Detect Windows 10 blue screen error when opening a certain path
Last week, a Windows security researcher revealed two Windows 10 bugs on Twitter, which can be abused by hackers in various attacks.
The first error allows an unauthorized user or program to enter a single command causing the NTFS drive to be marked as faulty. Although the Chkdsk command solved this problem in many tests, one of the other tests showed that this Check Disk tool caused an error on the hard drive that Windows could not boot. Meanwhile, the second error causes Windows 10 to crash BSOD just by trying to open an abnormal path.
Since October, Windows security researcher Jonas Lykkegaar has tweeted several times about Windows 10 crashing and showing the BSOD instantly when typing a path into the Chrome address bar.
When developers want to interact directly with Windows computers, they can pass the Win32 device namespace path as arguments to various Windows programming functions. For example, this allows the application to interact directly with the physical disk without going through the file system
Lykkegaard found that when opening the following path in a variety of ways, even from low-privileged users, it causes Windows 10 to crash.
.\globalroot\device\condrv\kernelconnect
When connecting to this device, developers have to switch the "attach" extension attribute in order to properly communicate with the device.
Lykkegaard said that if you try to connect to the path without transferring properties due to incorrect error checking, it will cause a blue screen of death on Windows 10 (BSOD).
Worse still, low-privilege Windows users can connect to the device using this path, making any program executed on the computer easy to cause Windows 10 to crash.
In the tests that were done, the error confirmed to appear on Windows 10 version 1709 or higher. "Microsoft has pledged to customers to immediately investigate reported security issues and we will provide an update to the affected devices as soon as possible," said a Microsoft spokesperson.
While it is not yet known whether this bug can be exploited for remote code execution, in its current form it can be used as a Denial of Service attack on computer.
Lykkegaard shared a Windows URL file (.url) with an installation pointing to
.\globalroot\device\condrv\kernelconnect
Once the file is downloaded, Windows 10 will try to show the icon of the URL file from the problematic path and automatically crash Windows 10.
In the real case, this bug could be abused by threats that have access to the network and want to conceal their traces during an attack.
If they have administrator credentials, they can execute a command to access this path remotely on all Windows 10 devices on the network to cause them to crash. The destruction inflicted on a network can delay investigations or prevent administrator controls from detecting an attack on a particular computer.
In 2017, a similar attack scenario was used by threats in a bank burglary under the Far East International Bank (FEIB) in Taiwan. During that attack, the threats deployed the Hermes ransomware online to delay investigations of the attack.
You should read it
- Instructions to fix blue screen error on computer
- Who wrote the 'dead blue screen' message for Windows?
- Prevent 'blue screen errors' on Windows 8
- How to fix WHEA Uncorrectable Error on Windows 10
- Ways to fix BSOD blue screen error
- Blue screen death error has just passed 'age' 20
- Fix blue screen error on Windows
- Instructions on how to fix blue screen errors on computers running Windows
- How to fix blue screen error 0x7B INACCESSIBLE_BOOT_DEVICE after updating on Windows 10
- How to fix blue screen error when printing on Windows 10
- Microsoft confirms Windows 10 20H2 has a blue screen error and restarts by itself
- How to fix blue screen error 'Critical Process Died' in Windows 10
Maybe you are interested
How to fix the missing language bar error on Windows 11 extremely quickly
Turn off these visual effects to make Windows run smoother!
7 Ways to Customize Windows 11 Notepad
8 settings to change to make your Mac trackpad and keyboard work like Windows
How to add fonts to Word in Windows computer
How to use the file search command on Windows, find saved files