QQ and TIM Crash Caused by QQ NT Kernel Vulnerability and Recommended Mitigation Steps

Starting from the night of the 18th, QQ and TIM on Windows PC, iOS, and Android experienced large‑scale crashes; the impact on TIM was relatively limited because it had just switched to the QQ NT kernel earlier this month.

The root cause was identified as a vulnerability in the QQ NT kernel, which pranksters exploited by sending code that automatically loads when shared in QQ groups.

By default, QQ groups automatically preview files smaller than 100 MB, so when a malicious file is sent to a group, QQ/TIM downloads and previews it, triggering the vulnerability and causing a crash.

Since the prank began the previous night, the affected user base may have been limited, but the number of impacted users could increase after they start their computers in the morning.

According to comments from customer service, the QQ team addressed the issue during the night; ideally, the problem should be resolved by removing the malicious files from QQ groups directly on the server.

The exact handling method is unclear, but it is likely that after a restart, groups still auto‑download files but no longer cause an immediate crash.

If users still experience an immediate crash after launching QQ or opening a group, it suggests the team’s fix was insufficient, and cleaning the group chat history may be necessary.

To clean QQ group chat records, go to QQ or TIM settings, locate the option to clear chat history, and delete most unimportant group chats, since the specific group that sent the malicious file is unknown.

After clearing the records, restarting QQ will prevent the malicious file from loading again, stopping the crash; if the application runs normally, further cleaning is unnecessary.

Regarding the pranksters, because QQ/TIM accounts are tied to real‑name IDs, it will be difficult for them to escape accountability; Tencent is expected to ban the offending accounts and may pursue legal action.

Note: the macOS version of QQ also uses the QQ NT kernel architecture and could theoretically be affected, but no reports from macOS users have been observed so far.