News

Microsoft Affirms BSOD, Halts Windows Patch

Redmond is once again looking into chatter about Microsoft security patches causing "screens of death."

This time the patch in question (MS10-015) was for a long-unaddressed Windows kernel bug that could enable elevation-of-privilege control by an attacker. The patch, which was contained in Tuesday's mammoth security update, was based on a security advisory that Microsoft released in late January.

According to this discussion thread on a Windows forum page, when Windows XP users applied the kernel patch, all they got was blue screens after they restarted their operating systems. Some users had to reopen Windows in "safe mode," while others simply got blue screens followed by error messages, according to comments on the thread.

The screens-of-death complaints in the forum thread reflect the experiences of XP users. However, Microsoft described its patch as important for Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 for 32-bit systems. The Windows kernel exploit has been present in all 32-bit Windows versions since Windows NT, which means the bug has been accessible for about 17 years.

Microsoft admitted in a security blog that restart issues are associated with its MS10-015 patch, and that malware on a system can cause the problem. To that end, many in the security community believe that a rootkit may be blocking the patch installation and triggering the instances of "blue screen of death" (BSOD) shutdowns.

"The possibility that the reported BSOD problems, associated with the recent Microsoft patches, are related to a malware rootkit makes a lot of sense," said Andrew Storms, director of security operations at nCircle. "As a result of their extensive quality control and testing processes, Microsoft has a terrific track record of releasing solid patches. No one expects Microsoft to test installing patches on a system that already contains malware though."

Because of the snafu and pending investigation, Microsoft has temporarily pulled security bulletin MS10-015 from automatic release through Windows Update. However, the patch still remains on Microsoft update sites for administrators to download and test.

"This issue with the patch is a prime example of why administrators should test each and every patch they deploy them to their systems," said Jason Miller, data and security team leader for Shavlik Technologies. "Microsoft tries to ensure the functionality of each patch, but it cannot be guaranteed with so many different systems and scenarios that are affected by the patch."

For those with the BSOD problem, the Windows forum moderator for Microsoft, Kevin Hau, suggested that users "boot from your Windows XP CD or DVD and start the recovery console." Hau then referred Windows users to this Knowledge Base article for more details on how to reboot safely.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.