Home Technology Windows 7 And Windows 8.1 PCs At Risk From Another Bug

Windows 7 And Windows 8.1 PCs At Risk From Another Bug

When you purchase through our sponsored links, we may earn a commission. By using this website you agree to our T&Cs.

If you have a PC that’s still running Windows 7 or Windows 8.1, there’s another bug you should watch out for. This bug isn’t like WannaCry because it isn’t ransomware, but unfortunately it sounds very easy for PCs to be affected by it. All you have to do is visit a website with a particular form of malicious code. It’s certainly not a good time to be running a Windows 7 machine, given that it was also the version that was most affected by WannaCry.

How the new Windows 7 and Windows 8.1 bug works

Ars Technica equates this new bug with bugs that were pretty common during the days of Windows 95 and 98. All it took was filenames that were written in such a way that those with nefarious intents could easily launch an attack on someone’s PCs. All they had to do was use a particular filename as an image source, and then when the browser tried to access the bad file, the PC would crash.

In this case, the bug is targeting machines that are running on Windows 7 and Windows 8.1. The bug initially slows down the computer and eventually causes it to crash. Malicious website operators just load an image file that has “$MFT” in the directory path. “$MFT” is used for certain metadata files that the Windows NTFS filesystem uses, but unfortunately, Windows 7 and Windows 8.1 don’t handle this particular directory name correctly.

Reproducing the bug

The Verge was able to reproduce the problems caused by the bug on a computer that was running Windows 7 using Internet Explorer. They tested a filename with “$MFT” included in it, and it caused the PC to slow down until they had to reboot it in order to get it working again. In some cases, the computer may throw up the dreaded blue screen of death eventually. Windows 10 PCs appear to be immune to it, and some browsers will attempt to block access to local resources, although Internet Explorer isn’t one of them.

The folks at Ars Technica said they weren’t able to recreate the problem remotely, like by sending IIS a request for a bad filename. However, they added that it’s possible some configurations or “trickery” could cause the same issues.

Apparently, Microsoft has been informed of the problem, although it’s unclear when the company will address the issue. It probably has had its hands full with the WannaCry crisis, but appears to have caused much bigger problems than this one is causing.

Our Editorial Standards

At ValueWalk, we’re committed to providing accurate, research-backed information. Our editors go above and beyond to ensure our content is trustworthy and transparent.

Michelle Jones

Want Financial Guidance Sent Straight to You?

  • Pop your email in the box, and you'll receive bi-weekly emails from ValueWalk.
  • We never send spam — only the latest financial news and guides to help you take charge of your financial future.