Microsoft fixes Windows 10 bug letting attackers trigger BSOD crashes

Posted by & filed under Security Alerts.

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.

Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.sys, that caused a blue screen of death crash (BSOD) when attempting to connect to the following path.

\\.\globalroot\device\condrv\kernelconnect

When connecting to the device, developers are meant to pass the ‘attach’ extended attribute. However, a lack of error checking allowed you to access the path without the attribute and crash Windows.

BSOD caused by accessing the \\.\globalroot\device\condrv\kernelconnect

 

This bug opened up a myriad of potential methods to crash Windows, including accessing the path from a browser’s address bar, trying to assign it to a drive letter using ‘net use,’ or creating a specially crafted URL file that sets its icon to the path.

Even worse, threat actors who gain access to a system can use it to force a crash of a breached system to hide their activities.

As part of the February 2021 Patch Tuesday, Microsoft has fixed this bug and tracking it as CVE-2021-24098, with a description of ‘Windows Console Driver Denial of Service Vulnerability.’

Microsoft’s FAQ for the vulnerability explains how threat actors can exploit the bug.

“In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website.”

“Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file,” explains Microsoft’s CVE-2021-24098 vulnerability page.

After installing the update, you can confirm that the bug can no longer be exploited. For example, when we attempted to assign the path to the f: drive using the ‘net use’ command, Windows 10 no longer crashes.

Vulnerability can no longer be exploited

We strongly recommend that Windows 10 users install the latest Windows 10 updates to fix this bug. This is even more important, considering the large amount of publicly disclosed vulnerabilities fixed in February 2021’s Patch Tuesday.

 

The information contained in this website is for general information purposes only. The information is gathered from BLEEPING COMPUTER, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.