Microsoft Blames Rootkits for Security Update Crashes


Earlier this month, Microsoft released a patch for its entire supported line of Windows operating systems—that’d be Windows 2000 all the way through Windows 7—which included a fix for a security vulnerability that had been lurking in its Virtual DOS Machine for some 17 years—a record by almost any standard. The problem was that the security update led to problems on some Windows XP machines: users would install the update, then find themselves faced with the dreaded Blue Screen of Death or an endless cycle of reboots. Some Windows XP users angrily railed against Microsoft for damaging their computers, and Microsoft promptly began looking into the problem. Their verdict? The problems Windows XP users experienced were caused by malware using the Alureon rootkit, not the security update.

“Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit,” wrote Microsoft’s Security Response Center director Mike Reavey, in a blog post. “We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third party applications and software. The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state.”

Microsoft has determined that 64-bit versions of Windows are not vulnerable to the problem, and so has re-enabled Automatic Updates for those systems. However, Microsoft is still holding off on making the update available to 32-bit systems via Automatic Update.

In the meantime, Microsoft is recommending users make sure they’re running up-to-date antivirus and security software to make sure their systems aren’t infected by malware prior to installing any system updates. If users can’t confirm they’ve been able to remove the Alureon rootkit—which does go to a lot of effort to hide itself—Microsoft users back up their important files and data, then completely restore their systems to a re-formatted drive.