SQLServerCentral Editorial

A Bug or a Vandalism Opportunity

,

I hadn't heard about this problem at all until I saw a story recently. Apparently a one line command can be hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors. This command can trigger hard drive errors that corrupt the device.

Yikes. A researcher apparently has been trying to draw attention to this since August, but it has not been fixed. What is scary is that this issues can be exploited by tricking standard accounts in Windows, not just privileged ones.

However.

It's not really a big problem. I asked around and someone sent me a few links that this doesn't actually corrupt the drive, but just gets Windows to report this. In that case, this might not actually do anything, but it certainly would cause my blood pressure to rise and my heart to skip a beat. This also might be a great phishing vector.

If you get a message about corruption, check that it's actual corruption and not just the report from a shortcut or link that uses this message. Certainly, be careful about what you click.

And if you're thinking of playing a joke on someone, this isn't a good choice. This is more like vandalism than fun. I certainly wouldn't be pleased if you did this to me.

Rate

5 (1)

Share

Share

Rate

5 (1)