Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. The bug opened up a myriad of potential methods to crash Windows, including accessing the path from a browser’s address bar, or creating a specially crafted URL file that sets its icon to the path. BleepingComputer strongly recommends that Windows 10 users install the latest Windows 10 updates to fix this bug. This is even more important, considering the large amount of publicly disclosed vulnerabilities fixed in February 2021’s Patch Tuesday.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-bug-letting-attackers-trigger-bsod-crashes/