After last week's Windows 10 corrupted hard drive bug that was found, a new bug has been located which if a specific link is entered into some browsers, it can cause your Windows 10 to blue screen. What the reports look to be like, that it just goes to a simple blue strained and forces restart. It doesn't have any lasting effects that are known, but with anything else, it has the potential of causing some issues.
Both flaws were discovered by researcher Jonas Lykkegaard and detailed in his Twitter feed. This new bug doesn't open a web page, he said, but instead directs the browser to try to browse the PC's internal file system -- a feature common to most web browsers.
But because the link is supposed to include an extra element, and the system doesn't seem to properly check for errors (perhaps because the command is coming from a web browser), Windows 10 gets confused, trips over itself and pops up a BSOD.
|Please login to see this link
Get registered or Log in
Use at your own risk
Because this flaw doesn't seem to cause any lasting harm, it's probably safe to share the filepath:
Play with this at your own risk. If you type it into the address bar of a browser, your computer will likely bluescreen and then do the usual file checking. Some computers didn't automatically restart, power-cycle manually had to be done.
Microsoft commented that it "has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible."
Lykkegaard also said that Windows 10 views the filepath as a command and expects the user to also type "attach" at the end. But if the user doesn't add anything, then Windows bluescreens.
He also said that any user, not just those with administrative privileges, can make this happen. Tom's Guide confirmed that was true.
This flaw can be exploited. Lykkegaard found that specially crafted files downloaded from the internet could cause PCs to crash when the files were opened, and Bleeping Computer said it had found a way to make the PC crash upon startup.
Pranksters could also embed the filepath in harmless-looking links on web pages, emails, instant messages or social media. Overall, my suggestion to you is to just be careful on what you click.