Security News > 2021 > February > Microsoft fixes the Windows 10 console driver crash bug

Microsoft fixes the Windows 10 console driver crash bug
2021-02-10 08:30

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.

Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.

A lack of error checking allowed you to access the path without the attribute and crash Windows.

As part of the February 2021 Patch Tuesday, Microsoft has fixed this bug and tracking it as CVE-2021-24098, with a description of 'Windows Console Driver Denial of Service Vulnerability.

When we attempted to assign the path to the f: drive using the 'net use' command, Windows 10 no longer crashes.

BleepingComputer strongly recommends that Windows 10 users install the latest Windows 10 updates to fix this bug.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-the-windows-10-console-driver-crash-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-25 CVE-2021-24098 Unspecified vulnerability in Microsoft products
Windows Console Driver Denial of Service Vulnerability
local
low complexity
microsoft
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774