Microsoft again pushes patch linked to Windows blue screens
Adds rootkit detection so patch isn't installed on infected PCs
Computerworld - Microsoft today said it had restarted distribution of a security update that had crippled some Windows PCs last month with reboot problems and Blue Screen of Death error screens.
The update, dubbed MS10-015, originally shipped on Feb. 9, but was pulled from Windows Updates' automatic update two days later after complaints flooded Microsoft's support forum from users whose machines refused to restart after they had installed the patch. The affected PCs shuddered to a stop at the blue screen which indicates a serious software error and crash in Windows.
Within a week, Microsoft announced that only PCs infected with the "Alureon" rootkit were incapacitated by MS10-015. It denied that there was any flaw in the security update itself.
"Today Microsoft resumed the distribution of MS10-015 to Windows customers through Automatic Update," Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC), said in an e-mail. "The bulletin includes added detection logic for consumer and enterprise customers that searches for indications of the Alureon rootkit. If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options. If this occurs, Microsoft customer support will work with impacted customers to resolve each issue."
Microsoft provided more information about the error messages, and what users seeing them should do, on its Web site.
Users who have already installed MS10-015 without problems do not have to reinstall it, Microsoft said.
The company also issued a scanning tool users can run to determine whether their PCs are infected with the rootkit before they attempt to download and install MS10-015. The tool doesn't scrub Alureon from a compromised computer, but only determines whether the system is compatible with the patch.
Microsoft has not yet delivered a promised detect-and-destroy tool that will clean infected PCs. Two weeks ago, the company said the tool would be ready in "a few weeks." It used the same timeframe today. " We anticipate that tools for both consumers and enterprise customers will be available in a few weeks," said Bryant.
In the past, Microsoft has used its Malicious Software Removal Tool (MSRT), a free program updated each Patch Tuesday, to seek out and destroy rootkits. The next scheduled refresh of the MSRT is March 9.
Microsoft has caught heat over the fact that it took nearly two decades to fix the flaw. At the RSA Conference in San Francisco today, Brian Snow, former technical director of the National Security Agency's Information Assurance Directorate, blasted Microsoft for its sluggish pace.
Saying that fixing vulnerabilities can be a competitive advantage for companies, Snow cited MS10-015. "Seventeen years and not yet addressed? Give me a break," said Snow.
Robert McMillan of the IDG News Service contributed to this report.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts