This New Windows 10 Bug Could Brick Your PC

 A view of the new Microsoft Surface Laptop following a Microsoft launch event, May 2, 2017 in New York City.
A view of the new Microsoft Surface Laptop following a Microsoft launch event, May 2, 2017 in New York City.
Photo: Drew Angerer (Getty Images)

Don’t do it. Most people aren’t going to experiment with navigating to root Windows 10 folders, but just in case anyone might be digging around in the software guts of their PC, it’s best to stay away from inputting this file path into your browser: “\\.\globalroot\device\condrv\kernelconnect”. It will not only instantly crash your PC, but also give you the dreaded blue screen of death (BSOD), from which your PC might not be able to recover. Do not do it!

Advertisement

According to Tom’s Guide, the bug was recently discovered by Windows security researcher Jonas Lykkegaard, who’s been tweeting about the issue on-and-off since October 2020. Lykkegaard explained that when the above path is opened in Windows 10, regardless of if the user has administrative privileges or not, the system can’t properly check for errors when it tries to connect to the path, resulting in a BSOD crash.

Aside from developers, there isn’t much of a reason why an average Windows 10 user would want to dig around in the root folders, especially at the kernel level; the Windows kernel is a crucial program that allows the operating system to function, controlling everyday processes like running drivers, and starting and ending programs. It’s what connects the user to the hardware. But it’s still important to be aware that this bug exists.

While Gizmodo hasn’t tested the link ourselves (out of an abundance of caution that it might kill one of our few test PCs), both Tom’s Guide and BleepingComputer have sacrificed a PC for the cause. The PC that Tom’s Guide used became stuck in an Automatic Repair boot loop. BleepingComputer didn’t say if its PC made it out alive, but it confirmed this bug is present on Windows 10 version 1709 and later.

The bug might also give hackers a way to perform denial of service attacks (DoS), which can shut down a computer or network, making it totally inaccessible to users. But in this case, a hacker might not need to flood the system with repeated requests, as would normally happen in a DoS attack—inputting the above filepath could be all it takes.

Lykkegaard explained that a hacker could easily trick someone into downloading or clicking on a Windows URL file (.url) that would automatically take them to the problematic path and subsequently crash their PC.

A Microsoft spokesperson told BleepingComputer “Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible.” So it appears Microsoft knows about the issue and is working to fix it, but has no timeline for when a patch will roll out to Windows 10 version 1709 or higher users. In the meantime, don’t try navigating to the filepath, and definitely be vigilant about suspicious links and files that might appear in your inbox or elsewhere on the internet.

Advertisement

Staff Reporter, Reviews at Gizmodo. Formerly PC Gamer, Maximum PC.

DISCUSSION

It’s great that you’re bringing this to our attention here, and it does seems like a potentially seriously problematic bug should somebody out there just want to trick people into killing their own computers.

Did you have to write it in such a Ren & Stimpy, “Look at the BIG RED BUTTON! The flashing button! LOOK! The BRIGHT, SHINY BUTTON!” manner?

I mean, you know that’s just begging a specific subset of people to copy-paste the path straight into File Explorer, right?