Microsoft patches fail on infected Windows

April security fixes for Windows will not install if the user's machine is infected with the Alureon rootkit.

April security fixes for Windows will not install if the user's machine is infected with the Alureon rootkit.

The company's latest security patches, released on April 16, will spot the rootkit if present and refuse to continue with installation. The Alureon rootkit was responsible for crashes in February's security updates, including Blue Screen of Death errors for XP users due to the way it interacted with the KB977165 patch, which required kernel access.

April's security bulletin primarily patches vulnerabilities in the kernel, with the most severe exploit allowing a elevation of privileges if an attacker has logged on locally. The patches include 11 security bulletins that fix 25 vulnerabilities, and can be installed once the infected machines are cleaned.

Alureon causes problems with the way Microsoft's patches interact with the kernel, which has led the company to include a package detection logic that prevents the installation of the security update if the rootkit is present on 32-bit systems, according to the MS10-021 bulletin.

For more on this story, read Microsoft patches fail infected Windows users on ZDNet UK.