Prevx Confirms Microsoft Patches Not Connected to Black Screen of Death

Prevx backs off claims that Microsoft patches are contributing to a Black Screen of Death condition being experienced by some Windows users.

Security vendor Prevx has narrowed down the cause of a "Black Screen of Death" condition affecting Microsoft Windows.

According to Prevx, the issue does not appear to be connected to patches issued by Microsoft. In an update this evening to a company blog, the company said the issue seems to be "related to a characteristic of the Windows Registry related to the storage of string data."

"In parsing the Shell value in the registry, Windows requires a null terminated 'REG _SZ' string," blogged Jacques Erasmus of Prevx. "However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder."

Prevx had reported previously that some Windows users were experiencing a Black Screen of Death, and laid the blame in part at the feet of Microsoft patches, specifically KB915597 and KB976098. Erasmus, however, wrote that the patches are no longer considered to be a contributory factor.

"Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog," he wrote. "Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor."

Christopher Budd, communications lead for Microsoft Security Response Center, added that Microsoft's own investigation had discounted their November security patches as being tied to the problem.

"We've conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November," he blogged. "That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don't believe the updates are related to the 'black screen' behavior described in these reports."

"We've also checked with our worldwide Customer Service and Support organization, and they've told us they're not seeing 'black screen' behavior as a broad customer issue," he added.

In response to the problem, Prevx released a free tool to fix the most common causes of the issue the company has seen. Customers concerned about the issue can also contact Customer Service and Support for free assistance.