Microsoft again pushes patch linked to Windows blue screens
Adds rootkit detection so patch isn't installed on infected PCs
Computerworld - Microsoft today said it had restarted distribution of a security update that had crippled some Windows PCs last month with reboot problems and Blue Screen of Death error screens.
The update, dubbed MS10-015, originally shipped on Feb. 9, but was pulled from Windows Updates' automatic update two days later after complaints flooded Microsoft's support forum from users whose machines refused to restart after they had installed the patch. The affected PCs shuddered to a stop at the blue screen which indicates a serious software error and crash in Windows.
Within a week, Microsoft announced that only PCs infected with the "Alureon" rootkit were incapacitated by MS10-015. It denied that there was any flaw in the security update itself.
"Today Microsoft resumed the distribution of MS10-015 to Windows customers through Automatic Update," Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC), said in an e-mail. "The bulletin includes added detection logic for consumer and enterprise customers that searches for indications of the Alureon rootkit. If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options. If this occurs, Microsoft customer support will work with impacted customers to resolve each issue."
Microsoft provided more information about the error messages, and what users seeing them should do, on its Web site.
Users who have already installed MS10-015 without problems do not have to reinstall it, Microsoft said.
The company also issued a scanning tool users can run to determine whether their PCs are infected with the rootkit before they attempt to download and install MS10-015. The tool doesn't scrub Alureon from a compromised computer, but only determines whether the system is compatible with the patch.
Microsoft has not yet delivered a promised detect-and-destroy tool that will clean infected PCs. Two weeks ago, the company said the tool would be ready in "a few weeks." It used the same timeframe today. " We anticipate that tools for both consumers and enterprise customers will be available in a few weeks," said Bryant.
In the past, Microsoft has used its Malicious Software Removal Tool (MSRT), a free program updated each Patch Tuesday, to seek out and destroy rootkits. The next scheduled refresh of the MSRT is March 9.
Microsoft has caught heat over the fact that it took nearly two decades to fix the flaw. At the RSA Conference in San Francisco today, Brian Snow, former technical director of the National Security Agency's Information Assurance Directorate, blasted Microsoft for its sluggish pace.
Saying that fixing vulnerabilities can be a competitive advantage for companies, Snow cited MS10-015. "Seventeen years and not yet addressed? Give me a break," said Snow.
Robert McMillan of the IDG News Service contributed to this report.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!