fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Windows 10 NTFS Corruption Bug Gets Unofficial Temporary Fix

Windows 10 NTFS Corruption Bug Gets Unofficial Temporary Fix

Developers have released an unofficial fix for a Windows bug that could lead to the corruption of an NTFS volume by merely viewing a specially crafted file.

Earlier this month, BleepingComputer reported that a Windows 10 bug was discovered by security researcher Jonas Lykkegaard that allows non-privileged users to mark an NTFS volume as dirty.

Once the volume is marked as dirty, Windows would display an error stating that the drive was corrupted and prompt the user to reboot the computer to run chkdsk and fix the corruption.

For most people, Windows would run chkdsk, and the operating system would boot like normal soon after. Unfortunately, in a test by BleepingComputer, even after running chkdsk, the operating system would not start properly.

BleepingComputer later learned that this bug also affected older versions of Windows, including Windows XP.

To make matters worse, BleepingComputer created a specially crafted file that would automatically trigger the bug when you attempt to access it in Windows.

Third-party fix released for NTFS bug

OSR, a software development company specializing in Windows internals, has released an open-source filter driver that prevents the NTFS bug from being abused while waiting for an official fix from Microsoft.

Also Read: The Importance Of Knowing Personal Data Protection Regulations

This filter driver, called ‘i30Flt’, will monitor for attempts to access streams beginning with “:$i30:”, and if detected, block them before they can trigger the bug.

“OSRDrivers/i30Flt: This is a simple filter that will block any attempt to access streams beginning with “:$i30:”. This stops the spurious corruption warning triggered on certain Windows 10 versions. (github.com),” stated OSR in a blog post about this bug.

Like BleepingComputer, when OSR was playing with this bug they encountered a system that would no longer boot after running chkdsk.

“We also have a system here at OSR that will no longer boot after running a second chkdsk while playing with this. Between the ugly warning and the broken system here we think it’s worth mitigating until there’s a real fix released.” – OSR

To install the driver, download it from the project’s GitHub page, open an elevated command prompt, and then navigate to the folder you extracted the files.

Once in the folder with the files, you can run the following commands to install the driver.

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 .\i30flt.inf

wevtutil im i30flt.man

fltmc load i30flt

After installing the driver, it is not necessary to reboot Windows.

Once OSR’s driver is installed, if it detects an attempt to access a path containing “$i30:”, it will block it and generate an event log, as shown below.

Event created by filter drive

As Microsoft has told BleepingComputer that they plan to fix this bug, once it is patched, you can remove the filter driver using the following command:

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 .\i30flt.inf

As illustrated below, if the bug is not fixed and you uninstall the driver, the bug can instantly be used to mark a drive as corrupted.

Uninstalling the filter driver

Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way

It is unknown when Microsoft plans to fix this bug, so if you are concerned threat actors could abuse it on your computer, this is a good alternative while you wait.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us