This is a prominent 90’s bug and occurs because of the way NTFS drivers handle special filenames on Windows systems. If you’re still using Windows 7 or Windows 8, there’s another security issue you need to be aware of aside from Wannacry. This one won’t hold your computer ransom for bitcoin, though. Actually, it might be more annoying than it is dangerous. Researchers from Aladdin RD, an information security company, recently discovered (translated) that a bad image call embedded into a website can bring older computers to a grinding halt. In this case, it’s filename “$mft.”
It’s a metadata file that exists in the root directory of the OS’ NTFS file system. When something tries using it, like a malicious website accessed through Internet Explorer in this case, the NTFS driver never releases its lock on the file. This in turn blocks other legitimate processes from accessing the file system. As it turns out, webpages that use $MFT as a directory name will cause Windows 7 and 8.1 PC to slow down or worse, as the web browser will try to access the bad file which is handled in special ways in these version of Windows. In some cases, the computer may throw up the dreaded blue screen of death eventually. Last week it was discovered that over 98 percent of those affected by the WannaCry ransonware were running Windows 7, and a now a new bug has been found which can slow down and crash systems running that OS and Windows 8.1.
The characters, $MFT, will be familiar to people who fiddle with metadata on old computers; it’s what Microsoft uses to designate a specific metadata file on your PC.
The file is normally hidden from users and most software, but it appears that if it forms part of a directory name (e.g. c:\$MFT\123) Windows will then lock the file and never release it, making the file system inaccessible, potentially causing a bluescreen, and forcing a reboot. The odd bug doesn’t affect Windows 10 users (phew, that’s a relief) , and it’s similar to an old problem in Windows 95 and Windows 98 where references to “c:\con\con” would crash a machine.
From here, every program trying to access any type of file will start to hang and you can see where this is going. Now, this type of vulnerability isn’t new (older versions of Windows had similar responses calls for c:\con\con), and neither is the fix. Simply reboot your machine and you should be good to go.
Microsoft is aware of the problem, but isn’t going to fix the bug in Windows Vista. Considering that Redmond is still supporting Windows 7 and Windows 8 there may be a patch coming, though.
Update: A Microsoft spokesperson said that the company is looking into the matter and will give an update as soon as it can.
“Our engineers are currently reviewing the information. Microsoft has a customer commitment to investigate reported security issues and provide updates as soon as possible.”
Conclusively, it’s not been a great couple of weeks for people using older versions of Windows. So, still tight and do not access (i mean, click) any suspicious links or ads to protect yourself from this bug.
1 Comment
Pingback: Warning: Windows metadata bug awaiting to cripple older machines, Windows 7 & 8. - ADPLUS MEDIA