Skip to main content

Look out! This short Windows 10 command can trash your hard drive [updated]

A laptop with its screen exploding, viewed from the side.
(Image credit: Iaroslav Neliubov)

UPDATED with comment from Microsoft.

Heads up: There seems to be an unpatched flaw in Windows 10 that can corrupt a hard drive with a short, simple, single-line command.

So says Twitter user @jonasLyk, who claims that the command can instantly trash any drive using Microsoft's preferred NTFS file format, even if the command is invoked by a limited-user Windows account without administrative privileges. 

Even worse, the flaw might easily be exploited by malicious hackers and embedded in email attachments, video files or even web pages. 

See more

Just opening the file or page would crash your PC, and it's not clear if the hard drive could always be recovered. It's possible that just viewing a specially formatted icon would also trigger the flaw.

Will Dormann, an information-security expert at the government-funded CERT Coordination Center in Pittsburgh, confirmed the flaw is real. 

See more

Bleeping Computer replicated the flaw and even posted a video of it rendering the C, or main, drive unreadable on a virtual PC. The virtual machine in the video was unable to restore the drive, even after several reboots. 

Bleeping Computer said that in some cases the chkdsk (Check Disk) utility was able to repair the drive. But in other cases the disk's master file table (MFT), an index of all the files on a drive, would be corrupted along with the files. You'd likely need third-party software to fix that.

How to avoid this attack

To avoid attacks using this flaw, you could change your PC's hard drives to the FAT32 file format, the same file format used by USB flash drives, SD cards and other kinds of removable storage. Doing so would be a huge pain in the neck, as you'd have to first back up and then essentially rebuild your system.

You could also be safe if you're still running Windows 10 version 1709, released in October 2017, or earlier. The flaw affects all builds of Windows 10 from version 1803 onward, @jonasLyk told Bleeping Computer, which Dormann confirmed.

It's not clear why this specific command borks hard drives. None of the elements of the command are anything special or uncommon, and it'd be familiar to many Windows users who often get into the command-line interface. 

The only reason this flaw may not have been discovered before is because the active command might not normally be paired with the specified implementation.

"I have no idea why it corrupts stuff and it would be a lot of work to find out," @jonasLyk told Bleeping Computer. "I'll leave it to the people with the source code," i.e., Microsoft.

We're not going to tell you what the command is because we don't want you trying this at home. But if you have a virtual machine, you can find the command in Bleeping Computer's story. Be careful.

Tom's Guide has requested comment from Microsoft about this issue, and we will update this story when we receive a reply.

Update: Microsoft responds

Following our query, a Microsoft spokesperson provided us with this statement:

"We are aware of this issue and will provide an update in a future release. The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers. More information on staying safe online is available at https://www.microsoft.com/en-us/digital-skills/online-safety-resources."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.