Malware Indeed Responsible for February Patch Tuesday BSOD Problems
The Microsoft Security Response Center (MSRC) has confirmed the fact that malware is to blame for the BSOD (Blue Screen of Death) issues some Windows XP users have been experiencing after applying the updates from this month’s Patch Tuesday.
“We have been working around the clock with our customers, partners and several teams at Microsoft to determine the cause of these issues. Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit. We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third party applications and software,” explained MSCR Director Mike Reavey.
During the February ’10 Patch Tuesday, Microsoft released 13 security bulletins (5 critical) that addressed a total of 26 security vulnerabilities in the Windows operating system and Office productivity suite. After getting the update, some Windows XP users started seeing the dreaded BSOD. Microsoft launched and investigation and determined that security bulleting MS10-015 might be to blame.
As the investigation moved on, Microsoft found out that malware might be to blame, not the MS10-015 security bulletin. But at the time they were not exactly sure this was the case. Now the MSRC is sure.
“The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state. In every investigated incident, we have not found quality issues with security update MS10-015. Our guidance remains the same: customers should continue to deploy this month’s security updates and make sure their systems are up-to-date with the latest anti-virus software,” explained Mike Reavey.
If you’re interested in finding out more about security bulletin MS10-15, here are the highlights:
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Rating: Important
Description: One publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
Most likely attack vector: Attacker already able to execute code as low-privileged user escalates privileges.
Affected software: Microsoft Windows.
“We have been working around the clock with our customers, partners and several teams at Microsoft to determine the cause of these issues. Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit. We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third party applications and software,” explained MSCR Director Mike Reavey.
During the February ’10 Patch Tuesday, Microsoft released 13 security bulletins (5 critical) that addressed a total of 26 security vulnerabilities in the Windows operating system and Office productivity suite. After getting the update, some Windows XP users started seeing the dreaded BSOD. Microsoft launched and investigation and determined that security bulleting MS10-015 might be to blame.
As the investigation moved on, Microsoft found out that malware might be to blame, not the MS10-015 security bulletin. But at the time they were not exactly sure this was the case. Now the MSRC is sure.
“The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state. In every investigated incident, we have not found quality issues with security update MS10-015. Our guidance remains the same: customers should continue to deploy this month’s security updates and make sure their systems are up-to-date with the latest anti-virus software,” explained Mike Reavey.
If you’re interested in finding out more about security bulletin MS10-15, here are the highlights:
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Rating: Important
Description: One publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
Most likely attack vector: Attacker already able to execute code as low-privileged user escalates privileges.
Affected software: Microsoft Windows.
