Industry News

Windows 7 and 8.1 ridiculously simple to crash using 4-character string

Due to an error in the way Windows operating systems handle file names, a maliciously crafted website can send computers to destination-BSOD upon accessing a directory name modified to fetch a sensitive system file.

Reminiscent of the infamous bug from the ‘90s that duped people into crashing their own machines by running the command line “C: /con/con,” the all-new $MFT bug causes Windows machines to lock up and remain that way until a reboot – sometimes going into full-blown blue screen of death (BSOD).

Although the news hit the wires only recently, the bug apparently emerged a week ago when a Russian coder independently discovered that the Master File Table ($MFT) file, responsible for tracking all files on an NTFS volume, can be leveraged to crash Windows 7, Windows Vista and Windows 8.1 machines in seconds if the filename is used as a directory name in a website.

The hacker, going by the name of Anatolymik, discovered that, if you access a maliciously-crafted website carrying the character string “$MFT” in the directory where a the site keeps its images, Windows crashes the moment it reads that file. The vulnerability is shared by Microsoft’s proprietary web browser, Internet Explorer, and the fox-themed Mozilla Firefox. Google Chrome is apparently not vulnerable to attempts at exploiting this bug.

Microsoft is aware of the issue but has yet to release an official statement or say when a patch will be available. For the time being, users can only hope not to experience the BSOD-inducing bug by surfing the web with their eyes peeled – i.e. only visit websites they trust.

Since Windows Vista is no longer supported by Microsoft with timely patches, we should only expect Windows 7 and Windows 8 machines to receive the fix. Windows 10 systems are unaffected by the flaw.

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

1 Comment

Click here to post a comment