Install This Windows 10 Update Immediately To Squash Crippling BSOD Crashes
We are two days removed from this month's Patch Tuesday update, and if you are experiencing the odd blue screen of death (BSOD) error, applying the latest cumulative update could be the cure. Among the things it addresses, this month's Patch Tuesday update includes a fix for a weird bug that hackers could exploit to crash a PC any time a user simply accesses a certain directory.
Strange quirks in Windows 10 have been the theme in recent weeks, such as having your hard drive scrambled just by opening a specially crafted file with a single-line command. We wrote about that one in mid-January. Then a few days later, we wrote about the bug in question here, in which a entering in a certain path in a browser's address bar would be enough to invoke a dreaded BSOD.
That is just one of the different ways the bug can wreak havoc. While it may sound little more than an annoyance, crashing a PC could be an effective way for an attacker to hide their other dirty deeds on a PC or network.
"In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website," Microsoft explains, as part of CVE-2021-24098.
"Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file," Microsoft continues.
This month's Patch Tuesday update squashes the bug. Depending on how you have your system configured, you may or may not have already installed the update. If you want to make sure you have, head into Settings > Update & Security and click on the Check for updates button.
In total, the cumulative update fixes 56 security vulnerabilities, some more serious than others (nearly a dozen of them are labeled as Critical because of their ability to be executed remotely, and two more as Moderate). Just be aware that a restart is required when applying the update.