Windows NTFS Bug Squashed by Third Party

For those who are unaware, there has been an ancient lingering bug within the Microsoft Windows NTFS file system wherein a user’s hard disk can be corrupted just by running a one-line command. Users, tech-savvy enough with throw-away systems can try it, while ordinary users can be targeted by malicious actors with too much free time. While Microsoft has yet to issue an official fix to this bug, fortunately, a third-party has issued a temporary open-source fix.

This NTFS bug is deemed critical because if anyone manages to download a shortcut file containing the command, and Windows File Explorer so much as ‘looks’ at its icon, their hard disk volume will be marked as corrupted, prompting Windows to run the chkdsk utility and reboot several times. Not everyone gets lucky to get their system back. Hence, it is very critical for Windows users to run this very important fix from software development company, OSR, which specializes on Windows internals.

“…We also have a system here at OSR that will no longer boot after running a second chkdsk while playing with this. Between the ugly warning and the broken system here we think it’s worth mitigating until there’s a real fix released,”

— OSR

The fix is an NTFS filter driver that looks for any command that starts with “:$i30:” and blocks it before the bug can be triggered. The driver can be found in OSR’s Github page . Users will need to run a command prompt as Administrator for it to install. First extract the files and navigate to the extraction folder and run the following:

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 .\i30flt.inf

wevtutil im i30flt.man

fltmc load i30flt

Since this is unofficial, using this might cause some side-effects on some systems. The following command removes it when Microsoft’s official fix becomes available. Until then, it’s best to install it and keep it.

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 .\i30flt.inf