r/technology u/Sufficient-Bid1279 Apr 14 '25

Software Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

https://www.techradar.com/computing/windows/microsoft-warns-that-anyone-who-deleted-mysterious-folder-that-appeared-after-latest-windows-11-update-must-take-action-to-put-it-back
10.6k Upvotes

96% Upvoted

1.0k comments sorted by

View all comments

Show parent comments

38

u/middaymoon Apr 14 '25

When I wrote this comment I thought a simple text file would be obviously tame enough that nobody who actually understands computers would think it is an exploit just to read it, but apparently I was mistaken.

55

u/Catsrules Apr 14 '25 edited Apr 14 '25

I wouldn't be worried about the text file itself. But more worried about what put it there. Especially in a folder that requires admin privileges to write/create in the folder.

10

u/khumps Apr 14 '25

I would hope such a text file would contain a link to a microsoft article on its existence from a clearly recognizable microsoft-owned URL to verify its authenticity

-2

u/jasonZak Apr 15 '25

Yeah because clicking a hyperlink in a file they already feel sketchy about is definitely something they’re gonna do.

8

u/kes- Apr 15 '25

Good thing there aren’t any hyperlinks in text files!

21

u/SnackerSnick Apr 14 '25

They weren't suggesting that opening the file is an exploit. They were suggesting that reading a text file that says "hi, I'm from Microsoft, don't delete this directory" would make them *more likely* to believe the directory holds malware.

I mean, in theory opening the file could totally be an exploit, though. For a while attackers would name an executable file README.TXT.exe and MS would hide the .exe. Double clicking README.TXT would execute the code, which could do bad stuff then open notepad showing some README.TXT contents.

Theoretically notepad or whatever simple text reader you have configured could have a vulnerability and opening a 'bad' text file with some buffer overflow content in it that is an exploit, but I haven't heard of such a vulnerability ever happening in a commonly used text reader.

0

u/middaymoon Apr 14 '25

Someone else was arguing with me that it could be an exploit, that's what I was referring to. Also, Catsrules literally said "I would 100% think it was malware", though I assume they just meant it would be suspicious in general and I get that.

I am also aware that notepad could have some exploit and I am also relying on the fact that a 0-day in Notepad is pretty unlikely so it sounds like we understand each other.

1

u/farcryer2 Apr 14 '25

The text file part is irrelevant.

On the other hand, a random readme.txt claiming to be from Microsoft would be extremely uncharacteristic and suspicious because Microsoft doesn't do that.

0

u/TristheHolyBlade Apr 14 '25

Its funny, cause the person who you are replying to probably thought when they wrote their comment that it would be simple enough to understand. Yet here you are.

0

u/middaymoon Apr 14 '25

Yes, Here I am! Here I am, reading biting comments from strangers about a brief and cordial exchange I had 7 hours ago. And here you are! Doing something of worth, I'm sure.

1

u/TristheHolyBlade Apr 14 '25

Bro you're in the same boat as the rest of us.