[mittensc]

> The attack works by having an NTFS log get replayed against another partition than the one the log is stored on.

Obfuscated enough to pass internal reviews, sloppy enough to make it look like a bug.

Other reply makes it even more suspicious... change is new in a subsystem that hasnt been updated in a long tine and it's only present in recovery mode files.

Microsoft handle of this also screams it's not a regular bug and they're likely investigating or someone is trying to cover their ass.

What's even more troubling is that the fix would be a very simple/quick rollback of the change that introduced this... and that they haven't done that is interesting.