Why it matters to you
The smallest bug can be exploited to torment users and if you’re still running an older version of Windows, you might be at risk.
If you’re among the holdouts still sticking with Windows Vista, Windows 7 or Windows 8.1, you should be aware of a newly discovered bug that can bluescreen your system if you happen to visit an affected website. The issue is related to the way filenames are constructed and calls to mind a similar problem that affected users in the 1990s.
Windows has long since employed several special filenames that refer to things other than individual files located on disk. The nature of these special filenames dictates that they need to be accessible from any location in the file system and they can cause the operating system to hang if they are not used properly.
The special filename at the heart of this bug is $MFT, which is the name given to a particular kind of metadata file used in Microsoft’s proprietary file system, according to Ars Technica.
$MFT is not visible under normal circumstances, the majority of software cannot access it directly, and Windows will block attempts to open the file. However, if there is an attempt to open $MFT as if it were a directory, a Windows driver will enforce a lock on the file that will never be released.
All attempts to access the file system will be blocked as a result, which will cause problems for any active applications. The computer might not necessarily bluescreen, but it will not be good for much until you reboot it.
Including a dodgy filename as an image source on a web page can successfully trigger the bug on a visitor’s computer. Some browsers are unaffected, as they don’t offer the ability to access local system resources in this manner — but apparently, Internet Explorer has no such restrictions and, as such, can be targeted quite easily.
Window 95 and Windows 98 were affected by a similar issue relating to special filenames that referred to hardware devices. Windows 10 is seemingly unaffected by the new iteration of the bug.