Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. The bug allows any user or program, even those with low privileges, to mark an NTFS drive as corrupted simply by accessing the special folder. Microsoft has classified this bug as a DDoS vulnerability and is tracking it as CVE-2021-28312. After installing this week’s Patch Tuesday updates, the bug no longer works as it will now just display an error stating “The directory name is invalid”””
Source: https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-10-bug-that-can-corrupt-ntfs-drives/