• From article on eWeek.com here:

    Microsoft is investigating reports that users are experiencing the infamous “Blue Screen of Death” after installing one of Microsoft’s Patch Tuesday security updates.

    According to Microsoft, the problem appears to be related to MS10-015, but the company has not determined if the problem is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. The bulletin addresses two Windows Kernel privilege escalation bugs, and was among 13 issued Feb. 9 to plug a total of 26 security holes.

    IMO, the forum post they link with the “fix” procedure is overkill.  It makes you uninstall all of that week’s updates when the only problematic one is KB977165.

    The procedure really should be:

    1. Boot from your Windows XP CD or DVD and start the recovery console
    2. Once you are in the Repair Screen..
    3. Type this command: CHDIR $NtUninstallKB9777165 $\spuninst
    4. Type this command: BATCH spuninst.txt
    5. Type this command: systemroot
    6. When complete, type this command: exit

    Your computer should restart and everything should be back to normal.

    Update: It’s now been discovered that the root cause of this issue was actually a rootkit that conflicted with the update in question:

    From the post on ComputerWorld.com here:

    Hackers behind the rootkit responsible for crippling Windows machines after users installed a Microsoft security patch have updated their malware so that it no longer crashes systems, researchers confirmed today.

    The rootkit, known by a variety of names — including TDSS, Tidserv and TDL3 — was blamed by Microsoft last Friday for causing Windows XP PCs to crash after users applied the MS10-015 security update, one of 13 Microsoft issued a week ago.

    So, if you applied the fix I prescribed above and it fixed your BSOD, you’ve still (probably) got a rootkit on your machine, and you just fixed the symptom, NOT THE TRUE ISSUE!

    And if you never got a BSOD from this update (heh, why are you reading this?), you may still be infected, if your rootkit was updated before your installed the Windows Update.  Clear as mud? 😉

    Tags: , , ,

   

Recent Comments

  • You actually can delete the PublishAddresses registry key. T...
  • Thanks - One step along the road to getting Vista and XP ...