Microsoft confirms rootkit to blame for Windows crashes after patch is installed

Microsoft says it is working on a solution and will not push patch MS10-015 out yet

Microsoft today confirmed what a security researcher had discovered about the patch that was said to be causing Windows to crash.

"I wanted to update you on additional information provided by Microsoft yesterday regarding the restart issues tied to the installation of MS10-015, the Windows kernel update released in the February Security Bulletin Release.After extensive testing, Microsoft has confirmed that the restart issue is a result of Alureon rootkit infections. For additional information on the investigation, please visit the Microsoft Security Response Center blog. Also, please see the Microsoft Malware Protection Center blog for further details on the Alureon rootkit. 

"Microsoft is striving to resolve the issue as quickly as possible, and as such, will continue to hold offering MS10-015 through Automatic Update for 32-bit Windows systems until a solution is available.

As I reported previously:

Hundreds of users posted messages on a Microsoft support forum complaining that Patch Tuesday's updates were crashing their XP computers. Indeed, a couple of readers wrote to Microsoft Subnet about the problem, too. Microsoft responded on Thursday by removing the offending patch from its automatic download for consumers. However it did not remove the patch from its enterprise patch management systems.

The troublesome patch was narrowed down to MS10-015. Microsoft didn't step up to take full blame for the problem -- saying that the issue could be caused by third-party software. Indeed, some independent security researchers are seconding that opinion, saying a rootkit appears to be the cause. Patrick W. Barnes, an Amarillo, Texas-based computer expert who is credited with discovering the infection, posted instructions on how to repair the atapi.sys file.

This is, of course, not the first time users experienced problems after a patch only to be told  that malware was really to blame. In December, Prevx, a security researcher, published a blog saying a Microsoft patch was faulty, only to later apologize and backtrack on its initial claims that Microsoft patch causes black screen.

Like this post? Check out these others.

Plus, visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.) All Microsoft Subnet bloggers on Twitter Julie Bort on Twitter



Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in