Did you know a website having an image directory with name $MFT can crash your PC? This peculiar bug was reported by a Russian website Habrhabr.ru. The bug was first identified by Ars Technica, a website that publishes news and opinions on technology. According to the report released, this bug affects older PCs running on Windows Vista, Windows 7 or Windows 8. Windows 10 users need not worry as the bug does not affect the latest operating system.
How does this bug work?
Windows has several filenames in the system directory that are “special” as they do not refer to any file; they represent hardware devices. According to experts, the four characters “$MFT” refers to Master File Table in a Windows PC and the operating system expects to see this character string only in the special metadata file in your computer that is used by NTFS.
When the operating system finds the $MFT characters as a directory name in a website, the NTFS (file system) locks the files you are trying to access from the $MFT directory. According to researchers, the file that you are trying to access from the $MFT directory is locked forever.
When you try to create files or read a volume of files, NTFS attempts to capture the ERESOURCE $MFT file. When you try to access any other file on the website from the browser, the computer blocks access to local resources as it is waiting for the NTFS to release the locked file from the $MFT directory which never happens. This causes every program to hang which slows down the PC and causes the computer to hang or freeze. In some cases, the $MFT bug might also cause the BSOD (Blue Screen of Death) error.
Microsoft has been informed about this bug, but the company has not released any security patch to fix this vulnerability yet. Though it is not known whether it is possible to emulate the process remotely by sending IIS a remote request for the bad file name, you can stay safe by using a Chrome browser which blocks access to images with malformed pathnames.