said: 'I have no idea why accessing the attribute corrupts NTFS volumes.
This $I30 attribute is used by the NTFS file system to maintain an index of all files/subdirectories that belong to a directory.Ĭurrently, it is unclear why accessing this attribute corrupts the drive. The command shown accesses the $130 attribute of an NTFS volume. For testing, one should use a virtual machine.
#NTFS WINDOWS WINDOWS 10#
After running the command in the Windows 10 command prompt, the error: "The file or directory is corrupted and unreadable." is immediately displayed. This is because the NTFS drive may be unreadable and lost afterwards. Once this file is read, Windows prompts the user to restart the computer to repair the corrupted disk entries.īleeping Computer shows a command here as an example of such a trigger, but warns against testing that on a system. This can be done by placing a crafted file (even remotely) in a folder on the affected drive. A short command is sufficienįor an attacker exploiting this vulnerability, a one-line command is enough to corrupt an NTFS-formatted hard drive. So he reached out to Bleeping Computer, who tested it and then disclosed it in this article. had already publicly disclosed this NTFS vulnerability in August 2020 as well as in October 2020, without anything happening. The whole thing can be triggered remotely (e.g., downloading a crafted shortcut file or ZIP archive). Accessing a crafted folder is enough to exploit the vulnerability. I've pulled out the latest disclosure by from Januon Twitter once – see the following tweet.