Until Microsoft patches this problem, use Chrome: a slip in file path handling allows an attacker to crash Windows 7 and Windows 8.1 with a simple file call.
The bug is triggered if Windows’ Master File Table is included in a directory path – for example, if the attacker included $MFT as a link to an image in a Website.
“Anatolymik” of Alladin Information Security in Russia lays claim to the discovery here (in Russian).
$MFT is supposed to be protected from user access, for good reason: every file on an NTFS volume has a reference in the MFT.
What the researchers discovered is that if you try to access a file like c:\$MFT\foo
, the NTFS (NT file system) locks $MFT and doesn’t release it: “it will be captured forever,” the post states. “Therefore, for example, when trying to create a file or read the volume of files, NTFS attempts to seize ERESOURCE $ mft file and will hang at this stage forever.”
As Bleeping Computer notes, Chrome users can’t be remotely attacked, because it recognises and blocks images with malformed paths. Both Internet Explorer and Firefox, however, are vulnerable. ®
Recent Comments