A bug in Windows 10 causes the OS to crash with a blue screen of death (BSOD) if the user tries to open a specific path in the address bar of the browser or uses other Windows commands.
Last week, Twitter posted messages from a security researcher about two vulnerabilities in Windows that could be exploited by cybercriminals in different attacks.
The second bug can cause a blue screen of death when trying to open an unusual path.
Since October last year, security researcher Jonas Lykkegaard has repeatedly written about a path that immediately crashes Windows 10 and displays a blue screen of death after entering into the address bar of a browser (for example, Chrome),.
When developers want to interact with a Windows device directly, they can pass the Win32 device namespace path as an argument to various Windows software functions. This allows the application, for example, to interact directly with the physical disk, bypassing the file system.
Opening the path in various ways by a user, even with a low privilege level, can cause Windows 10 to shutdown:\\.\Globalroot\device\condrv\kernelconnect.
When connecting to a device, developers pass the extended attach attribute to correctly communicate with it.
As Lukkegaard discovered, when trying to connect to a path without passing an attribute, due to incorrect error checking is thrown an exception causing a blue screen of death. To make matters worse, low-privileged Windows users can try to connect to the device using this path, thereby allowing any program running on the computer to cause Windows 10 to crash.
Let me remind you that recently Google Project Zero discovered a 0-day vulnerability in the Windows kernel.