A new bug has been discovered in Windows 10 and it can cause the notorious blue screen of death (BSOD). Serious errors can occur in some cases – for example, when trying to open a specific path in the browser’s address bar. Information taken from the website Bleeping calculator, in the last week reported another bug causing system failure with just one command.
The incident was discovered by security researcher Jonas Lykkegaard in October 2020. He issued several warnings in his Twitter profile about the Win32 device namespace path causing an immediate system crash. ie when it is entered into the Google Chrome address bar, resulting in a blue screen (BSOD).
This type of path is used when developers want to interact directly with Windows devices. It is a solution that could allow, for example, an application to interact with a physical disk without going through the file system.
The problem is, when opened in a variety of ways, this command causes Windows to crash. To get rid of the problem, developers should pass the “attached” extension attribute to the device – this doesn’t happen due to failure checking.
Obviously, the error is related to the namespace path for the console multiplex driver and can even be accessed by low-privileged accounts, which makes the system vulnerable to attack. than.
Commando can help attackers hide their tracks
It is not yet clear if it is possible to remotely execute the command, but it is likely that the hacker exploited the breach as part of a denial of service attack – meaning in an attempt to make system resources unavailable. . By causing a BSOD error, an attacker can impede the investigation by concealing the main attack.
However, it is unlikely that you, as a regular user, will have a problem with something similar. This kind of threat was used to attack the Far East International Bank in Taiwan a few years ago – and will likely pose greater risks to large companies (who are more likely to become targets of such conspiracies). In any case, no reports of this vulnerability have been discovered so far.
Microsoft promised to fix it
Based on Bleeping calculatorThis error appeared in Windows 10 version 1709 or higher, and Microsoft is aware of the issue. The company said, in a standard note, that “it is committed to customers to investigate reported security issues” and promised to update the affected devices “as soon as possible. “.
With information: Bleeping calculator