Microsoft re-releases Blue Screen of Death fix

Richard Thurston ZDNet UK | March 4, 2010 1:12 PM PST

Summary

Microsoft is re-releasing the patch that caused Windows systems to crash in February with a Blue Screen of Death.

Topics

BSOD, Blue Screen, Microsoft Corp., Microsoft, Blue Screen of Death, Richard Thurston ZDNet UK

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Microsoft is re-releasing the patch that caused Windows systems to crash in February with a Blue Screen of Death.

The software maker has re-written the installation package for the update, MS10-015, and will push it out automatically to users. It has written logic into the update to prevent the fix from being installed if the Alureon rootkit is present, it said in a Microsoft Security Response Center statement on Tuesday.

The Alureon rootkit, which makes changes to the operating system kernel, caused the February crashes, according to Microsoft.

"I am writing to let you know that we have revised the installation packages for MS10-015 with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist," wrote Microsoft's senior security communications manager lead, Jerry Bryant, in the statement.

For more on this story, read Microsoft re-releases Blue Screen of Death fix on ZDNet UK.

Talkback Most Recent of 12 Talkback(s)

Follow via:: RSS; Email Alert

Well, while I'd like it better if Microsoft removed the rootkit

This is a good start..... I wonder if they can even remove the rootkit without hosing the system?
Lerianis10
4th Mar 2010
- Reply to
- Flag
Probably not a good idea

I highly recommend reading comments at this link:

http://aplawrence.com/Linux/strange-hack.html
Earthling2
4th Mar 2010
- Reply to
- Flag
MS will not remove the RK as part of a regular patch

Too much at stake there, such as liability if
the process goes wrong - which it can if the
rootkit herders update their defenses.

The prudent approach seems to be what MS
decided: If something strange is going on which
could cause the machine to become inoperable,
better refuse to patch.

Having said that, expect a remover for this
particular rootkit to be included in an
upcoming release of the Windows Malicious
Software Remover. This is a tool you opt into
and accept can tamper with your system beyond
simply patching it.
honeymonster
7th Mar 2010
- Reply to
- Flag
It is better to reinstall

If the machine has a rootkit, chances are there is so much more going on that it is better to reinstall and change the passwords.

Don't forget to clean up the boot sectors and MBR. Do this while booted from a CD-ROM. Bootsect.exe is available on Win7 installation disk. Search for more details:

http://www.bing.com/search?q=bootsect+MBR+site%3Amicrosoft.com

Again, if you think this is a Windows-specific problem, read comments to this article:

http://aplawrence.com/Linux/strange-hack.html

"Cleaning up" a rootkit is a bad idea.
Earthling2
7th Mar 2010
- Flag
You mean the one they said didn't exist?

I swear Microsoft posted that this error didn't exist, something about having no substantiated cases or some such...

...but now I can't find the old articles anywhere
Socratesfoot
5th Mar 2010
- Reply to
- Flag
Probably because they don't exist.

I swear Microsoft posted that this error didn't exist, something about having no substantiated cases or some such...

...but now I can't find the old articles anywhere
ye
5th Mar 2010
- Reply to
- Flag
Nope

MS said they were investigating and then admitted there was an issue for a few users.

You are getting MS mixed up with their biggest fan and apologist ever on Zdnet forum, LD.
Viva la crank dodo
5th Mar 2010
- Reply to
- Flag
RE: Microsoft re-releases Blue Screen of Death fix

That is the problem with a PC, to many people doing to many things!!! I was a PC user for over 10 years and just got tired of all the problems! Since i have moved to a Mac, I have not experienced one problem with my system. Maybe the PC world could learn something from Mac!
wiseguy347
5th Mar 2010
- Reply to
- Flag
TOO

Learn the difference between to, too and two and we might pay more attention to you. Until I figured out that you were using the wrong too I couldn't understand what you were saying.

And, yes buying a system where all the hardware and software is controlled by one vendor does mean that it's a more controlled environment. If you are trusting 'security by obscurity' to keep you safe and not running anti-virus software then you will regret it sooner or later.
wboaz
6th Mar 2010
- Reply to
- Flag
MAC lovers take every opportunity to justify MACs

I had a bright shiny new MAC on my desk for about two years. It was running OS-X with all the patches. It had all kinds of issues and crashed constantly. I can switch back and forth between PCs, LINUX PCs, and MACs with no issues at all, but anyone that tells you that MACs are trouble-free, has re-defined trouble to suit their MAC bias.
Rich_F
10th Mar 2010
- Reply to
- Flag
RE: Microsoft re-releases Blue Screen of Death fix

OKEY... So there was a REAL of a BSOD in February, and ZDNet thru the infamous Ed Bott did damage control to assert us IT DIDN'T EXIST AT ALL.

Good work, Ed Bott, now we know that you indeed receive two wages: Zdnets and Microsoft.
cosuna
5th Mar 2010
- Reply to
- Flag
No,the patch didn't BSOD in February.

It never BSODed.

Some PCs were infected by a rootkit. The
rootkit called into the kernel using absolute
addresses at system startup.

When the patch caused the kernel functions to
shift addresses, the rootkit jumped into the
middle of functions which caused it to BSOD.

It was the rootkit which BSODed, not
the patch and nor the Windows kernel.

If you need to bash Windows or Ed Bott, please
make sure to understand the issues first.
Otherwise you end up looking foolish.

Glad I could help you.
honeymonster
7th Mar 2010
- Reply to
- Flag