In mid-February, Microsoft halted automatic distribution of one of its Windows patches, blaming the interaction of the patch with already-present malware on users' systems for a rash of blue-screen-of-death reports among XP users.
On March 2, Microsoft began redistributing that patch, and reiterated plans to release in a few weeks a rootkit detector aimed at removing the Alureon rootkit from users systems.
From a note I received from a Microsoft spokesperson:
"Today Microsoft resumed the distribution of MS10-015 to Windows customers through Automatic Update. The bulletin includes added detection logic for consumer and enterprise customers that searches for indications of the Alureon rootkit. If abnormal conditions such as modified operating system files generated by a computer virus associated with the Alureon rootkit are detected, the infected computer is rendered incompatible with MS10-015.
"If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options. If this occurs, Microsoft customer support will work with impacted customers to resolve each issue.
"IT professionals can run a scanning tool to determine if a computer may be incompatible with MS10-015. If compatible, Microsoft Knowledge Base Article 980966 outlines additional information about deploying this update in a commercial environment."
Microsoft is working on an automated solution to detect and remove Alureon rootkit from affected systems, according to the aforementioned spokesperson, with availability of that detector -- for both consumers and enterprise customers -- expected "in a few weeks."