Security researcher Jonas Lykkegard has published details of a bug that affects several versions of Windows 10 (including the current 20 H2) and possibly server – Operating system versions concerned. The error ensures that calling up a certain file path, for example in the address bar of a web browser, causes a blue screen. Administrator rights are not required to trigger the error.

Lykkegard is the same researcher who recently pointed out a vulnerability that was found under Windows 10 (unchanged so far) allows attacks on the NTFS file system. As with the first vulnerability, Lykkegard publicly pointed out the current problem last October via Twitter, without Microsoft having reacted to it immediately.

The reaction only took place now: At the request of IT News website Bleeping Computer announced to Microsoft that they are investigating the security issues and will provide updates for “affected devices” as soon as possible. Even the wording of the statement agrees with the statement on Lykkegard’s first publication: “Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible.”

Blue screen by entering the path Windows 10 supports API calls for which software developers have a path in Win 32 – Use the device namespace as an argument to communicate directly with devices such as a hard drive. Lykkegaard has now noticed that opening the following path directly, for example in the browser, many Windows – 10 – crashes systems ( we strongly advise against trying this out ):

\. globalroot device condrv kernelconnect The path points to the device name of the “console multiplexer driver”; Lykkegaard taps that it will be used for kernel / user mode interprocess communication (IPC). Details on how the crash came about are not yet known.

You can view the result of the entry in the browser here (instead of on your own system).

(Image: screenshot)

Affected and unaffected Windows versions The Bleeping Computer team wants the bug on Windows 10 Systems from version 1709 to the current 20 H2 have reproduced. The author of the present message, however, was able to detect the error in a virtual machine with Windows 10 Per version 1709 with an older patch status do not trigger – neither in Legacy Edge nor in Internet Explorer 11 or in Google Chrome 86. The path was rejected as invalid in each case. Author’s tests with Google Chrome and Chromium Edge on the current Windows 10 20 H2 on the other hand reliably triggered the blue screen. This also worked in remote desktop sessions.

In the author’s blog, a reader confirmed that to have triggered the bug under Windows Server 2019. The author also has a report from a reader via social networks who also found the Blue Screen of Death under Windows 10 1507 LTSC could trigger.

The author of this article also carried out a test under Windows 7 SP1 with an ESU license and the latest patch status. Here, too, the path specification was rejected as invalid.

Possibility of attack via shortcut here too The possibility of causing vulnerable systems to crash could be misused for denial-of-service attacks. Similar to the case of the NTFS bug, Lykkegard also pointed out that this second vulnerability could be attacked using a specially prepared URL shortcut (links with .url ending).

The principle behind it: The The attacker creates such a shortcut and specifies the problematic path as the path to load the shortcut icon. In the next step, the user has to be moved to download the shortcut, which could be hidden in an archive, for example. As soon as the user then navigates to the location of the shortcut, the system tries to load the icon and access the path, which in turn triggers the BSOD. As with the NTFS bug, the best defense against such attacks is a healthy mistrust and caution when downloading online content.

(ovw)