As it turned out, Windows gapes 10 since the version 1803 has a security hole that makes it possible to carry out attacks on the NTFS file system. This can result in the need to reinstall the operating system. For this, attackers do not inevitably have to gain access to their own computer. Executing a file is sufficient here. Admin rights are also not required for the attacks. Which ensures that the vulnerability is particularly dangerous.

To take advantage of the loophole, a command must be executed in the console. Windows then reports that the file or directory is damaged and unreadable. During the subsequent restart, an attempt is made to repair the affected disk using “chdsk”. In a test by colleagues from Heise, however, Windows succeeded in restoring the damaged file system. However, this was the latest Windows version including all patches.

According to the discoverer, Microsoft was informed about the vulnerability last year. So far, however, the company has not responded. Due to the increased media attention, the international hardware and software manufacturer should at least be adequately informed of the problem.

Currently there is no way to prevent an attack that exploits the said vulnerability. Users are only able to exercise particular caution and act with caution. A .URL file can also execute the aforementioned console command, but only very few Windows users should click on the corresponding files. A passive exploitation of the security gap without the user is not possible. If you don’t open or execute a file, your system shouldn’t be damaged.