Security News > 2021 > February > Microsoft fixes Windows 10 console bug leading to blue screens
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.
Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.
A lack of error checking allowed you to access the path without the attribute and crash Windows.
As part of the February 2021 Patch Tuesday, Microsoft has fixed this bug and tracking it as CVE-2021-24098, with a description of 'Windows Console Driver Denial of Service Vulnerability.
When we attempted to assign the path to the f: drive using the 'net use' command, Windows 10 no longer crashes.
BleepingComputer strongly recommends that Windows 10 users install the latest Windows 10 updates to fix this bug.
News URL
Related news
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- Microsoft rolls back decision to stop Windows 11 22H2 preview updates (source)
- Windows 10 KB5034843 update released with 9 new changes, fixes (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Windows 10 KB5001716 update fails with 0x80070643 errors, how to fix (source)
- Windows 10 KB5035845 update released with 9 new changes, fixes (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)
- Microsoft announces deprecation of 1024-bit RSA keys in Windows (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-25 | CVE-2021-24098 | Unspecified vulnerability in Microsoft products Windows Console Driver Denial of Service Vulnerability | 5.5 |