Microsoft stops serving Windows patch blamed for blue screens

Pulls suspect security update, but questions -- and problems -- remain

Microsoft late Thursday said it had halted distribution of a security update linked to crippled Windows XP PCs that display the notorious Blue Screen of Death.

According to users who posted complaints to Microsoft's support forum, after installing the update, one of 13 released Tuesday, their machines refuse to start up. Instead, their systems shudder to a stop at the blue screen which in Windows indicates a serious software error and crash.

"We stopped offering this update through Windows Update as soon as we discovered the restart issues," said Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC).

Bryant also said that Microsoft was digging into the problem. "Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165)," he said. "However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software."

He also downplayed the extent of the blue screening, saying that only a "limited number" of users were affected.

The support thread dedicated to the problem, however, grew by bounds on Thursday. By day's end it boasted more than 250 messages -- double the number of 12 hours before -- and had been accessed over 55,000 times.

Bryant encouraged Windows XP users to apply Tuesday's other patches, and to protect their machines in lieu of the now-missing MS10-015 with a automated workaround that disables the vulnerable NT Virtual DOS Mode (NTVDM) subsystem.

MS10-015 quashed a pair of 17-year-old kernel bugs in all 32-bit versions of Windows. The vulnerability went public three weeks ago when a Google engineer published proof-of-concept attack code.

Microsoft did not provide any new help Thursday to users whose machines have been incapacitated, nor did Bryant provide a timetable when the company would conclude its investigation. The only Microsoft-endorsed solution, which was posted to the support forum Wednesday by a user, is worthless to netbook owners whose systems lack a CD or DVD drive.

Late Thursday, however, someone identified as "John E" and labeled as a Microsoft employee asked users with the blue screen problem to submit a memory dump file from their PCs for examination.

The impact now stretches beyond Microsoft. A spokeswoman for Dell acknowledged Thursday that calls to its support center were on the increase because of the blue screen issue. Hewlett-Packard did not respond to a similar request for comment on the update problem.

Not surprisingly, rumors began circulating about possible causes of the apparent conflict between the MS10-015 update and some, though certainly not all, Windows XP machines. One making the rounds ended up on the support thread: "Is it true that the [Blue Screen of Death] only happens on people already infected with the malware that this update is supposed to fix?" Several users jumped in to reject that theory, a good bet since although exploit code was publicly disclosed several weeks ago, Microsoft said Tuesday that it had seen no in-the-wild attacks.

This week's incident was not the first where a Microsoft update has harmed rather than helped. Two years ago, a set of updates for Vista sent machines into an endless series of reboots. Similar problems stymied users who tried to upgrade to Windows XP Service Pack 3 (SP3) in May 2008, and others attempting to upgrade from Vista to Windows 7 last October.

Robert McMillan of the IDG News Service contributed to this story.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, send e-mail to or subscribe to Gregg's RSS feed .

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon