Microsoft Refuses To Patch Rootkit-Compromised XP Machines

← Back to Stories (view on slashdot.org)

Microsoft Refuses To Patch Rootkit-Compromised XP Machines

Posted by timothy on Thursday April 15, 2010 @06:48AM from the define-yourself-as-outside-the-fence dept.

Barence writes "Microsoft has revealed that its latest round of patches won't install on XP machines if they're infected with a rootkit. In February, a security patch left some XP users complaining of endless reboots and Blue Screens of Death. An investigation followed and Microsoft discovered the problems occurred on machines infected with the Alureon rootkit, which interacted badly with patch KB977165 for the Windows kernel. Now Microsoft is blocking PCs with the rootkit from receiving its new patches. 'This security update includes package-detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systems,' Microsoft cautions in the patch notes."

3 of 330 comments (clear)

Min score:

Reason:

Sort:

Summary title in error by Rockoon · 2010-04-15 07:01 · Score: 5, Informative

From the article:

As Microsoft has noted, while the solution prevents users from suffering the misery of Blue Screens of Death, it does leave them unprotected and the company has urged users to download its Malicious Software Removal Tool to clean up their machines and run the patch as soon as possible.
It isnt that they wont patch these systems, its that they wont automatically install the MSRT, which removes the rootkit, as part of the update.

..and to be perfectly honest, who wants the MSRT to be a mandatory component. Things like that are capable of unexpectedly altering the system, something typically frowned upon in enterprise.

--
"His name was James Damore."
Re:Makes sense... by clone53421 · 2010-04-15 07:11 · Score: 5, Informative

And that’s what will happen. Installation of the patch will fail, if the rootkit is detected. The malicious software removal tool will be pushed out and remove the rootkit. And eventually the patch will be installed again since the installation failed the first time, and if the rootkit is gone the patch should install properly.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:The Microsoft way! by gzipped_tar · 2010-04-15 07:25 · Score: 5, Informative

If the kernel is fucked, nothing works any more. Any results from on-line determination of the damage status of the machine itself should be assumed fake because the malware is in control of all local resources. To accurately determine the status of the computer, it must be taken offline.
Never trust what rooted machines say about themselves...

--
Colorless green Cthulhu waits dreaming furiously.