Microsoft Confirms Update-Linked BSODs Required Compromised Machines

Trailrunner7 writes "Microsoft on Thursday confirmed that the blue screen of death issues that affected a slew of users after the latest batch of Patch Tuesday updates is the result of an existing infection by the Alureon rootkit. There was widespread speculation after the patch release that simply installing the MS10-015 update was causing the BSOD condition on some Windows 32-bit machines. However, Microsoft said at the time this was not the case and started an investigation into the problem. In an advisory released Thursday, the company said that it now was confident that the restart problem is being caused by the Alureon rootkit." That seems a harsh way to find out that your Windows machine has been rooted.

But better than not finding out at all.

[dmgxmichael]

Now, I wonder who the first poster is going to be to demand Microsoft test their patches for compatibility with viruses and malware?

Re:But better than not finding out at all.

The rootkitted library was not a part of the update, just one of the libraries it was using. You should demand that your rootkit vendor stick to published APIs to avoid this in the future.

Not that harsh

[bigredradio]

Yeah a BSOD is harsh, but finding your bank account mysteriously drained of funds is more harsh. At least they found out.

Most effective mechanism for making a safer 'net

[Nzimmer911]

I think that this approach should become the industry standard for retaliation against malware. What better way to force complacent users to cleanup their machines than to disable them? Less botnets = more bandwidth for the rest of us.

Don't worry

[wiredog]

The malware has been updated so that it won't cause a crash.

Malicious Software Removal Tool

[HTH+NE1]

So is Microsoft rushing out an update to their Malicious Software Removal Tool to clean up this rootkit?

Zero-day

This was a zero-day exploit that the virus writers didn't know anything about.

They got the patch out as quickly as they could.