Microsoft is re-releasing the patch that caused Windows systems to crash in February with a Blue Screen of Death.
The software maker has re-written the installation package for the update, MS10-015, and will push it out automatically to users. It has written logic into the update to prevent the fix from being installed if the Alureon rootkit is present, it said in a Microsoft Security Response Center statement on Tuesday.
The Alureon rootkit, which makes changes to the operating system kernel, caused the February crashes, according to Microsoft.
"I am writing to let you know that we have revised the installation packages for MS10-015 with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist," wrote Microsoft's senior security communications manager lead, Jerry Bryant, in the statement.
"Such conditions could be the result of an infection with a computer virus such as the Alureon rootkit. If these conditions are detected the update will not be installed and the result will be a standard Windows Update error."
Windows users — primarily those on XP — were hit by the Blue Screen of Death (a succession of system error messages) after Microsoft first released the update on 9 February. Microsoft soon suspected the crashes were due to malware, but delayed re-releasing the patch until it identified the cause.
Microsoft has released an automated 'Fix It' tool to allow administrators to scan their systems to identify whether they are compatible with the update before commencing enterprise-wide deployment.
The rootkit issue with the patch was not to do with Microsoft, but a result of the malware not having been tested for software compatibility, according to Fraser Howard, principal researcher at Sophos. Because hackers do not test their products in general, Microsoft updates could continue to be affected by rootkits, he said.
"It wouldn't surprise me if this issue happened again in future," Howard said.
People who have problems with the patch have been asked by Microsoft to visit its security support page.