Latest in Gear

Image credit: Reuters

Windows metadata bug has been waiting to cripple older machines (updated)

Remember the blue screen of death? It's kind of like that.
796 Shares
Share
Tweet
Share
Save

Sponsored Links

Reuters

If you're still using Windows 7 or Windows 8, there's another security issue you need to be aware of aside from Wannacry. This one won't hold your computer ransom for bitcoin, though. Actually, it might be more annoying than it is dangerous. Researchers from Aladdin RD, an information security company, recently discovered (translated) that a bad image call embedded into a website can bring older computers to a grinding halt. In this case, it's filename "$mft."

As Ars Technica points out, it's a metadata file that exists in the root directory of the OS' NTFS file system. When something tries using it, like a malicious website accessed through Internet Explorer in this case, the NTFS driver never releases its lock on the file. This in turn blocks other legitimate processes from accessing the file system.

From here, every program trying to access any type of file will start to hang and you can see where this is going. Now, this type of vulnerability isn't new (older versions of Windows had similar responses calls for c:\con\con), and neither is the fix. Simply reboot your machine and you should be good to go.

Microsoft is aware of the problem, but isn't going to fix the bug in Windows Vista. Considering that Redmond is still supporting Windows 7 and Windows 8 there may be a patch coming, though. We've reached out for more information and will update this post should it arrive.

Update: A Microsoft spokesperson told Engadget that the company is looking into the matter and will give an update as soon as it can.

"Our engineers are currently reviewing the information. Microsoft has a customer commitment to investigate reported security issues and provide updates as soon as possible."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
796 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Oppo's next phone can be fully charged in just 30 minutes

Oppo's next phone can be fully charged in just 30 minutes

View
Fossil's latest hybrid watch is likely powered by Wear OS

Fossil's latest hybrid watch is likely powered by Wear OS

View
Sonos Move review: Versatility doesn't come cheap

Sonos Move review: Versatility doesn't come cheap

View
ZenBook Pro Duo review: ASUS makes a case for dual-screen laptops

ZenBook Pro Duo review: ASUS makes a case for dual-screen laptops

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr