A recently discovered bug could allow any website to crash your Windows Vista, 7, or 8 PC with a simple edit to image names, reminiscent of the similar 'c: concon' bug on Windows 95 and 98.
Using the bug, a website could change the directory path for an image to include the string "$MFT", a tag used to identify the 'Master File Table' contained in a special file on NTFS file systems. This file is a database of all the files found on the system and is normally hidden from view and generally inaccessible. When the browser tries to download such an image file, the above OSes are unable to handle treating $MFT as a folder, instead of a file, leading to an error loop that ends up locking the file system.
In the meantime, subsequent file system operations end up queuing while they wait for the lock to be released, leading to a significant slowdown of the machine. Soon after - if not immediately after - encountering this problem, all programs will be unable to access the file system due to this condition and your machine will likely hang or, at worst, crash, giving way to the dreaded blue screen of death (BSOD).
Given the ease with which this bug can be triggered - by simply changing the file directory of an image file - it could prove to be a rather annoying problem, though you should be fine as long as you don't visit malicious or untrusted websites.
Microsoft has been made aware of the bug but there is, as of yet, no fix available. Thankfully, Windows 10 users seem to be immune to it.
Source: Ars Technica via The Verge
14 Comments - Add comment