Don’t do it. Most people aren’t going to experiment with navigating to root Windows 10 folders, but just in case anyone might be digging around in the software guts of their PC, it’s best to stay away from inputting this file path into your browser: “\\.\globalroot\device\condrv\kernelconnect”. It will not only instantly crash your PC, but also give you the dreaded blue screen of death (BSOD), from which your PC might not be able to recover. Do not do it!
According to Tom’s Guide, the bug was recently discovered by Windows security researcher Jonas Lykkegaard, who’s been tweeting about the issue on-and-off since October 2020. Lykkegaard explained that when the above path is opened in Windows 10, regardless of if the user has administrative privileges or not, the system can’t properly check for errors when it tries to connect to the path, resulting in a BSOD crash.
Aside from developers, there isn’t much of a reason why an average Windows 10 user would want to dig around in the root folders, especially at the kernel level; the Windows kernel is a crucial program that allows the operating system to function, controlling everyday processes like running drivers, and starting and ending programs. It’s what connects the user to the hardware. But it’s still important to be aware that this bug exists.
While Gizmodo hasn’t tested the link ourselves (out of an abundance of caution that it might kill one of our few test PCs), both Tom’s Guide and BleepingComputer have sacrificed a PC for the cause. The PC that Tom’s Guide used became stuck in an Automatic Repair boot loop. BleepingComputer didn’t say if its PC made it out alive, but it confirmed this bug is present on Windows 10 version 1709 and later.
The bug might also give hackers a way to perform denial of service attacks (DoS), which can shut down a computer or network, making it totally inaccessible to users. But in this case, a hacker might not need to flood the system with repeated requests, as would normally happen in a DoS attack—inputting the above filepath could be all it takes.
Lykkegaard explained that a hacker could easily trick someone into downloading or clicking on a Windows URL file (.url) that would automatically take them to the problematic path and subsequently crash their PC.
A Microsoft spokesperson told BleepingComputer “Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible.” So it appears Microsoft knows about the issue and is working to fix it, but has no timeline for when a patch will roll out to Windows 10 version 1709 or higher users. In the meantime, don’t try navigating to the filepath, and definitely be vigilant about suspicious links and files that might appear in your inbox or elsewhere on the internet.