Microsoft again pushes patch linked to Windows blue screens
Adds rootkit detection so patch isn't installed on infected PCs
Computerworld - Microsoft today said it had restarted distribution of a security update that had crippled some Windows PCs last month with reboot problems and Blue Screen of Death error screens.
The update, dubbed MS10-015, originally shipped on Feb. 9, but was pulled from Windows Updates' automatic update two days later after complaints flooded Microsoft's support forum from users whose machines refused to restart after they had installed the patch. The affected PCs shuddered to a stop at the blue screen which indicates a serious software error and crash in Windows.
Within a week, Microsoft announced that only PCs infected with the "Alureon" rootkit were incapacitated by MS10-015. It denied that there was any flaw in the security update itself.
"Today Microsoft resumed the distribution of MS10-015 to Windows customers through Automatic Update," Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC), said in an e-mail. "The bulletin includes added detection logic for consumer and enterprise customers that searches for indications of the Alureon rootkit. If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options. If this occurs, Microsoft customer support will work with impacted customers to resolve each issue."
Microsoft provided more information about the error messages, and what users seeing them should do, on its Web site.
Users who have already installed MS10-015 without problems do not have to reinstall it, Microsoft said.
The company also issued a scanning tool users can run to determine whether their PCs are infected with the rootkit before they attempt to download and install MS10-015. The tool doesn't scrub Alureon from a compromised computer, but only determines whether the system is compatible with the patch.
Microsoft has not yet delivered a promised detect-and-destroy tool that will clean infected PCs. Two weeks ago, the company said the tool would be ready in "a few weeks." It used the same timeframe today. " We anticipate that tools for both consumers and enterprise customers will be available in a few weeks," said Bryant.
In the past, Microsoft has used its Malicious Software Removal Tool (MSRT), a free program updated each Patch Tuesday, to seek out and destroy rootkits. The next scheduled refresh of the MSRT is March 9.
Microsoft has caught heat over the fact that it took nearly two decades to fix the flaw. At the RSA Conference in San Francisco today, Brian Snow, former technical director of the National Security Agency's Information Assurance Directorate, blasted Microsoft for its sluggish pace.
Saying that fixing vulnerabilities can be a competitive advantage for companies, Snow cited MS10-015. "Seventeen years and not yet addressed? Give me a break," said Snow.
Robert McMillan of the IDG News Service contributed to this report.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!