The bug about the Security Descriptor is confirmed by PSS. Upon the bug is in the place, the following actions must be performed:
1/Stop the bleeding: new version of ntfs.sys
2/Launch MS internal Tool: CorrectSD. It will dump all impacted files and their security descriptor.
3/backup file system
4/Fire up a chkdsk /F. All impacted files will have their Security Descriptor reset to default.
5/Launch the CorrectSD Tool in modify. It will put back the good Security Descriptor.
The Bug should appear with 4 Millions files on the FS or MFT bigger than 4GB.
We have the bug with 1,5 Millions's files. This may come from a high activity on the FS (defrag during working hours, as we did with O&O).
We have planned these actions on saturday, i will keep you in touch.
ps: CorrectSD is an internal tool from MS. Ask me by mail if you would like it.