(In reply to Sean Voisen (:svoisen) from comment #5) > One maybe interesting data point is that they are all on Windows 10.0.14393, and no newer builds. This is an interesting observation, and it's still sort-of true!! Specifically: in my crash-report links from comment 6, **Buckets #2 and #3 are still all on this single Windows version**, which seems to be from 2016, based on https://www.lifewire.com/windows-version-numbers-2625171 So it seems very likely that this category of crash is just an old Windows-internals print spooler bug, which has been fixed or worked around in newer versions. Bucket #1 (the ones that involve the mysterious `brpri`/`breni` DLL) are all from a different version, Windows 10.0.19043, which I think is relatively recent. I found a blog post about it here: https://www.xda-developers.com/microsoft-releases-windows-10-build-19043-1165-heres-whats-new/ That one mentions that this specific version "There’s only a single highlight in this release" which "fixes a vulnerability in the Windows Print Spooler, and it’s pretty much all that’s new in this release." That sounds like the sort of change that could have somehow-introduced a crash in `winspool.drv`; and given the involvement of these mysterious ungoogleable `br` DLLs, I wonder if maybe those DLLs are malware which manifests as a rogue print driver, which is trying to exploit the now-fixed vulnerability and is now simply crashing instead of successfully exploiting that Windows vulnerability.
Bug 1628717 Comment 8 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Sean Voisen (:svoisen) from comment #5) > One maybe interesting data point is that they are all on Windows 10.0.14393, and no newer builds. This is an interesting observation, and it's still sort-of true!! Specifically: in my crash-report links from comment 6, **Buckets #2 and #3 are still all on this single Windows version**, which seems to be from 2016, based on https://www.lifewire.com/windows-version-numbers-2625171 So it seems very likely that this category of crash is just an old Windows-internals print spooler bug, which has been fixed or worked around in newer versions. Bucket #1 (the ones that involve the mysterious `brpri`/`breni` DLL) are all from a different version, Windows 10.0.19043, which I think is relatively recent (maybe the newest Windows 10 release). I found a blog post about it here: https://www.xda-developers.com/microsoft-releases-windows-10-build-19043-1165-heres-whats-new/ That one mentions that this specific version "There’s only a single highlight in this release" which "fixes a vulnerability in the Windows Print Spooler, and it’s pretty much all that’s new in this release." That sounds like the sort of change that could have somehow-introduced a crash in `winspool.drv`; and given the involvement of these mysterious ungoogleable `br` DLLs, I wonder if maybe those DLLs are malware which manifests as a rogue print driver, which is trying to exploit the now-fixed vulnerability and is now simply crashing instead of successfully exploiting that Windows vulnerability.
(In reply to Sean Voisen (:svoisen) from comment #5) > One maybe interesting data point is that they are all on Windows 10.0.14393, and no newer builds. This is an interesting observation, and it's still sort-of true!! Specifically: in my crash-report links from comment 6, **Buckets #2 and #3 are still all on this single Windows version**, which seems to be from 2016, based on https://www.lifewire.com/windows-version-numbers-2625171 So it seems very likely that this category of crash is just an old Windows-internals print spooler bug, which has been fixed or worked around in newer versions. Bucket #1 (the ones that involve the mysterious `brpri`/`breni` DLL) are all from a different version, Windows 10.0.19043, which I think is relatively recent (maybe the newest Windows 10 release). I found a blog post about it here: https://www.xda-developers.com/microsoft-releases-windows-10-build-19043-1165-heres-whats-new/ That one mentions that in this specific version, "There’s only a single highlight in this release" which "fixes a vulnerability in the Windows Print Spooler, and it’s pretty much all that’s new in this release." That sounds like the sort of change that could have somehow-introduced a crash in `winspool.drv`; and given the involvement of these mysterious ungoogleable `br` DLLs, I wonder if maybe those DLLs are malware which manifests as a rogue print driver, which is trying to exploit the now-fixed vulnerability and is now simply crashing instead of successfully exploiting that Windows vulnerability.