In a brilliant example of user friendliness trumping security, Microsoft have decided to embed QR codes in Windows 10 "blue screen" error messages. The idea behind this is well intentioned enough - just let a user scan the QR code with their mobile phone to get more details on an error message, and hopefully get them on their way to fixing the issue.

This may seem innocent enough, but it will have malware authors chomping at the bit. The problem here is inherent with QR codes in general, which is that they give you no indication as to what that QR code will do. Most QR codes will immediately direct the user to a website, but without scanning the code you have no idea what website you will be sent to. It would be trivial for a threat actor to create a piece of malware that would emulate this new BSOD error message, with a QR code directing the user (who, fearing they just lost the last days worth of work, will do anything to fix the problem) to a malicious site that will immediately install a further piece of malware on the users machine.

I should note that this is only present in the latest preview build, and hopefully Microsoft will see sense and get rid of this feature. But, if not, be sure to keep an eye out for these new error screens and get ready to educate your users.