Windows 10 users can now download a fix for a dangerous vulnerability in their desktop operating system. Security experts raised the alarms bells about the Windows 10 flaw back in January, with the threat capable of easily corrupting a machine’s NTFS hard drive with a simple one-line command. But while attention to this Windows 10 bug was first drawn at the start of the year, the exploit has been active since 2018. Yikes.
Security blog Bleeping Computer, which has been highlighting the threat, ran tests seeing how the Windows 10 security threat could be spread. And they discovered this dangerous command could be delivered via a Windows Shortcut, ZIP archive, batch files or by other things that Windows 10 users are tricked into downloading.
Since their initial report, Bleeping Computer said threat actors along with pranksters have been distributing fake tools, malicious shortcuts as well as malware on Discord and social media which can trigger the bug.
Back in February, Microsoft began testing a fix for this dangerous Windows 10 bug via Windows Insider builds. And now with the latest Patch Tuesday release for April 2021 this vulnerability has been fixed in all supported versions of Windows 10.
So, if you’re running an older version of Windows 10 which has reached the end of service then now is the perfect time to upgrade. The Redmond-based tech giant has labelled the flaw as CVE-2021-28312 and described it as a ‘Denial of Service’ bug.
The Windows 10 threat was originally highlighted by infosec researcher @jonasLyk on Twitter. Back in January the Twitter user posted: “There is a specially nasty vulnerability in NTFS right now. Triggerable by opening special crafted name in any folder anywhere. The vulnerability will instant pop up complaining about your hard drive is corrupted when path is opened.
“The vulnerability can be remotely triggered if having any kind of service allowing file opens of specific names to happen. It’s embeddable in HTML, shared folders etc. Until now only consequence have been running chkdsk on boot- but now the MFT have corrupted”.
To stay safe from the dangerous Windows 10 vulnerability users need to make sure they download the Patch Tuesday release from last week.
However, it’s important to point out that there have also been reports of Windows 10 users experiencing a range of issues with the latest update release from Microsoft.