A bug in Microsoft’s NTFS file system technology allows pranksters to hang or crash computers running Windows Vista, Windows 7, and Windows 8.1 just by tricking the user to access a malformed path for a non-existent file.
The bug was discovered by a Russian system programmer going by the name of Anatolymik, working for information security company Alladin RD. The programmer shared technical details on Monday, on Habrahabr, a blogging platform for Russian-speaking users.
The issue, which doesn’t affect Windows 10, can be exploited when the user tries to open a non-existent file with a malformed path.
This can happen when the user tries to open the file directly — via a Run command or other means — or the path is secretly loaded in the background of a web page, as an image’s source URL.
$MFT (Master File Table) path causes hang/crash
The problem is with the $MFT file, which is the Master File Table, a file found on all NTFS volumes. This file is the most important file on a disk partition, as it tracks of all files on the volume, their physical location on the hard, their logical location inside folders, and all sorts of file metadata.
Users cannot open this file, for obvious reasons, as they could accidentally ruin their entire data.
While working a file filtering system, Anatolymik discovered that if he used the $MFT file name as a directory name — as C:\$MFT\foo — the local Windows installation would hang or sometimes crash. When the system hang, the only way to regain access to the PC was by resetting it.
Bug can be exploited via Firefox and IE, but not Chrome
According to users that have tested the bug and commented on Anatolymik’s blog post, Chrome will refuse to load images with malformed paths, such as the $MFT exploit.
Nonetheless, Bleeping Computer confirmed that the $MFT bug causes a Windows 7 installation to hang via Internet Explorer and Firefox.
This NTFS $MFT bug is very similar to another file path bug from the 90s when you could prank your friends with the “C:/con/con” bug that crashed Windows 95 and Windows 98 systems. Below is a demo video for the ancient “C:/con/con” bug.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.