"bypassing Defender is not crossing a security boundary." — Microsoft
How NTFS junctions can be weaponized: GhostBranch and GhostTree
NTFS junctions and symbolic links are benign file-system features that let a directory point to another so the operating system treats the target as if it were local. Creating one requires no administrator privileges and only write access to the target folder. The command shown in the reporting creates a junction in CMD:
mklink /J C:\LinkToFolder C:\TargetFolder
Researchers showed that by pointing a junction back at its own parent directory an attacker can form a logical loop. In the simpler variant, called GhostBranch, a child folder is linked to its parent:
mklink /J C:\Parent\Child C:\Parent
Because the child contains everything the parent does — including the child itself — the same file can be reached via an effectively unlimited number of valid paths (for example, C:\Parent\Child\Program.exe and C:\Parent\Child\Child\Program.exe).
GhostTree expands the problem into an enormous path space
GhostTree builds on GhostBranch by creating multiple child junctions that all point back to the parent. The example uses two children, Child1 and Child2:
mklink /J C:\Parent\Child1 C:\Parent mklink /J C:\Parent\Child2 C:\Parent
Because each level of the path can use either child, the set of distinct valid paths grows exponentially. Practical limits are set by Windows path-length constraints: traditional Windows enforces a 260-character maximum path length, while NTFS itself can support up to 32,767 characters if a registry key is changed. Even with the shorter 260-character limit, GhostTree can create roughly 126 levels of depth; with two choices per level the number of distinct paths is about 2^126, a number the researchers calculate at approximately 8.5 × 10^37.
Why defenders' recursive scans can hang
The recursive loops GhostTree produces defeat tools that scan directories by following paths. Command-line recursive directory listings and many agent-based endpoint detection and response (EDR) products can become stuck following the loop and never finish, leaving malicious files in the parent directory unexamined. The researchers tested the technique against Windows Defender and confirmed it could be used to evade folder scans.
The reporting cautions that endpoint scanning is only one defensive layer; monitoring file-system activity at the data layer can surface anomalous junction creation and recursive directory structures that are unlikely to appear in normal operations.
Microsoft response and remediation
Researchers reported the issue to Microsoft. According to the record, Microsoft closed the ticket with the explanation, "bypassing Defender is not crossing a security boundary." The researchers report that the issue was subsequently patched regardless.
What this means for technologists and security teams, procurement and enterprise leaders, and end users
- Technologists and security teams: Be aware that any user with write access can create junctions that form recursive loops. Relying solely on recursive folder scans can produce blind spots; the researchers recommend monitoring for anomalous junction creation and recursive directory structures at the data layer.
- Procurement and enterprise leaders: EDR and scanning tools vary in how they handle reparse points and long paths. The incident highlights the value of layered controls and verification that chosen tools detect or mitigate recursive-junction abuse.
- End users and administrators: Simple commands such as mklink /J can be used without elevated privileges to create dangerous directory loops; administrators should limit write access where possible and monitor unexpected directory-reparse activity.
Small, long-standing operating-system features can be repurposed into outsized problems. As the researchers put it, "Techniques like GhostTree are a reminder that endpoint scanning is only one layer of defense." Detecting and responding to this technique requires attention to file-system behavior and controls that do not rely solely on depth-first recursive scans.
