahead and did its own trial, and Tom Warren reported that they successfully tested the bug "on a Windows 7 PC with the default Internet Explorer browser. Using a filename with "c:$MFT123" in a website image, our test caused a machine to slow down to the point where you have to reboot to get the PC working again."
As with other reports, Warren said some machines may bluescreen eventually, "as the file system locks to that file and all other apps are unable to access files."
The bug was reported to Microsoft, reports said. Update from Engadget at the time of this writing: "A Microsoft spokesperson told Engadget that the company is looking into the matter and will give an update as soon as it can."
© 2017 Tech Xplore