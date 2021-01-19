A new bug was discovered in Windows 10 and can cause the famous blue screen of death (BSOD). The critical error can occur in some situations – such as when trying to open a specific path in the browser’s address bar. Information is from the website Bleeping Computer, who last week reported another flaw responsible for corrupting the system with just one command.

The problem was discovered by security researcher Jonas Lykkegaard in October 2020. He made some alerts in his Twitter profile about a Win32 device namespace path that caused an immediate system crash when it was entered in the Google Chrome address bar, resulting in blue screen (BSOD).

This type of path is used when developers want to interact directly with Windows devices. It is a solution that can allow, for example, an application to interact with a physical disk without going through the file system.

The point is that, when opened in several different ways, the command causes Windows to crash. To escape the problem, developers should pass on the extended attribute “attach” to suit the device – which is not the case due to failure in error checking.

Apparently, the bug is associated with a namespace path for a console multiplexer driver, and can even be accessed by accounts with low privileges, which makes the system more vulnerable.

Command could help attackers cover their tracks

It is not yet clear whether remote command execution is possible, but there is potential for the breach to be exploited by hackers as part of a denial of service attack – that is, during an attempt to make system resources unavailable. By causing the BSOD error, the attacker could hinder the investigation by covering the traces of the main attack.

However, it is unlikely that you, as an ordinary user, will have problems with something similar. This type of threat was used to assault the Far Eastern International Bank in Taiwan a few years ago – and would likely offer greater risk to large companies (who are more likely to become targets of such schemes). In any case, there is no report on this flaw being explored so far.

Microsoft promises fixes

According to Bleeping Computer, the bug is present in Windows 10 version 1709 or later, and Microsoft is already aware of the problem. The company said, in a standard note, that it “has a commitment to the customer to investigate reported security issues”, and promised updates to the affected devices “as soon as possible”.

With information: Bleeping Computer