Windows 10 security alert: Update now if you don't want your PC to crash
This is one Windows 10 update you should not wait on
This Windows 10 update news isn't just good news. It's a reason to update your PC right now. Without it, someone or something could hit your computer with the Blue Screen of Death (BSoD if you're short on words) just by getting you to try to open a nonexistent folder.
This news comes from Bleeping Computer, which notes that the February 2021 Patch Tuesday download (released on February 9) contains a fix to the bug that Microsoft is tracking under the Common Vulnerabilities and Exposures (CVE) tag CVE-2021-24098.
- The best laptops, ranked
- Protect your PC with the best antivirus software
- Plus: Beware links to Discord's website — it could be malware
We reported on the flaw and tested out the exploit when it was first discovered less than a month ago — and it's legit. We do not know if it's been actively exploited "in the wild," but now that it's being publicized, it's not time to wait and find out.
Dubbed 'Windows Console Driver Denial of Service Vulnerability" by Microsoft, the flaw has only one upside: it requires user interaction — and cannot be performed without your involvement.
Microsoft's documentation notes that the "web-based attack scenario" could see a website used to deliver a filepath that exploits the flaw, so you'd just need to have a way to get someone to open the web page.
Unfortunately, as anyone who has been the victim of a phishing attack has experienced, it's not difficult to get your average user to open a link.
It could be sent in a breathlessly-worded email or text from their bank compelling them to fix something in their account, or something less dramatic, like a message promoting information about the Covid-19 vaccines or the third stimulus check.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Or it could be buried in a harmless-looking web page. Just clicking on a malicious link might crash your PC, although there likely wouldn't be any permanent damage.
Fix it now with a Windows 10 update
The February 2021 Patch Tuesday update is available to users via one of 20 different updates, listed at the bottom of their CVE-2021-24098 page here.
To update your machine, follow these simple steps.
- Select the Start/Windows button from the bottom left corner.
- Select the settings/gear button above the power button.
- Select the Update and Security button.
- Tap or click Windows Update in the left menu.
- Tap or click Check for Updates if you don't see any available.
- Your updates should begin downloading. Make sure your active projects are saved, and agree to restart once the updates are downloaded.
How the exploit works
This flaw is exploited by getting a user to try to open the below directory:
\\.\globalroot\device\condrv\kernelconnect
That's a local directory, which means users do not even need to download a file to have their system crashed. Yes, web browsers don't just navigate the internet: they can also browse system files.
A flaw in how Windows 10 performed error checking pushes the user directly to a system crash.
This flaw was discovered by researcher Jonas Lykkegaard, who explained it all in his Twitter feed. At the time, Microsoft told Bleeping Computer that it "has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible."
And now that we've explained how it works, and why you should run Windows Update ASAP, we're going to go make sure our systems are updated.
Henry is a managing editor at Tom’s Guide covering streaming media, laptops and all things Apple, reviewing devices and services for the past seven years. Prior to joining Tom's Guide, he reviewed software and hardware for TechRadar Pro, and interviewed artists for Patek Philippe International Magazine. He's also covered the wild world of professional wrestling for Cageside Seats, interviewing athletes and other industry veterans.
-
russell_john In my experience in the last couple of years you are more at risk from a Windows Update than you are from a virus or trojan ..... I'll wait a couple of weeks and see how many people have problems before I update ......Reply
I have better advice, if you don't want your computer to crash don't play any games from Ubisoft ....... Or CDPR ..... or any of the other AAA game developers -
Oops! I agree.Reply
Every time I follow advice to update, I regret it.
I'll never buy another Windows product again.
No need to.