A new file name issue that can crash and lock up the entire operating system has been discovered in three current versions of Windows. The bug is mostly pesky and annoying instead of dangerous, and it resembles file name issues that were common in the Windows 95 and Windows 98 eras.
According to a report published by tech news website Ars Technica, a Russian information security firm found the bug in May 2017. The problem can be traced to a Windows feature that reserves the use of certain names that can only be assigned to system files or processes. The file name in question is $MFT, and it is used by Windows to designate a special file created by the NTFS system used to format the hard drive.
Files named $MFT by Windows cannot be accessed by regular means; for example, a Windows 8.1 user would not be able to click on the file or folder icon using an explorer utility, but this limitation does not extent to the command line or to creating a directory using that unique file name. Should $MFT be accessed from the command line, the NTFS driver would become confusedly stuck on a loop that effectively locks up the file system. At some point, the desktop either freezes or the blue screen of death appears and a reboot of the system would be required.
The problem has been recreated in desktops, laptops and even tablets running Windows 8.1. There were initial concerns about whether the bug could be exploited by remote means; thankfully, initial attempts were not successful. This does not mean that pranksters and hackers cannot take advantage of this issue; all it takes would be malicious script that prompts code execution to open the file.
It is interesting to note that Windows 95 and Windows 98 had a similar issue; in those operating systems, the offending file name was CON, which was reserved for console environment drivers. Years ago, the CON file name bug was exploited by pranksters who concealed code within digital images. This is not an issue in Windows 10, and it will not affect computers or tablets protected by antivirus shields that interact with web browsers since loading local resources is often blocked for security reasons.