Microsoft Tries to Avoid Windows Blue Screen Repeat
in [Help and Support]
|
Prev: HP Deskjet 935 C
Next: error messages
From: Ablang on 14 Apr 2010 22:43 < I am definitely fearful of Windows Updates. I do a manual creating a Restore before doing an update. My other laptop is still down from the damage of KB977165.> -- Microsoft Tries to Avoid Windows Blue Screen Repeat Gregg Keizer Apr 14, 2010 5:09 am http://www.pcworld.com/article/194205/microsoft_tries_to_avoid_windows_blue_screen_repeat.html Microsoft took steps Tuesday to avoid repeating the debacle two months ago that left Windows XP users staring at the notorious "Blue Screen of Death" error message after they applied a patch. In February, a security update that fixed two flaws in the Windows kernel -- the operating system's most important component -- wreaked havoc when it was applied by users, who almost immediately flooded Microsoft 's support forum with reports of crippled computers . As the number of reports grew, Microsoft first stopped automatically serving the MS10-015 update, then confirmed that a rootkit caused the crashes . Only PCs that had been previously infected with the Alureon rootkit were incapacitated, Microsoft's investigation found. Microsoft restarted distribution of the update only after it had come up with a way to block rootkit-infected PCs from receiving the patches. "If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options," said Jerry Bryant, general manager with the Microsoft Security Response Team, in early March. MS10-021 , one of the 11 updates issued yesterday as part of Microsoft's monthly Patch Tuesday cycle , also fixed flaws in the Windows kernel. But Microsoft is hoping that this month's update won't trigger a repeat Blue Screen of Death. "This security update includes package detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systems," stated the MS10-021 bulletin. "These abnormal conditions on a system could be the result of an infection with a computer virus that modifies some operating system files, which renders the infected computer incompatible with the kernel update." One security expert applauded the move. "I give Microsoft a big tip of the hat for not taking [the February incident] as a one-off," said Jason Miller, data and security team manager at network compliance and security vendor Shavlik Technologies. "The kernel is something that if something goes bad, that's not good. Patching the kernel is not like patching a media player." Microsoft obviously learned a lesson. Even though the February update crashed a relatively small number of PCs, the problem actually affected many more, he argued. "It may have affected just a few people, but it scared almost everyone into not patching," Miller said. Although scattered reports of problems with Tuesday's security updates have been posted on Microsoft's support forum, Computerworld did not find any message threads describing Blue Screen of Death crashes after users applied yesterday's MS10-021 kernel update. Enterprises should still test the update before widely deploying it, Miller recommended. "With every kernel patch, you really have to test. We're pretty adamant about that," he said. Microsoft also urged users to apply MS10-021 to protect themselves. Although attacks had not been found in the wild exploiting any of the eight vulnerabilities addressed by the update, the company noted that users would "likely...see reliable exploit code developed for one or more of these eight vulnerabilities" in the next 30 days. This month's security update, including MS10-021, can be downloaded and installed via the Windows Update and Microsoft Update services, as well as through Windows Server Update Services.
From: Tecknomage on 15 Apr 2010 07:19 On Wed, 14 Apr 2010 19:43:14 -0700 (PDT), Ablang <ron916(a)gmail.com> wrote: > Microsoft Tries to Avoid Windows Blue Screen Repeat > > Gregg Keizer > Apr 14, 2010 5:09 am > > http://www.pcworld.com/article/194205/microsoft_tries_to_avoid_windows_blue_screen_repeat.html > > Microsoft took steps Tuesday to avoid repeating the debacle two months > ago that left Windows XP users staring at the notorious "Blue Screen > of Death" error message after they applied a patch. > > In February, a security update that fixed two flaws in the Windows > kernel -- the operating system's most important component -- wreaked > havoc when it was applied by users, who almost immediately flooded > Microsoft 's support forum with reports of crippled computers . > > As the number of reports grew, Microsoft first stopped automatically > serving the MS10-015 update, then confirmed that a rootkit caused the > crashes . Only PCs that had been previously infected with the Alureon > rootkit were incapacitated, Microsoft's investigation found. > > Microsoft restarted distribution of the update only after it had come > up with a way to block rootkit-infected PCs from receiving the > patches. "If detection logic included in Automatic Update discovers > abnormal conditions in certain operating system file configurations, > the update will fail and customers will be presented with an error > message that offers alternative support options," said Jerry Bryant, > general manager with the Microsoft Security Response Team, in early > March. > > MS10-021 , one of the 11 updates issued yesterday as part of > Microsoft's monthly Patch Tuesday cycle , also fixed flaws in the > Windows kernel. But Microsoft is hoping that this month's update won't > trigger a repeat Blue Screen of Death. > > "This security update includes package detection logic that prevents > the installation of the security update if certain abnormal conditions > exist on 32-bit systems," stated the MS10-021 bulletin. "These > abnormal conditions on a system could be the result of an infection > with a computer virus that modifies some operating system files, which > renders the infected computer incompatible with the kernel update." > > One security expert applauded the move. > > "I give Microsoft a big tip of the hat for not taking [the February > incident] as a one-off," said Jason Miller, data and security team > manager at network compliance and security vendor Shavlik > Technologies. "The kernel is something that if something goes bad, > that's not good. Patching the kernel is not like patching a media > player." > > Microsoft obviously learned a lesson. Even though the February update > crashed a relatively small number of PCs, the problem actually > affected many more, he argued. "It may have affected just a few > people, but it scared almost everyone into not patching," Miller said. > > Although scattered reports of problems with Tuesday's security updates > have been posted on Microsoft's support forum, Computerworld did not > find any message threads describing Blue Screen of Death crashes after > users applied yesterday's MS10-021 kernel update. > > Enterprises should still test the update before widely deploying it, > Miller recommended. "With every kernel patch, you really have to test. > We're pretty adamant about that," he said. > > Microsoft also urged users to apply MS10-021 to protect themselves. > Although attacks had not been found in the wild exploiting any of the > eight vulnerabilities addressed by the update, the company noted that > users would "likely...see reliable exploit code developed for one or > more of these eight vulnerabilities" in the next 30 days. > > This month's security update, including MS10-021, can be downloaded > and installed via the Windows Update and Microsoft Update services, as > well as through Windows Server Update Services. My question would be why didn't the version of "Malicious Software Removal Tool" prior to the update causing the BSoD find and remove offending rootkit? Isn't that what the tool is for?? Was this a case where Microsoft was not aware of the particular rootkit at the time? -- ======== Tecknomage ======== Computer Systems Specialist IT Technician San Diego, CA
From: Swifty on 15 Apr 2010 11:30 On Thu, 15 Apr 2010 04:19:46 -0700, Tecknomage <tecknode(a)NOSPAM.com> wrote: >My question would be why didn't the version of "Malicious Software >Removal Tool" prior to the update causing the BSoD find and remove >offending rootkit? Isn't that what the tool is for?? I've never managed to work out whether the Malicious Software Removal Tool is just something that just runs whenever it downloads in Windows Update, or it is (as the name implies) a tool that can be used by the user to help them remove malicious software. I've got quite a lot of stuff on my PC which I'd class as malicious - put there by my employer. :-) -- Steve Swift http://www.swiftys.org.uk/swifty.html http://www.ringers.org.uk
From: Tecknomage on 16 Apr 2010 07:32 On Thu, 15 Apr 2010 16:30:38 +0100, Swifty <steve.j.swift(a)gmail.com> wrote: > On Thu, 15 Apr 2010 04:19:46 -0700, Tecknomage <tecknode(a)NOSPAM.com> > wrote: > > >My question would be why didn't the version of "Malicious Software > >Removal Tool" prior to the update causing the BSoD find and remove > >offending rootkit? Isn't that what the tool is for?? > > I've never managed to work out whether the Malicious Software Removal > Tool is just something that just runs whenever it downloads in Windows > Update, or it is (as the name implies) a tool that can be used by the > user to help them remove malicious software. > I know it does run when installed. Took 45min to scan our Fileserver just the other day (large hard drive storage). On desktops it takes something like 5min. As to running manually? Good question. Run at bootup? Of course, the newer, good AntiVirus have rootkit detection/removal. We use Symantec AntiVirus Corporate at work and I use BitDefender AntiVirus 2009 at home, both take care of rootkits. -- ======== Tecknomage ======== Computer Systems Specialist IT Technician San Diego, CA
|
Pages: 1 Prev: HP Deskjet 935 C Next: error messages |