This Weird Web Page Glitch Could Crash Your Windows Computer – Forbes
A new vulnerability has been discovered on computers that run Windows Vista, Windows 7 and Windows 8.x. While it won’t allow an attacker to hijack your computer to mine cryptocurrency or encrypt your files and hold them for ransom, it could cause you some serious headaches.
Exploiting the bug is actually incredibly simple, too. All it takes is a few characters ($MFT) inserted into the code of a web page. When a vulnerable Windows system accesses the page, performance will start to gradually degrade until it’s unusable — or in some cases throws up the dreaded blue screen of death.
How is it that a dollar sign and three letters can bring a computer to a screeching halt? It has to do with the master file table, perhaps the most important file on many Windows systems’ hard drives. It contains information about all the files you see in Windows Explorer — what folders they’re saved in, where they reside physically on the hard drive, access permissions, and timestamps (including when files are created, edited, and accessed).
As Ars Technica explains, the $MFT string is reserved for system use. When a web page tells a web browser to look for an image at, say, c:$MFTS (one that’s willing to look for images on a local drive, at least), Windows locks the filesystem. That prevents any apps that are running from accessing data on the hard drive and the real fun begins.
Fortunately the worst that’s going to happen is that you’ll lose some unsaved work and a bit of time. It’s also quite easy to get your system running normally again if you fall victim: all you need to do is reboot. Just remember that if your browser set to re-open your previous browsing session that you’re going to walk straight into the trap again.
I’ve reached out to Microsoft for comment regarding the bug and will update this post with the company’s response.