February '10 Patch Tuesday Causes Problems to Some Users
This month’s Patch Tuesday was a big, a very big one. Microsoft released 13 security bulletins (5 critical, 7 important and 1 moderate) that plugged a grand total of 26 vulnerabilities. These vulnerabilities affected Microsoft’s Windows operating system and the company’s Office productivity suite. The vulnerabilities affected all Windows versions; on the Office side, they affected older versions, not Office 2007 and 2008.
Security conscious users have undoubtedly updated to keep their systems safe and protected. Some of them quickly wished they hadn’t. Turns out that that the February 2010 Patch Tuesday caused problems to some Windows users. To be more precise, after updating, some Windows XP users started seeing the dreaded Blue Screen of Death (BSOD).
Redmond-based software giant Microsoft launched an investigation and found out that MS10-015 might be responsible for the users’ problems. According to company representatives, only a “limited number of users” had problems upon updating.
“We are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. Our teams are working to resolve this as quickly as possible. We also stopped offering this update through Windows Update as soon as we discovered the restart issues. However, those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages,” explained Senior Security Communications Manager Lead with the Microsoft Security Response Center, Jerry Bryant.
Here are the details on MS10-015:
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Rating: Important
Description: One publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
Most likely attack vector: Attacker already able to execute code as low-privileged user escalates privileges.
Affected software: Microsoft Windows.
Security conscious users have undoubtedly updated to keep their systems safe and protected. Some of them quickly wished they hadn’t. Turns out that that the February 2010 Patch Tuesday caused problems to some Windows users. To be more precise, after updating, some Windows XP users started seeing the dreaded Blue Screen of Death (BSOD).
Redmond-based software giant Microsoft launched an investigation and found out that MS10-015 might be responsible for the users’ problems. According to company representatives, only a “limited number of users” had problems upon updating.
“We are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. Our teams are working to resolve this as quickly as possible. We also stopped offering this update through Windows Update as soon as we discovered the restart issues. However, those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages,” explained Senior Security Communications Manager Lead with the Microsoft Security Response Center, Jerry Bryant.
Here are the details on MS10-015:
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Rating: Important
Description: One publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
Most likely attack vector: Attacker already able to execute code as low-privileged user escalates privileges.
Affected software: Microsoft Windows.
