Look out! This short Windows 10 command can trash your hard drive [updated]

Look out! This curt Windows 10 command can trash your difficult bulldoze [updated]

A laptop with its screen exploding, viewed from the side.

(Image credit: Iaroslav Neliubov)

UPDATED with comment from Microsoft.

Heads up: There seems to be an unpatched flaw in Windows 10 that tin corrupt a hard bulldoze with a curt, simple, unmarried-line command.

So says Twitter user @jonasLyk, who claims that the command tin instantly trash any drive using Microsoft'south preferred NTFS file format, even if the command is invoked by a limited-user Windows account without administrative privileges.

This simple play a trick on could save your computer
The best antivirus software to protect your PC
Plus: Our favorite gadgets from CES 2021

Even worse, the flaw might easily be exploited by malicious hackers and embedded in email attachments, video files or even web pages.

NTFS VULNERABILITY CRITICALITY UNDERESTIMATED-There is a especially nasty vulnerability in NTFS right now.Triggerable by opening special crafted name in whatsoever folder anywhere.'The vulnerability will instant popular up complaining most yuor harddrive is corrupted when path is opened pic.twitter.com/E0YqHQ369NJanuary 9, 2021

Just opening the file or folio would crash your PC, and it's not articulate if the hard drive could e'er be recovered. It's possible that just viewing a specially formatted icon would also trigger the flaw.

Will Dormann, an data-security expert at the government-funded CERT Coordination Center in Pittsburgh, confirmed the flaw is real.

Overnice detect by @jonasLyk :cd Result: NTFS corruptionOther vectors: - Open an ISO, VHD, or VHDX- Extract a Nil file- Open up an HTML file without a MoTW- Probably more... motion-picture show.twitter.com/LY18Lo3J3mJanuary 9, 2021

Run across more

Bleeping Calculator replicated the flaw and even posted a video of it rendering the C, or primary, drive unreadable on a virtual PC. The virtual motorcar in the video was unable to restore the drive, fifty-fifty after several reboots.

Bleeping Estimator said that in some cases the chkdsk (Cheque Disk) utility was able to repair the drive. But in other cases the deejay's master file tabular array (MFT), an index of all the files on a bulldoze, would be corrupted along with the files. You lot'd likely need tertiary-political party software to set that.

How to avert this attack

To avoid attacks using this flaw, you could change your PC's hard drives to the FAT32 file format, the same file format used past USB flash drives, SD cards and other kinds of removable storage. Doing and then would be a huge pain in the cervix, as yous'd take to first back upwardly and then essentially rebuild your system.

Yous could also exist safety if you lot're however running Windows x version 1709, released in October 2017, or earlier. The flaw affects all builds of Windows x from version 1803 onward, @jonasLyk told Bleeping Figurer, which Dormann confirmed.

It'southward not articulate why this specific command borks difficult drives. None of the elements of the command are anything special or uncommon, and it'd exist familiar to many Windows users who often go into the command-line interface.

The only reason this flaw may not take been discovered earlier is because the agile command might not normally be paired with the specified implementation.

"I have no idea why information technology corrupts stuff and it would be a lot of work to find out," @jonasLyk told Bleeping Computer. "I'll leave it to the people with the source code," i.eastward., Microsoft.

Nosotros're not going to tell y'all what the command is because we don't want you trying this at home. But if you have a virtual machine, you tin can discover the command in Bleeping Computer's story. Be careful.

Tom's Guide has requested comment from Microsoft about this issue, and we will update this story when we receive a respond.

Update: Microsoft responds

Following our query, a Microsoft spokesperson provided us with this statement:

"We are aware of this issue and will provide an update in a future release. The use of this technique relies on social technology and as always we encourage our customers to exercise good computing habits online, including exercising caution when opening unknown files, or accepting file transfers. More information on staying safe online is available at https://www.microsoft.com/en-united states of america/digital-skills/online-prophylactic-resources."

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has also been a dishwasher, fry melt, long-haul driver, lawmaking monkey and video editor. He'due south been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Television receiver news spots and fifty-fifty moderated a panel give-and-take at the CEDIA dwelling-engineering conference. Y'all can follow his rants on Twitter at @snd_wagenseil.