Windows 7 and 8.1 users are open to a newly discovered bug that allows websites to crash their machines with little effort. Initially reported by Ars Technica, the bug is being described as a throwback to the Windows 95 and 98 era due to the way it takes advantage of special file names to cause the crash — something that occurred in a slightly different manner at the time.
The main thrust of the issue lies in the filename $MFT, the name of a hidden metadata file used in the NTFS filesystem. Essentially, if a bad actor uses $MFT as a directory name on a website, a browser trying to load a file in that directory will cause the PC to hang. Ars Technica explains:
Attempts to open the file are normally blocked, but in a move reminiscent of the Windows 9x flaw, if the filename is used as if it were a directory name—for example, trying to open the file c:\$MFT\123—then the NTFS driver takes out a lock on the file and never releases it. Every subsequent operation sits around waiting for the lock to be released.Forever. This blocks any and all other attempts to access the file system, and so every program will start to hang, rendering the machine unusable until it is rebooted.
With the fallout from this month's massive WannaCry ransomware attack still settling, the timing of this particular bug's discovery is likely to cause some extra concern. Microsoft has already been informed of the issue, but it's unclear when a potential fix may be rolled out.
