Do not do it. Most people aren’t going to experiment with navigating to root Windows 10 folders, but in case someone could dig into the software guts of their PC, it’s best not to enter this file path in your browser: ” \. globalroot device condrv kernelconnect. ”It not only crashes your PC instantly, but also gives you the dreaded blue screen of death (BSOD), from which your PC may not be able to recover.
According to Tom’s Guide, the bug was recently discovered by Windows security researcher Jonas Lykkegaard, who have been tweeting on and off about the issue since October 2020. Lykkegaard explained that when the above path is opened in Windows 10, regardless of whether the user has administrator privileges or not, the system cannot properly check for errors when trying to connect to the path, resulting in a BSOD crash.
Aside from developers, there isn’t really any reason why an average Windows 10 user would want to dig into the root directories, especially at the kernel level; the Windows kernel is a critical program that allows the operating system to function and control everyday processes such as running drivers and starting and ending programs. It is what connects the user to the hardware. But it is still important to know that this bug exists.
While Gizmodo hasn’t tested the link itself (out of a plethora of caution that it could kill one of our few test PCs), both Tom’s Guide and BleepingComputer sacrificed a PC for the cause. The PC using Tom’s Guide got stuck in an automatic repair boot loop. BleepingComputer didn’t say if his PC came out alive, but it did confirmed this bug is present on Windows 10 version 1709 and above.
The bug can also provide hackers with a way to perform Denial of Service (DoS) attacks, which can shut down a computer or network, making it completely inaccessible to users. But in this case, a hacker might not need to flood the system with repeated requests, as would normally happen in a DoS attack – entering the file path above may be enough.
G / O Media can receive a commission
Lykkegaard explained that a hacker can easily trick someone into downloading or clicking on a Windows URL file (.url), which automatically directs them to the problematic path and then crashes their PC.
A Microsoft spokesperson told BleepingComputer “Microsoft has a customer commitment to investigate reported security vulnerabilities and we will provide updates for affected devices as soon as possible.” So, it appears Microsoft is aware of the issue and is working to fix it, but has no timeline for when a patch will be rolled out to users of Windows 10 version 1709 or later. In the meantime, do not try to navigate to the file path and be vigilant for suspicious links and files that may appear in your inbox or elsewhere on the Internet.