A Bug or a Vandalism Opportunity

I hadn’t heard about this problem at all until I saw a story recently. Apparently a one line command can be hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors. This command can trigger hard drive errors that corrupt the device.

Yikes. A researcher apparently has been trying to draw attention to this since August, but it has not been fixed. What is scary is that this issues can be exploited by tricking standard accounts in Windows, not just privileged ones.

However.

It’s not really a big problem. I asked around and someone sent me a few links that this doesn’t actually corrupt the drive, but just gets Windows to report this. In that case, this might not actually do anything, but it certainly would cause my blood pressure to rise and my heart to skip a beat. This also might be a great phishing vector.

If you get a message about corruption, check that it’s actual corruption and not just the report from a shortcut or link that uses this message. Certainly, be careful about what you click.

And if you’re thinking of playing a joke on someone, this isn’t a good choice. This is more like vandalism than fun. I certainly wouldn’t be pleased if you did this to me.

Steve Jones

Listen to the podcast at Libsyn, Stitcher, Spotify, or iTunes.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.