DOS Vulnerability Patch Leading to XP Crashes


Earlier this week, Microsoft rolled out a new series of security updates and bug fixes for its Windows operating systems: the updates included MS10-015 intended to patch a 17-year-old vulnerability in Microsoft Windows’ support for 16-bit MS-DOS applications that was recently revealed by a Google security researcher. There’s just one little problem: for some Windows XP users, the patch seems to be causing repeated reboot and even the dreaded Blue Screen of Death. Although it is not clear what proportion of Windows XP users are being impacted by the problem, online support forums (including Microsoft’s own) are filling up with reports of crashes, comments and speculation, and even an occasional official response.

As part of a suggested workaround, Microsoft employees have suggested booting impacted computers from bootable Windows XP CDs or DVDs then starting the recovery console: on the recovery console’s repair screen, users can enter the command CHDIR $NtUninstallKB977165$\spuninst, followed by BATCH spuninst.txt, then exit. Only one problem with this approach: many older Windows XP machines—and brand new netbooks—don’t have optical drives from which they can be started up.

Microsoft says it is looking into the problem, but as yet hasn’t released a statement or any information about the cause of the issue, how many users are impacted, or when a fix might be available.

Users who want to protect themselves from the long-standing vulnerability can do so without installing Microsoft’s update if they’re running Windows 2000 SP4 or newer.