Security News > 2021 > February > Microsoft fixes the Windows 10 console driver crash bug
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.
Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.
A lack of error checking allowed you to access the path without the attribute and crash Windows.
As part of the February 2021 Patch Tuesday, Microsoft has fixed this bug and tracking it as CVE-2021-24098, with a description of 'Windows Console Driver Denial of Service Vulnerability.
When we attempted to assign the path to the f: drive using the 'net use' command, Windows 10 no longer crashes.
BleepingComputer strongly recommends that Windows 10 users install the latest Windows 10 updates to fix this bug.
News URL
Related news
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Windows 10 KB5035941 update released with lock screen widgets (source)
- Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors (source)
- Recent Windows updates break Microsoft Connected Cache delivery (source)
- Windows 10 KB5036892 update released with 23 new fixes, changes (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft now testing app ads in Windows 11's Start menu (source)
- Microsoft lifts Windows 11 block on some Intel systems after 2 years (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-25 | CVE-2021-24098 | Unspecified vulnerability in Microsoft products Windows Console Driver Denial of Service Vulnerability | 5.5 |