Security News > 2021 > April > Microsoft fixes Windows 10 bug that can corrupt NTFS drives
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.
In January, we reported on a new Windows 10 vulnerability discovered by Jonas Lykkegård that allows any user or program, even those with low privileges, to mark an NTFS drive as corrupted simply by accessing the special folder.
In one of our and other people's tests, chkdsk did not fix the issue, and Windows 10 refused to boot again.
In February, Microsoft quietly started testing the fix within Windows Insider builds.
This week, as part of the April 2021 Patch Tuesday, Microsoft has finally fixed the vulnerability in all supported versions of Windows 10.
Microsoft has classified this bug as a DDoS vulnerability and is tracking it as CVE-2021-28312 with the title 'Windows NTFS Denial of Service Vulnerability.
News URL
Related news
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Windows 10 KB5049981 update released with new BYOVD blocklist (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2021-28312 | Unspecified vulnerability in Microsoft products Windows NTFS Denial of Service Vulnerability | 0.0 |