Rootkit to blame for Windows blue screen

By on
Rootkit to blame for Windows blue screen

Patch not to blame.

Users who experienced issues when installing a recent Windows patch likely are infected by the Alureon rootkit, Microsft has announced.

"We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third-party applications and software," Mike Reavey, director of the Microsoft Security Response Center, said in a blog post. "The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state.

Microsoft began investigating the issue after some Windows XP SP2 and SP3 customers complained that after installing one of the patches the company released earlier this month, the so-called 'blue screen of death' resulted when they attempted to restart. The patch was bulletin MS10-015, which repairs privilege-escalation vulnerabilities in the Windows kernel.

The software giant concluded that the patch met all quality assurance protocols and "confirmed that all of the affected systems had the Alureon rootkit installed," Reavey said.

Users unable to remove the malware from their machines by using a security solution should consider backing up all essential files, wiping their hard drive clean and reinstalling Windows, he said.

Microsoft did not discover the issue during its testing of the patch because malware such as the Alureon rookit would leave systems in such an unstable state that they could not be effectively tested, Reavey said.

When installed on a machine, Alureon "may download and execute other files, block access to certain websites, and redirect searches", according to a Microsoft summary.

Microsoft still considers MS10-015 to be a high-priority patch.

"Our guidance remains the same," Reavey said. "Customers should continue to deploy this month's security updates and make sure their systems are up-to-date with the latest anti-virus software."

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
bluefixrootkitscreensecurityupdatewindows

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

Most Read Articles

PayTo rollout kicks off

PayTo rollout kicks off
Australia scraps digital passenger cards for international arrivals

Australia scraps digital passenger cards for international arrivals
Neobank Volt exits the banking industry

Neobank Volt exits the banking industry
Optus brands Telstra-TPG deal 'uniquely one-sided'

Optus brands Telstra-TPG deal 'uniquely one-sided'

Digital Nation

Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce

Log In

  |  Forgot your password?