Skip to main content

Newly discovered NTFS bug lets webpages crash Windows 7 and 8.1 PCs

Windows 7 and 8.1 users are open to a newly discovered bug that allows websites to crash their machines with little effort. Initially reported by Ars Technica, the bug is being described as a throwback to the Windows 95 and 98 era due to the way it takes advantage of special file names to cause the crash — something that occurred in a slightly different manner at the time.

The main thrust of the issue lies in the filename $MFT, the name of a hidden metadata file used in the NTFS filesystem. Essentially, if a bad actor uses $MFT as a directory name on a website, a browser trying to load a file in that directory will cause the PC to hang. Ars Technica explains:

Attempts to open the file are normally blocked, but in a move reminiscent of the Windows 9x flaw, if the filename is used as if it were a directory name—for example, trying to open the file c:\$MFT\123—then the NTFS driver takes out a lock on the file and never releases it. Every subsequent operation sits around waiting for the lock to be released.Forever. This blocks any and all other attempts to access the file system, and so every program will start to hang, rendering the machine unusable until it is rebooted.

With the fallout from this month's massive WannaCry ransomware attack still settling, the timing of this particular bug's discovery is likely to cause some extra concern. Microsoft has already been informed of the issue, but it's unclear when a potential fix may be rolled out.

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

10 Comments
  • Exactly how different is Windows 10 in this aspect, as it is said it is not affected by this?
  • probably microsoft behind it to sway the remains..
  • Ha as if that was the case
  • I'm pretty sure it also affects Vista and all the servers. Which means, if they release a bugfix for them, Vista users will most likely be able to install WS2008 patch and enjoy it despite Vista itself not being supported anymore.
  • Does Windows 10 not use NTFS?
  • It does.  I would assume they fixed this; its not like they aren't still changing NTFS.
  • Microsoft suggests using exFAT with windows 10 but there's a weird bug. Try to format your external memory card with this file system and all the apps installed there appear with a blank tile instead of their normal icon! I throw this here in case someone is going crazy as I was for months until I reformatted my card with NTFS
  • I have my microSD cards formatted to FAT16 or FAT32
  • I doubt I was visiting odd/sketchy websites at work, but for the past two weeks or so, my Win7 PC at work would randomly freeze and would never recover. Wonder if this had anything to do with it.
  • That's why the web use forward slash Unix naming convention