Microsoft security patch could cause blue screen of death
Connecting state and local government leaders
GCN Lab director John Breeden on news about Windows XP users who downloaded a patch this week and got socked with blue screen of death errors.
Here’s a story that could affect the 73 percent of people who read GCN.com and FCW.com and use Microsoft XP as their operating system of choice. Most of you probably were automatically given a huge patch for that OS on Tuesday. Apparently, lots of users are reporting that the patch is causing the blue screen of death.
According to a growing Microsoft support thread, after the patch install, users are getting this message: "A problem has been detected and Windows has been shut down to prevent damage to your computer. PAGE_FAULT_IN_NONPAGED_AREA." Some users have also reported that once successfully booted into XP, the patch has caused their system to reboot, and then they get the aforementioned blue screen of death. The users with the problem also say that booting in safe mode is no help.
According to users with the problem, the patch MS10-015 is the problem. If they are able to uninstall that patch, labeled as KB977165, then their systems return to normal. Microsoft was trying to plug a years-old hole that could allow unauthorized users to elevate their privileges on a PC, which could then be used for bot-net activities.
If you can’t manually uninstall the patch (because of the blue screen of death) then there is a workaround if you can boot from your Install CD. You have to break out those old DOS commands to do it though. And users with PCs that don’t have the OS install disks (most laptop users) are out of luck at the current moment.
Microsoft is said to be investigating the problem, and has removed the patch in question until it gets to the bottom of the issue.
Although Microsoft’s altruistic motives in continuing to support an OS they would probably prefer people give up on have been brought into question, there is also a growing chorus of people saying that Microsoft actually has nothing to do with this problem. Security sites are reporting that the actual problem is a rootkit (malicious worm) that has already affected a fair number of computers. That rootkit changes the atapi.sys file, which loads very early in the bootup process. Apparently the new patch conflicts with the rootkit, which makes sense given that it is attempting to fix a problem that this worm exploits. Only computers that have been affected by the rootkit are hurt by the blue screen of death. Replacing the atapi.sys file with a fresh version could fix the problem, again if you are able to get to a DOS prompt to manipulate your files.
Until Microsoft works this out, it’s probably best to avoid installing any security patches on your XP systems. And using a program like Malwarebytes' Anti-Malware (the free version should work just fine) to scan your computer for rootkits and worms probably wouldn’t hurt.
Stay safe out there!