Tag Search: bug

Windows 10 Bug Corrupts Your Hard Drive On Seeing This File's Icon

Posted on Friday January 15, 2021  |  bug, security, windows

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. Bleeping Computer reports: In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed. When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records. The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version. What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems. [...] It is unclear why accessing this attribute corrupts the drive, and Jonas told BleepingComputer that a Registry key that would help diagnose the issue doesn't work. One striking finding shared by Jonas with us was that a crafted Windows shortcut file (.url) that had its icon location set to C::$i30:$bitmap would trigger the vulnerability even if the user never opened the file! As observed by BleepingComputer, as soon as this shortcut file is downloaded on a Windows 10 PC, and the user views the folder it is present in, Windows Explorer will attempt to display the file's icon. To do this, Windows Explorer would attempt to access the crafted icon path inside the file in the background, thereby corrupting the NTFS hard drive in the process. Next, "restart to repair hard drive"; notifications start popping up on the Windows PC -- all this without the user even having opened or double-clicked on the shortcut file.

 

Vulnerability in Microsoft CTF Protocol Goes Back To Windows XP

Posted on Tuesday August 13, 2019  |  bug, security, windows

CTF, a little-known Microsoft protocol used by all Windows operating system versions since Windows XP, is insecure and can be exploited with ease. From a report: According to Tavis Ormandy, a security researcher with Google's Project Zero elite security team and the one who discovered the buggy protocol, hackers or malware that already have a foothold on a user's computer can use the protocol to take over any app, high-privileged applications, or the entire OS, as a whole. Currently, there are no patches for these bugs, and a quick fix isn't expected, as the vulnerabilities are deeply ingrained in the protocol and its design. What CTF stands is currently unknown. Even Ormandy, a well-known security researcher, wasn't able to find what it means in all of Microsoft documentation. What Ormandy found out was that CTF is part of of the Windows Text Services Framework (TSF), the system that manages the text shown inside Windows and Windows applications. When users start an app, Windows also starts a CTF client for that app. The CTF client receives instructions from a CTF server about the OS system language and the keyboard input methods. It is unclear how Microsoft will patch the CTF problem.

 

Internet Explorer Exploit Steals Data From Windows Users-- Even If They Never Use Internet Explorer

Posted on Sunday April 14, 2019  |  bug, internet explorer, microsoft, security, windows

Security researcher John Page has revealed a new zero-day exploit that allows remote attackers to exfiltrate Local files using Internet Explorer. "The craziest part: Windows users don't ever even have to open the now-obsolete web browser for malicious actors to use the exploit," reports Mashable. "It just needs to exist on their computer..."

 

Linux bug infecting Android users

Posted on Wednesday August 24, 2016  |  vulnerable, users, system, private, operating, linux, information, hijacking, hacker, bug, attacks, android

2016August25_AndroidPhone_ABugs have come a long way, and they're not just creepy-crawlies anymore. So we have to worry not only about the bugs that we contract and make us physically ill, but also the bugs that threaten the security of our beloved smartphones. Most people overlook bugs since they're so tiny, but what they lack in size they make up for in their capacity to wreak havoc on innocent devices. What are the consequences of failing to address these security matters? Read on and find out.

 

Page:   1

Celebrating 35+ Years

Managed Computer Support Services

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016