Microsoft is investigating reports that users are experiencing the infamous "Blue
Screen of Death" after installing one of Microsoft's
Patch Tuesday security updates.
According to Microsoft, the problem appears to be related to MS10-015, but
the company has not determined if the problem is specific to MS10-015 or if it
is an interoperability problem with another component or third-party software.
The bulletin addresses two Windows Kernel privilege escalation bugs, and was
among 13 issued Feb. 9 to plug a total of 26 security holes.
Reports
of the issue began trickling in on Windows support forums after the
Patch Tuesday updates were rolled out. The claims mostly involve Windows
XP. One of the user-proposed solutions is to boot from the XP installation CD,
launch the recovery console and enter a series of commands detailed
here.
"Our teams are working to
resolve this as quickly as possible," Jerry Bryant, senior security
communications manager lead at Microsoft, wrote on the Microsoft Security
Response Center blog. "We also stopped offering this update through
Windows Update as soon as we discovered the restart issues. However, those
using enterprise deployment systems such as SMS or WSUS will still see and be
able to deploy these packages."
Bryant added, "At this time,
we are not aware of any issues with the other updates that were released this
month and we continue to encourage customers to install them as soon as possible
in order to help ensure that they [are] protected from the vulnerabilities they
address."
If users choose not to install MS10-015, they can disable the NTVDM
subsystem as a workaround for CVE-2010-0232.
Exploitation requires the attacker to have valid log-on credentials and be able
to log on locally, according
to Microsoft's advisory.
IT Security & Network Security News & Reviews News & Reviews 
