Buzz
Last week, a Windows security researcher disclosed two Windows 10 vulnerabilities on Twitter, which could be exploited by hackers in various cyber assaults.
First glitch allows users or programs without permission to execute a single command, leading to NTFS drive corruption. Although the Chkdsk command has addressed this issue in numerous tests, another test revealed that this Check Disk tool caused hard drive errors, rendering Windows unable to boot. Meanwhile, the second bug triggers Windows 10 BSOD just by attempting to open an abnormal path.
Since October, Windows security researcher Jonas Lykkegaar has tweeted multiple times about Windows 10 encountering issues and instantly displaying BSOD when entering a path into the Chrome address bar.
When developers wish to directly interact with Windows computers, they may switch the Win32 device namespace path as an argument for various Windows programming functions. For instance, this allows applications to interact directly with physical disks without traversing the file system.
Lykkegaard discovered that opening the following path in various ways, even from users with low privileges, would still cause Windows 10 to encounter issues.
<\.globalrootdevicecondrvkernelconnect>
When connecting to this device, developers must switch the 'attach' extended attribute to communicate with the device properly.
Lykkegaard noted that attempting to connect to the path without switching the attribute due to improper error checking would result in a catastrophic Blue Screen of Death (BSOD) on Windows 10.
Worse still, Windows users with low privileges can connect to the device through this path, making any program executed on the computer easily crash Windows 10.
In conducted experiments, the confirmed issue has been identified on Windows 10 version 1709 and above. A Microsoft spokesperson stated: 'Microsoft is committed to promptly investigating reported security issues and we will provide updates for affected devices as soon as possible.'
While it's yet to be determined if this issue could be exploited to execute remote code, in its current form, it could be used as a Denial of Service (DoS) attack on a computer.
Lykkegaard shared a Windows URL (.url) file pointing to <\.globalrootdevicecondrvkernelconnect>. When the file is downloaded, Windows 10 will attempt to display the icon of the URL file from the problematic path and automatically crash Windows 10.
In a real-world scenario, this flaw could be exploited by threat actors with network access and a desire to cover their tracks in an attack.
If they have administrator login credentials, they can execute a command to access this path remotely on all Windows 10 devices on the network to cause them to crash. The network disruption could delay investigations or prevent administrative controls from detecting an attack on a specific computer.
In 2017, a similar attack scenario was employed by threat actors in a bank robbery targeting the Far Eastern International Bank (FEIB) in Taiwan. In that attack, the threat actors deployed Hermes ransomware on the network to delay investigations into the attack.
Additionally, if you encounter blue screen errors on Windows 10, 7, you can refer to the troubleshooting methods in the article below to fix the issue.
- Read more: How to Fix Blue Screen Errors on Computer
