Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Operating Systems

Microsoft halts Windows Update distribution of security fix after blue-screen reports

Summary: Microsoft has removed one group of patches it released as part of this week's Patch Tuesday -- MS10-015 (KB977165) -- from its Windows Update service until it can investigate reports by some users that it is causing havoc with their PCs.

Mary Jo Foley

By for All About Microsoft |

Microsoft has removed one group of patches it released as part of this week's Patch Tuesday -- MS10-015 (KB977165) -- from its Windows Update service until it can investigate reports by some users that it is causing havoc with their PCs.

Microsoft provided an update on the Microsoft Security Response Center (MSRC) blog on February 11 about its actions, after a day of reports by users with problems, including some XP users claiming blue-screen-of-death (BSOD) issues seemingly resulting from application of the KB977165 patch.

Microsoft claimed the number of users experiencing problems as a result of the path were "limited." More from the blog post by Jerry Bryant, Senior Security Communications Manager Lead:

"(W)e have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. Our teams are working to resolve this as quickly as possible. We also stopped offering this update through Windows Update as soon as we discovered the restart issues. However, those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages."

Microsoft is advising customers to apply the other patches it released this week, as there have been no reported problems with them, according to Bryant.

My ZDNet colleague Adrian Kingsley-Hughes, earlier today offered a fix for those attempting to apply KB977165. Microsoft advised users who decide not to install the update to implement a workaround outlined in one of its security bulletins (CVE-2010-0232) in the interim. There are more details about this workaround in Microsoft's blog post.

On a related note, I asked Microsoft today whether the company had any new information or update for those users who've reported various Windows 7 startup and shutdown problems which some believe are the result of a reliability update that Microsoft pushed to Windows 7 users in late January. A Microsoft spokesperson said Microsoft had nothing new to say about the matter, other than the company would continue to monitor the situation.

Update (February 12): Microsoft security experts say that some of the problems may be due to prior malware infestations on Windows users' machines, as my colleague Ed Bott notes. The Softies are continuing their investigation.

Topics: Operating Systems, Browser, Microsoft, Security, Software, Windows

About

Mary Jo has covered the tech industry for more than 25 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

182 comments
Log in or register to join the discussion

  • Main cause seems like malware infection

    The patch from Microsoft has issues on systems with altered ATAPI.SYS files. This generally show that a computer is infected by malware.
    An infection of ATAPI.SYS is common in rootkit malware. This driver is part of the IDE harddisk controler software.

    See this blog post:
    https://patrickwbarnes.com/blog/2010/02/microsoft-update-kb977165-triggering-widespread-bsod/

    On systems with an infected atapi.sys file replacing the infected file with a clean version makes the issue go away and allows the monthly Microsoft patch to be installed properly.
    IE9
    Reply Vote

    • Could be [EDIT]

      This is what caused the problems last time after that company in England started yelling Wolf. The problem was traced back to a malware infection.

      That would be XP for you.

      Link: http://blogs.zdnet.com/hardware/?p=6311
      The one and only, Cylon Centurion
      Reply Vote

      • Interesting - thanks

        Thanks to both of you for this tidbit. At least 2 posts on here are worth reading among the dreck.
        ejhonda
        Reply Vote

    • So What of the Malware Removal Tool?

      If this is due to a malware problem, then it must be a fairly exotic malware problem that is not covered by the Microsoft Malware Removal Tool that is downloaded at the same time under auto update.
      AEV
      tonyv414
      Reply Vote

      • Malicious Software Removal Tool

        Apparently no other Malware tools find it either, so I would hardly expect Msoft to be the first to know of it's existence. The MSRT is a catch all for people who fail to keep their front-line defenses up to date.
        cuba_pete@...
        Reply Vote

      • How do you know it was being used?

        For those unfortunate people that got the rootkit, obviously they got what they deserved by not observing the Principle of Least Privilege. Like that Linux moron, using root to cruise the Internet. Yeah his signature is root@localhost. Wow!

        Google: http://www.google.com/search?q=principle+of+least+privilege

        Results 1 - 10 of about 344,000 for principle of least privilege. (0.25 seconds)

        Yeah, it's easy to blame Microsoft and others, but never ourselves, "Yikes! Me responsible for my own actions? Never!"

        Very representative of the Linux community today. A bunch of cry-babies with an axe to grind.
        WinTard
        Reply Vote

    • Can I use "add or remove program" to remove kb977165 security update?

      No blue screen - however 4 year old Dell X1 ultraportable runs a bit slower.
      ZD4ME2
      Reply Vote

      • You should be able to...

        ...just make sure you check the box at the top of the add/remove programs dialog to "show updates".
        PollyProteus
        Reply Vote

      • if blue screen?

        how to get out of the blue screen? I never had
        the CD disk(boot). This is on a Dell ultraport.
        bigjon
        Reply Vote

    • link seems broken

      but thanks for the info. BSOD's from updates are
      often caused by malware.
      marks055@...
      Reply Vote

    • Might Be?!?!

      Might be Malware? Not likely; I downloaded Microsoft's "Imporatnt Updates" on Tuesday and expected to get back to work on my Thesis later that evening... Yep, always expect the unexpected I guess. I lost everything - three months worth of work, two days before my next full system back-up. Not only was it the patch update(s), but who is culpable for this loss along with the tens of thousands of other system users whom also experienced the issue? I say 'tens of thousands' because the tens of thousands who have experienced the problem cannot report it because they have no working system to do it on, and I am quite sure no-one wants to pay more money to speak with an MS Tech Help on the phone for a problem MS caused in the first place.
      (NB Micrsoft is now pushing - as an alternative around the whole patch problem - its Windows 7 Upgrade Solution.)
      Cheers all...and good luck with that...
      Monday_Galileo
      Reply Vote

      • News Flash...Microsoft DOES offer free support for this sort of thing.

        Microsoft does take security seriously these days. Security patches and issues relating to them are covered free of charge.
        Wolfie2K3
        Reply Vote

      • Very likely

        These problems have shown that a lot of peoples computers are infected with malware without them realising that.

        Also these specific probelms cause a blue screen of death error which is recoverable ifyou follow steps provided by helpfull people and should not destroy your work of the last three monthsas you claim.
        IE9
        Reply Vote

    • This is indeed due to rootkit infection in either atapi.sys or iastor.sys

      This is due to root-kit infection. The system bluscreens because the rootkit program is broken.

      Please understand that any computer can get infected if you are not running a good security software. My suggestion would be install the free MS Secutity Software available at below link:

      http://www.microsoft.com/security_essentials/

      Also, to get more updates on this issue please refer to the below thread:

      http://blogs.technet.com/msrc/archive/2010/02/11/restart-issues-after-installing-ms10-015.aspx
      hisingh
      Reply Vote

  • RE: Microsoft halts Windows Update distribution of security fix after blue-screen reports

    Maybe that's what was causing my sounds to disappear on my all of a sudden. Had to reset them 3 or 4 times.
    icg1032@...
    Reply Vote

  • RE: Microsoft halts Windows Update distribution of security fix after blue-screen reports

    I had the problem and I was out of action for a day. So I
    paid a technician to get me up and running again lol. :(
    :(

    Im not enjoying the windows experience,,,no way.
    rudi.daniel@...
    Reply Vote

  • RE: Microsoft halts Windows Update distribution of security fix after blue-screen reports

    So I've applied this update and have had slower than dial-up DSL since then on my XP PC. My Vista laptop has no problems. Is this a result of the update and what's the solution for those of us with this issue?
    SavedByGrace
    Reply Vote

  • RE: Microsoft halts Windows Update distribution of security fix after blue-screen reports

    Nothing wrong with taking precautions even if it isn't determined that its one of the patches. Probably some obsolete hardware or bad drivers as being the most likely cause. Still, Microsoft and its team of investigators will figure this out. The hard part will be trying to get everyone to stop blaming Microsoft for every little thing that goes wrong.
    Loverock Davidson
    Reply Vote

    • sure because MS never screw up

      right .... user should start a lawsuit again ms
      for faulty update .
      Quebec-french
      Reply Vote

      • No one is saying MS is problem free.

        However I haven't seen anything other than speculation that the patch(es) is(are) the cause of the problem. It's too early to tell yet people have already condemned them.

        Furthermore there's some speculation the problem may be related to a malware infection.. Again it's too early to tell but if that turns out to be the case will we see the people condemning Microsoft apologize? I doubt it.
        ye
        Reply Vote
CNET Join | Log In | Privacy | Cookies Close