Security News > 2021 > February > Microsoft fixes Windows 10 bug letting attackers trigger BSOD crashes
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.
Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.
A lack of error checking allowed you to access the path without the attribute and crash Windows.
As part of the February 2021 Patch Tuesday, Microsoft has fixed this bug and tracking it as CVE-2021-24098, with a description of 'Windows Console Driver Denial of Service Vulnerability.
When we attempted to assign the path to the f: drive using the 'net use' command, Windows 10 no longer crashes.
BleepingComputer strongly recommends that Windows 10 users install the latest Windows 10 updates to fix this bug.
News URL
Related news
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft shares more details on Windows 11 admin protection (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Microsoft confirms game audio issues on Windows 11 24H2 PCs (source)
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs (source)
- Windows 10 KB5046714 update fixes bug preventing app uninstalls (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-24098 | Unspecified vulnerability in Microsoft products Windows Console Driver Denial of Service Vulnerability | 0.0 |