Windows 10 has a very malicious bug that can be easily triggered. This Windows 10 bug, first discovered by security researcher Jonas L, can be hidden inside a ZIP file, a folder or even a Windows shortcut. If the ZIP file is extracted or an infected folder is open, the bug will be activated and corrupt the hard drive.
According to vulnerability analyst Will Dormann, this NTFS corruption has been around since Windows 10 1803 update that was released back in 2018. So it’s been three years since this bug has been active in Windows 10. Dormann also listed out more ways the malware could be activated and these include opening an ISO, VHD, or VHDX, and opening an HTML file without a MoTW. The malware has also been found to be activated by simply pasting the offending string in the address bar of a browser. It’s also highly risky as it does not require admin permissions to trigger it.
Microsoft has acknowledged the issue, and is working on a fix for the same. In a statement to The Verge, Microsoft said, “We are aware of this issue and will provide an update in a future release. The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”
According to a report by Bleeping Computer, affected Windows 10 users will be asked to reboot their PC to repair the corrupted disk records. This might however not work for every user. The report added that this vulnerability can be triggered by standard and low privileged user accounts on Windows 10.