Aug 11, 2010
Valerie Hayworth

Windows security update causes ‘blue screen of death’ for some

Windows users reported receiving the blue screen of death on their computers after installing Microsoft’s latest security updates released in February.

Most of the people complaining on a Windows forum said they had the problem on Windows XP, but one person also reported problems on Windows 7.

Users posted a fix on the site that they said seemed to work, but that didn’t necessarily quell the anger.

Where at Microsoft do I send my invoice for hours spent fixing this BS?” one person wrote.

The problem appears to be with one specific update, which addresses a vulnerability in the 32-bit Windows kernel that could allow elevation of privilege that was disclosed in January.

The fix requires users to have an installation CD, but not all computer manufacturers ship systems with a disc for re-installing the operating system, according to the Krebs on Security blog, which first reported the problems.

In addition, Netbooks do not have CD-ROM drives, making the problem even more difficult for them to fix, security blogger Brian Krebs wrote.

Several people reported on the Windows forum site that Microsoft told them the company would not be providing a fix for Netbooks and that Netbook users would have to get support from the equipment manufacturer.

Microsoft is investigating the reports to determine the cause of the problems, according to a statement from Jerry Bryant, senior security communications manager lead at Microsoft.

Anyone believed to have been affected can visit: https://consumersecuritysupport.microsoft.com, the statement said. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Those outside the United States can find local contact numbers at http://support.microsoft.com/international.

Update

Microsoft published a blog post later in the same day with this additional information:

Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. Our teams are working to resolve this as quickly as possible. We also stopped offering this update through Windows Update as soon as we discovered the restart issues. However, those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages.

While we work to address this issue, customers who choose not to install the update can implement the workaround outlined in the bulletin. CVE-2010-0232 was publicly disclosed and we previously issued Security Advisory 979682 in response. Customers can disable the NTVDM subsystem as a workaround and we have provided an automated method of doing that with a Microsoft Fix It that you can find here.

The Fix (copied from link above). Note: Step 2 has been modified NOT to have a space between the KBXXXXXX and following $ as was in the original post.

Follow these steps:

1)      Boot from your Windows XP CD or DVD and start the recovery console

Once you’re at the Repair Screen:

2)      Type this command: CHDIR $NtUninstallKB978262 $spuninst

3)      Type this command: BATCH spuninst.txt

4)      Type this command: systemroot

5)      Repeat steps 2-4 for each of the following updates provided by FindMeFollowMe:

  • KB978262
  • KB971468
  • KB978037
  • KB975713
  • KB978251
  • KB978706
  • KB977165
  • KB975560
  • KB977914

6)      When complete, type this command: exit

Your computer should restart and everything should be back to normal.

This apparent fix to the problem was posted on a Windows forum.

(Credit: Microsoft)

Leave a comment