Microsoft tries again with patch linked to Windows blue screens
Adds rootkit detection to security update, which had crippled some Windows PCs last month, so patch isn't installed on infected PCs
Microsoft said it has restarted distribution of a security update that had crippled some Windows PCs last month with reboot problems and Blue Screen of Death error screens.
The update, dubbed MS10-015, originally shipped on Feb. 9, but was pulled from Windows Updates' automatic update two days later after complaints flooded Microsoft 's support forum from users whose machines refused to restart after they had installed the patch. The affected PCs shuddered to a stop at the blue screen which indicates a serious software error and crash in Windows.
[ InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]
Within a week, Microsoft announced that only PCs infected with the "Alureon" rootkit were incapacitated by MS10-015. It denied that there was any flaw in the security update itself.
"Today Microsoft resumed the distribution of MS10-015 to Windows customers through Automatic Update," Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC), said in an email. "The bulletin includes added detection logic for consumer and enterprise customers that searches for indications of the Alureon rootkit. If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options. If this occurs, Microsoft customer support will work with impacted customers to resolve each issue."
Microsoft provided more information about the error messages , and what users seeing them should do, on its Web site.
Users who have already installed MS10-015 without problems do not have to reinstall it, Microsoft said.
The company also issued a scanning tool users can run to determine whether their PCs are infected with the rootkit before they attempt to download and install MS10-015. The tool doesn't scrub Alureon from a compromised computer, but only determines whether the system is compatible with the patch.
Microsoft has not yet delivered a promised detect-and-destroy tool that will clean infected PCs. Two weeks ago, the company said the tool would be ready in "a few weeks." It used the same timeframe today. " We anticipate that tools for both consumers and enterprise customers will be available in a few weeks," said Bryant.
In the past, Microsoft has used its Malicious Software Removal Tool (MSRT), a free program updated each Patch Tuesday, to seek out and destroy rootkits. The next scheduled refresh of the MSRT is March 9.
MS10-015 targeted a pair of 17-year-old kernel bugs in all 32-bit versions of Windows. The vulnerability went public in late January when a Google engineer published attack code.
Microsoft has caught heat over the fact that it took nearly two decades to fix the flaw. At the RSA Conference in San Francisco, Brian Snow, former technical director of the National Security Agency's Information Assurance Directorate, blasted Microsoft for its sluggish pace.
Saying that fixing vulnerabilities can be a competitive advantage for companies, Snow cited MS10-015. "Seventeen years and not yet addressed? Give me a break," said Snow.
Robert McMillan of the IDG News Service contributed to this report.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .
Read more about security in Computerworld's Security Knowledge Center.
Computerworld is an InfoWorld affiliate.
Source : http://www.infoworld.com/d/windows/microsoft-tries-again-patch-linked-windows-blue-screens-425
Credit to : infoworld.com
No comments:
Post a Comment