Microsoft fixes Windows 10's drive corrupting NTFS denial of service vulnerability
In the middle of January, we reported about a vulnerability in Windows 10 that could be used to corrupt the contents of an NTFS formatted drive. A specially crafted folder name was all that was needed to cause a volume to be marked as dirty, and then require a fix with the Chkdsk utility.
But Chkdsk did not always do the trick, leaving victims with unbootable systems. A couple of months ago, Microsoft started testing a fix with Windows Insiders and now the patch is being made available to everyone. It addresses the problems which was being tracked as CVE-2021-28312 (Windows NTFS Denial of Service Vulnerability).
- Windows 10's KB5001330 update is causing problems with shared folders and DNS resolution
- KB5001330 update for Windows 10 is causing performance problems and other issues
- Microsoft patches serious NTFS drive corruption flaw in Windows 10... but there's a catch
The fixes were included as part of this month's Patch Tuesday released -- the same KB5001330 and KB5001337 updates responsible for (purposely) killing off the legacy version of Microsoft Edge in Windows 10. But these updates for Windows 10 are, as ever, something of a double-edged sword.
With the relevant update installed for Windows 10, attempting to access the problematic path results in the same message as during the testing period in insider build 21322, namely: " The directory name is invalid".
More details about the vulnerability can be found in the Microsoft Security Response Center.