Microsoft: Malware may cause BSOD patch issue

Microsoft officials issued a status update on Friday for the BSOD patch issue affecting a limited amount of users.

Jerry Bryant, Sr. Security Communcations Manager at Microsoft, confirmed the company was continuing their investigations into the Blue Screen Of Death (BSOD) issues related to Windows Patch MS10-015. "We have determined that malware on the system can cause the behavior" stated Bryant. He added that the software giant was not yet ruling out "other potential causes" at present and that company officials are still investigating the root cause.

Microsoft said on Thursday it was investigating numerous reports on Microsoft’s help forums by users who were complaining that after a recent update, MS10-015, they were receiving a BSOD. Microsoft Answers, is filled with many users who are angry at the company for what they believe the update did to their machine. Microsoft stopped offering the patch via Windows Update on Thursday claiming it was removed as soon as the issues were discovered.

The patch in question, MS10-015, one of 13 security updates Microsoft issued Tuesday, fixed a 17-year-old kernel bug in all 32-bit versions of Windows. The vulnerability went public three weeks ago when a Google engineer disclosed the bug and posted proof-of-concept attack code.As Neowin had previously reported, Microsoft said it would fix a 17 year old bug that was discovered by the Google engineer.  The bug, patched in this update, is related to the Virtual Dos Machine (VDM) which is used to support 16-bit applications.

Microsoft officials say the issue is difficult to solve once a computer is in an un-bootable state. Microsoft advises customers who feel they have been impacted by the issue to contact the Customer Service and Support group.

Report a problem with article
Previous Story

Bing Maps gets a big geographical update

Next Story

WSJ states the obvious, Windows Phone 7 announcements next week

36 Comments

Commenting is disabled on this article.

Formatting because of a rootkit is mostly useless. I can usually clean a system manually without the need for any third party software to "scan" the system and am always sure when a pc is clean. The only time I format is when all exe's become infected. But the other reason it is useless is because it will only take the user (like my mother or family friend) about 2 days to get the pc all junked up again. My best advice is to stay off the internet. :D

Well, for what it's worth, the latest Microsoft Patch (20-09-2010), Patch# KB977165, totally trashed my custom built Windows Home Server. The dreaded BSoD appeared, and there was no way to overcome the problem except to reinstall the server software on the C drive partition. So far, it doesn't look like I lost my data, but I did loose about six (6) hours of my life restoring the WHS and almost 3TB of damn good flicks. I would like a few minutes alone with the SOB who wrote that Patch software. He/She would think twice after that séance about releasing that kind of crap again. Have a lovely evening. Ima

jjkusaf said,
well...also why would a virus scripter target 9% of the market?

Its not that he targeted anyone. Is that this rootkit and the Microsoft update don't play well together.

Which means the average computer user is a moron. Of those infected morons that had this rootkit, 9% actually install their windows updates.

Edited by warwagon, Feb 13 2010, 12:40am :

Kirkburn said,
9%?

ok, 9.63% according to a 2JAN10 Computerworld analysis. My original post was n response to sy89's post.

Hey I got 32 bit can't afford to upgrade no malware for me either so thank god any recommendations for a new machine ? Also me thinks that's why apple macs have 64 bit so have been out of the picture with viruses and malware for some time the next gen virus writers will now have to go 64 bit multiplatform ;)))

64bit Windows is harder to exploit both because of the kernel's PatchGuard feature, and because the entire 16bit subsystem is gone. PatchGuard is supposed to prevent direct modifications to the system kernel while it's running. Microsoft wasn't able to add this to the 32bit kernel because too many legitimate drivers hook into the kernel in bad ways (thus they would break in a PatchGuard enabled kernel), while 64bit breaks compatibility with 32bit drivers as a matter of necessity. It's not flawless technology, but it's a good layer of defense that has resulted in very few rootkits for Windows x64.

Apple has nothing to do with this. Their lack of malware is due to their lack of customers.

Isn't this the second time in just a few months something like this has happened and been blamed on malware? Maybe there is a bigger problem?

Simon said,
Isn't this the second time in just a few months something like this has happened and been blamed on malware? Maybe there is a bigger problem?

Face it, people are morons. I have no doubt in my mind that there is nothing else going on other than people are infecting their machines with malware.

Edited by warwagon, Feb 12 2010, 9:19pm :

Simon said,
Isn't this the second time in just a few months something like this has happened and been blamed on malware? Maybe there is a bigger problem?

Yeah, that problem is Windows XP - Both times it has been XP machines that are infected.

Frylock86 said,

Yeah, that problem is Windows XP - Both times it has been XP machines that are infected.

Yes, I see what you did there.

(time to upgrade....)

Elliott said,
So Microsoft made the malware work even better? Cool. :P

I think Microsoft made the malware fail entirely actually. The point of a rootkit is quite often to monitor without being easily detected. It just so happens that the file it used is he one relied upon for the modification the patch makes. IF the computer doesn't boot at all, the rootkit isn't really doing anything and is pointless.

[QUOTE] He added that the software giant was not yet ruling out "other potential causes"[/QUOTE]

What's the longest punt in history because I think Microsoft just broke it.

Once again, people are so quick to blame Microsoft for breaking their computers when it was malware all along. Anyone remember the "Black Screen of Death" from a few months back?