New bug allows websites to crash Windows 7 or Windows 8 PCs
It’s been a bad month for Windows 7 users. The widespread WannaCry ransomware hit mostly Windows 7 machines, and now a new bug has been discovered that will slow down and crash Windows 7 and Windows 8 PCs. Ars Technica reports that the bug allows a malicious website to try and load an image file with the “$MFT” name in the directory path. Windows uses “$MFT” for special metadata files that are used by NTFS file system, and Windows 7 and Windows 8 fail to handle this directory name correctly.
The Verge has successfully tested the bug on a Windows 7 PC with the default Internet Explorer browser. Using a filename with “c:$MFT123” in a website image, our test caused a machine to slow down to the point where you have to reboot to get the PC working again. Some machines may even bluescreen eventually, as the file system locks to that file and all other apps are unable to access files. The strange bug doesn’t affect Windows 10 users, and it’s similar to an old problem in Windows 95 and Windows 98 where references to “c:concon” would crash a machine.
The NTFS bug appears to have been discovered earlier this week, and has been reported to Microsoft. It’s not yet clear when Microsoft will deliver a fix for the problem, but it affects Windows Vista (which is unsupported), Windows 7, and Windows 8 machines.
August 16, 2017