Skip to main content

Windows 10 security alert: Update now if you don't want your PC to crash

Update Windows 10 now if you don't want your PC to crash
Not the actual Blue Screen of Death. (Image credit: Shutterstock)

This Windows 10 update news isn't just good news. It's a reason to update your PC right now. Without it, someone or something could hit your computer with the Blue Screen of Death (BSoD if you're short on words) just by getting you to try to open a nonexistent folder.

This news comes from Bleeping Computer, which notes that the February 2021 Patch Tuesday download (released on February 9) contains a fix to the bug that Microsoft is tracking under the Common Vulnerabilities and Exposures (CVE) tag CVE-2021-24098

We reported on the flaw and tested out the exploit when it was first discovered less than a month ago — and it's legit. We do not know if it's been actively exploited "in the wild," but now that it's being publicized, it's not time to wait and find out. 

Dubbed 'Windows Console Driver Denial of Service Vulnerability" by Microsoft, the flaw has only one upside: it requires user interaction — and cannot be performed without your involvement. 

Microsoft's documentation notes that the "web-based attack scenario" could see a website used to deliver a filepath that exploits the flaw, so you'd just need to have a way to get someone to open the web page. 

Unfortunately, as anyone who has been the victim of a phishing attack has experienced, it's not difficult to get your average user to open a link. 

It could be sent in a breathlessly-worded email or text from their bank compelling them to fix something in their account, or something less dramatic, like a message promoting information about the Covid-19 vaccines or the third stimulus check.

Or it could be buried in a harmless-looking web page. Just clicking on a malicious link might crash your PC, although there likely wouldn't be any permanent damage.

Fix it now with a Windows 10 update

The February 2021 Patch Tuesday update is available to users via one of 20 different updates, listed at the bottom of their CVE-2021-24098 page here.

To update your machine, follow these simple steps.

  • Select the Start/Windows button from the bottom left corner.
  • Select the settings/gear button above the power button.
  • Select the Update and Security button.
  • Tap or click Windows Update in the left menu.
  • Tap or click Check for Updates if you don't see any available.
  • Your updates should begin downloading. Make sure your active projects are saved, and agree to restart once the updates are downloaded.

How the exploit works

This flaw is exploited by getting a user to try to open the below directory:
\\.\globalroot\device\condrv\kernelconnect

That's a local directory, which means users do not even need to download a file to have their system crashed. Yes, web browsers don't just navigate the internet: they can also browse system files. 

A flaw in how Windows 10 performed error checking pushes the user directly to a system crash. 

This flaw was discovered by researcher Jonas Lykkegaard, who explained it all in his Twitter feed. At the time, Microsoft told Bleeping Computer that it "has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible."

And now that we've explained how it works, and why you should run Windows Update ASAP, we're going to go make sure our systems are updated.

Henry T. Casey

Henry is an editor writer at Tom’s Guide covering streaming media, laptops and Apple. Prior to joining Tom's Guide — where he's the self-described Rare Oreo Expert — he reviewed software and hardware for TechRadar Pro, and interviewed artists for Patek Philippe International Magazine. You can find him at your local pro wrestling events, and looking for the headphone adapter that he unplugged from his iPhone.

  • russell_john
    In my experience in the last couple of years you are more at risk from a Windows Update than you are from a virus or trojan ..... I'll wait a couple of weeks and see how many people have problems before I update ......

    I have better advice, if you don't want your computer to crash don't play any games from Ubisoft ....... Or CDPR ..... or any of the other AAA game developers
    Reply
  • Oops!
    I agree.
    Every time I follow advice to update, I regret it.
    I'll never buy another Windows product again.
    No need to.
    Reply