Look out: This browser link will crash your Windows 10 PC

News
By
published

Just typing it in will lead to temporary (at least) hurt

An old-fashioned Blue Screen of Death on a widescreen monitor while a user slams his palm onto his forehead.
Not the actual Windows 10 Blue Screen of Death. (Image credit: Andrey_Popov/Shutterstock)

UPDATE: Microsoft has patched this flaw with a system update. See end of story.

Hot on the heels of last week's Windows 10 corrupt hard drive bug comes another flaw that crashes a PC if you try to open a specific link in some web browsers. And yes, this crash will yield that feared blue screen of death (BSOD).

Both flaws were discovered by researcher Jonas Lykkegaard and detailed in his Twitter feed. This new bug doesn't open a web page, he said, but instead directs the browser to try to browse the PC's internal file system -- a feature common to most web browsers.

But because the link is supposed to include an extra element, and the system doesn't seem to properly check for errors (perhaps because the command is coming from a web browser), Windows 10 gets confused, trips over itself and pops up a BSOD. 

Bleeping Computer tried it on several systems using the Google Chrome browser and found that it works on Windows 10 version 1709 and later. Tom's Guide found that it also works in the Brave web browser, which uses the same underpinnings as Chrome, and in an older version of the unrelated Firefox browser.

Use at your own risk

Because this flaw doesn't seem to cause any lasting harm, it's probably safe to share the filepath: "\\.\globalroot\device\condrv\kernelconnect". 

Play with this at your own risk. If you type it into the address bar of a browser, your computer will likely bluescreen and then do the usual file checking. Our computer didn't restart automatically after that, so we had to power-cycle manually to make all well.

[Update: Our test PC restarted normally a few times, but is now stuck in an Automatic Repair boot loop. So, on second thought, you really shouldn't try this.]

[Update part 2: It now looks like the Automatic Repair boot loop may have been caused by a completely different issue.]

Microsoft told Bleeping Computer that it "has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible."

Lykkegaard told Bleeping Computer that Windows 10 views the filepath as a command and expects the user to also type "attach" at the end. But if the user doesn't add anything, then Windows bluescreens.

He also said that any user, not just those with administrative privileges, can make this happen. Tom's Guide confirmed that was true.

This flaw can be exploited. Lykkegaard found that specially crafted files downloaded from the internet could cause PCs to crash when the files were opened, and Bleeping Computer said it had found a way to make the PC crash upon startup. 

Pranksters could also embed the filepath in harmless-looking links on web pages, emails, instant messages or social media. But none of these methods would be likely to cause permanent damage. [Or maybe it would -- see above.]

Update: Flaw patched

On Feb. 9, Microsoft patched this flaw as part of its regularly monthly software updates. Here's how to make sure you install this patch.

See more Computing News
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
Surface Laptop 5 open on desk showing Windows 11 desktop
Microsoft just fixed 72 Windows security flaws — update your PC right now
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Microsoft Edge open on a laptop with the browser's app listing page open on a smartphone in front of it
Microsoft Edge will soon protect you from these scary scams that even Chrome can't
A laptop on a windowsill in the middle of a Windows update
Microsoft is ending support for Windows 10 soon — 5 ways to make sure your PC is secure
and image of the Google Chrome logo on a laptop
Billions of Chrome users at risk from new browser-hijacking Syncjacking attack — how to stay safe
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
Latest in Windows Operating Systems
Microsoft Office is finally as it should have been on iPad
Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Windows 10 logo
Windows 10 end of life set for this year — everything you need to know to get ready
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A Windows 11 laptop, demonstrating how to run Android apps on Windows 11
How to remove the Windows 11 news and weather widget
Man typing on Windows 11 laptop
Microsoft confirms major Windows 11 and Windows 10 audio bug is cutting sound on PCs
Latest in News
Apple Intelligence logo on iPhone
Apple confirms Siri 2.0 is delayed — 'it’s going to take us longer than we thought'
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 8 (#636)
Switch 2 and Mario
Nintendo Switch 2 FCC filing just revealed Wi-Fi 6 and NFC — but that's not all
iPhone 17 Pro render
iPhone 17 Pro Max and iPhone 17 Air designs just teased in new video — here's your first look
Honor Magic V teaser image
Watch out, Galaxy Z Fold 7 — Honor Magic V4 leak just revealed a killer foldable
Rachel Weisz as Marlee in "Runaway Jury"
Netflix top 10 movies — here’s the 3 worth watching right now
More about windows operating systems
Microsoft Office is finally as it should have been on iPad

Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads

laptop anger

Latest Windows 11 update reportedly breaking major parts of the operating system
Hugh Grant as Mr. Reed in "Heretic"

5 best new movies to stream this weekend on Netflix, Hulu, Max, and more
See more latest
Most Popular
Hugh Grant as Mr. Reed in "Heretic"
5 best new movies to stream this weekend on Netflix, Hulu, Max, and more
Apple Intelligence logo on iPhone
Apple confirms Siri 2.0 is delayed — 'it’s going to take us longer than we thought'
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 8 (#636)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #370 (Saturday, March 8 2025)
Maggie Skinner (Maya Stange) and Ron Mohoney (Rob Collins) dancing in Ten Pound Poms Season 2
How to watch 'Ten Pound Poms' Season 2 online from anywhere
Rohit Sharma of India plays a shot during an ICC Champions Trophy 2025 match in Dubai in February 2025
India vs New Zealand live stream: How to watch the ICC Champions Trophy final
Switch 2 and Mario
Nintendo Switch 2 FCC filing just revealed Wi-Fi 6 and NFC — but that's not all
iPhone 17 Pro render
iPhone 17 Pro Max and iPhone 17 Air designs just teased in new video — here's your first look
The former logo for the app formerly known (but still referred to by most people) as Twitter
How to watch 'Twitter: Breaking The Bird' online from anywhere
Louis Bielle-Biarrey of France scores his team's third try ahead of the Ireland vs France Six Nations 2025 showdown
Ireland vs France live streams: how to watch the 2025 Six Nations online, team news, form guide