Microsoft Blames Malware For XP’s ‘Blue Screen Of Death’

Following an investigation, Microsoft has confirmed that the ‘blue screen of death’ that last week hit some systems running Windows XP following the Patch Tuesday security update, was caused by a rootkit.

According to Microsoft, Windows systems infected with Alureon were hit with ‘blue screen of death’ errors that prevented computers from booting after the user downloaded Microsoft patch MS10-015.

“The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state,” blogged Mike Reavey, director of the Microsoft Security Response Center. “In every investigated incident, we have not found quality issues with security update MS10-015.”

The update patched two vulnerabilities affecting the Windows Kernel, and was one of 13 security bulletins issued 9 February as part of Patch Tuesday. As reports of the problem came in, speculation began to centre on malware being the root cause.

According to Reavey, Alureon modifies Windows behaviour by attempting to access a specific memory location instead of letting the operating system determine the address as it normally does when an executable is loaded.

“The chain of events in this case was a machine became infected, during which the malware made assumptions as to the layout of the Windows code on the machine,” he explained. “Subsequently MS10-015 was downloaded and installed, during which the location of Windows code changed. On the next reboot, the malware code crashed attempting to call a specific address in Windows code which was no longer the intended OS function.”

The versions of Alureon found to be causing the problem only infected 32-bit systems, according to Microsoft.

“A malware compromise of this type is serious, and if customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk,” Reavey stated.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago