Security News > 2021 > April > Microsoft fixes Windows 10 bug that marks drives as corrupted

Microsoft fixes Windows 10 bug that marks drives as corrupted
2021-04-17 15:08

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.

In January, we reported on a new Windows 10 vulnerability discovered by Jonas Lykkegård that allows any user or program, even those with low privileges, to mark an NTFS drive as corrupted simply by accessing the special ​folder.

In one of our and other people's tests, chkdsk did not fix the issue, and Windows 10 refused to boot again.

In February, Microsoft quietly started testing the fix within Windows Insider builds.

This week, as part of the April 2021 Patch Tuesday, Microsoft has finally fixed the vulnerability in all supported versions of Windows 10.

Microsoft has classified this bug as a DDoS vulnerability and is tracking it as CVE-2021-28312 with the title 'Windows NTFS Denial of Service Vulnerability.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-10-bug-that-marks-drives-as-corrupted/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-28312 Unspecified vulnerability in Microsoft products
Windows NTFS Denial of Service Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 473 68 2214 4928 253 7463