Microsoft Affirms BSOD, Halts Windows Patch

Redmond is once again looking into chatter about Microsoft security patches causing "screens of death."

This time the patch in question (MS10-015) was for a long-unaddressed Windows kernel bug that could enable elevation-of-privilege control by an attacker. The patch, which was contained in Tuesday's mammoth security update, was based on a security advisory that Microsoft released in late January.

According to this discussion thread on a Windows forum page, when Windows XP users applied the kernel patch, all they got was blue screens after they restarted their operating systems. Some users had to reopen Windows in "safe mode," while others simply got blue screens followed by error messages, according to comments on the thread.

The screens-of-death complaints in the forum thread reflect the experiences of XP users. However, Microsoft described its patch as important for Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 for 32-bit systems. The Windows kernel exploit has been present in all 32-bit Windows versions since Windows NT, which means the bug has been accessible for about 17 years.

Microsoft admitted in a security blog that restart issues are associated with its MS10-015 patch, and that malware on a system can cause the problem. To that end, many in the security community believe that a rootkit may be blocking the patch installation and triggering the instances of "blue screen of death" (BSOD) shutdowns.

"The possibility that the reported BSOD problems, associated with the recent Microsoft patches, are related to a malware rootkit makes a lot of sense," said Andrew Storms, director of security operations at nCircle. "As a result of their extensive quality control and testing processes, Microsoft has a terrific track record of releasing solid patches. No one expects Microsoft to test installing patches on a system that already contains malware though."

Because of the snafu and pending investigation, Microsoft has temporarily pulled security bulletin MS10-015 from automatic release through Windows Update. However, the patch still remains on Microsoft update sites for administrators to download and test.

"This issue with the patch is a prime example of why administrators should test each and every patch they deploy them to their systems," said Jason Miller, data and security team leader for Shavlik Technologies. "Microsoft tries to ensure the functionality of each patch, but it cannot be guaranteed with so many different systems and scenarios that are affected by the patch."

For those with the BSOD problem, the Windows forum moderator for Microsoft, Kevin Hau, suggested that users "boot from your Windows XP CD or DVD and start the recovery console." Hau then referred Windows users to this Knowledge Base article for more details on how to reboot safely.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Readies Improvements to Teams Conferencing Hardware

    To better equip offices for meetings in the new post-lockdown, hybrid-work era, Microsoft is introducing increased functionality for Microsoft Teams hardware.

  • 2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • What We Know About 'Windows 11,' Microsoft's Next-Gen Client OS

    Ahead of a June 24 Microsoft presentation about the future of Windows, a pre-release build of Microsoft's next client operating system was leaked this week.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.