Microsoft Patch Causes System Crashes on Infected Computers

Microsoft has suspended automatic distribution of a recently released security patch that it says may be causing crashes for some Windows XP users.

The offending security patch, named MS10-015, was released earlier this week as part of Microsoft's regular Patch Tuesday event.

Problems for XP users cropped up immediately, resulting in systems caught in endless reboot cycles and so-called "Blue Screen of Death" (BSoD) crashes.

Even though Microsoft moved to pull the suspected update by Thursday afternoon, it was too late for many users.

"I am writing to let you know that we are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software," Jerry Bryant, senior security communications manager lead at Microsoft, said in a post on the Microsoft Security Response Center blog on Thursday afternoon.

Microsoft removed the patch from Windows Update. The patch was not ranked as "critical" on Microsoft's four-tiered severity rating system for security. Rather, it was ranked at the second-highest severity level of "important," meaning that it is not as easy to exploit as a critical security flaw.

While the patch was intended to close a security flaw, indications are that the problem is caused when the patch is applied to a computer that is already infected with malware according to a later post by Bryant. Apparently Microsoft did not take into consideration the fact that 32% of all computers are already infected, despite the fact they anti-malware software, according to SurfRight research.

Security professionals have since identified the TDSS kernal rootkit as the likely cause. At Village Geek Computers we have verified the TDSS rootkit is commonly part of the lastest revision of the Rogue that we warned you about recently.

Rootkits are a particularly nasty bit of malware that is extremely hard to remove. Several companies are offering stand alone tools to clean the TDSS rootkit, like this one from Kaspersky.

As always if this is too technical for you, Village Geek Computers is here to help if you are affected.

~Steve