Rootkit to blame for Windows blue screen

By on
Rootkit to blame for Windows blue screen

Patch not to blame.

Users who experienced issues when installing a recent Windows patch likely are infected by the Alureon rootkit, Microsft has announced.

"We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third-party applications and software," Mike Reavey, director of the Microsoft Security Response Center, said in a blog post. "The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state.

Microsoft began investigating the issue after some Windows XP SP2 and SP3 customers complained that after installing one of the patches the company released earlier this month, the so-called 'blue screen of death' resulted when they attempted to restart. The patch was bulletin MS10-015, which repairs privilege-escalation vulnerabilities in the Windows kernel.

The software giant concluded that the patch met all quality assurance protocols and "confirmed that all of the affected systems had the Alureon rootkit installed," Reavey said.

Users unable to remove the malware from their machines by using a security solution should consider backing up all essential files, wiping their hard drive clean and reinstalling Windows, he said.

Microsoft did not discover the issue during its testing of the patch because malware such as the Alureon rookit would leave systems in such an unstable state that they could not be effectively tested, Reavey said.

When installed on a machine, Alureon "may download and execute other files, block access to certain websites, and redirect searches", according to a Microsoft summary.

Microsoft still considers MS10-015 to be a high-priority patch.

"Our guidance remains the same," Reavey said. "Customers should continue to deploy this month's security updates and make sure their systems are up-to-date with the latest anti-virus software."

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
blue fix rootkit screen security update windows
In Partnership With

Most Read Articles

Telstra blocks 2.9m scam calls in one month

Telstra blocks 2.9m scam calls in one month
CBA primes app for $10bn welfare payments clawback

CBA primes app for $10bn welfare payments clawback
Gallery: The epic four-day Antarctic trek to maintain ONE IoT device

Gallery: The epic four-day Antarctic trek to maintain ONE IoT device
ANZ prototypes 21 new apps in three-day open banking sprint

ANZ prototypes 21 new apps in three-day open banking sprint
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?
Follow these steps to prevent targeted attacks
Follow these steps to prevent targeted attacks
Your mobile devices may not be secure – learn how to fix that
Your mobile devices may not be secure – learn how to fix that

Events

Log In

Username / Email:
Password:
  |  Forgot your password?