Windows 10 seems to be full of hidden glitches. Last week we collected the bug that corrupted the MFT tables of a hard drive’s storage system, generating the disk repair every time Windows 10 was started. Now, another new bug directly generates a blue screen in the operating system.
The discoverer of the flaw is the same security researcher who found the previous one that affected NTFS storage drives. This researcher, named Jonas Lykkegaard, has been warning of this failure since October, but Microsoft has not yet resolved it.
This path generates a BSOD in Windows 10
When a developer wants to interact with Windows devices directly, they can use a path as an argument when programming functions. Thanks to this, it is possible to make an application interact directly with a storage unit without opening the file management system.
After testing with this feature, he discovered that the command ” .globalrootdevicecondrvkernelconnect ” (without the quotes) can generate a blue screen when run from applications such as Google Chrome, as seen in the following image.
When we connect to a device using this command, the system expects to receive information in the form of an attribute to communicate correctly with the device. However, if you run the command without the attribute, it will immediately generate a blue screen . This command can be executed even by Windows 10 users with a low level of permissions, so any program on the computer can execute this command.
Microsoft has not yet fixed the bug
The bug affects versions of Windows 10 after 1709 . Microsoft is currently investigating the bug. It is not known if the flaw can be exploited remotely or if it can allow escalation of privileges. What is clear are the effects it can have on a computer, causing it to hang completely.
Its discoverer has created a file capable of generating a blue screen in Windows 10 just by downloading it. The key, as with the failure of hard drives, is to put the command that generates the blue screen in the path of the icon. So when you download the file, Windows 10 will try to render the icon to display it, but will automatically execute the path instead.
From Bleeping Computer they affirm that they have also managed to find a method that allows generating blue screens even on the login screen as soon as Windows 10 starts up. Furthermore, in another easily replicable scenario, the failure can be abused by attackers who have access to a network and want to leave without a trace. If they have administrator credentials, they can remotely run the command for all Windows 10 devices that are connected to a network, causing them all to hang.