14 DAY TRIAL // Microsoft has confirmed reports that some users are experiencing Blue Screen of Death errors after they apply Security Bulletin MS10-015 (rated Important) to patch vulnerabilities in Windows Kernel (977165). At the same time, the Redmond company revealed that customers affected by BSOD after installing this month’s security bulletins also rendered their computers useless, as the machines became incapable of booting, not even in Safe Mode. The issue seems to affect mainly Windows XP computers, however, users of Windows Vista and Windows 7 also reported similar behavior. As a direct consequence, Microsoft has pulled MS10-015, and is no longer distributing the bulleting through Windows Update, while it is working to produce a resolve.
“We are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. Our teams are working to resolve this as quickly as possible. We also stopped offering this update through Windows Update as soon as we discovered the restart issues. However, those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages,” revealed Jerry Bryant, sr. security communications manager lead.
Third-parties have since confirmed that the issue is not related to the MS10-015 patch, or to any of the security bulletins provided by the Redmond company, but rather to a kernel level component used by antivirus software. Microsoft has not indicated what exactly the security solutions that fail to play nice with MS10-015 are.
A manual workaround has already been documented by a Microsoft Support Engineer. Users affected by the problem need to have a bootable disk or USK stick with Windows. Then they need to boot from the Windows CD/DVD/USB and start the recovery console. Once the recovery console is launched, type: CHDIR $NtUninstallKB977165 $\spuninst and hit Enter. Then use the following command: BATCH spuninst.txt, hit Enter again, and type: systemroot, and again Enter. At the end customers will need to type: exit. Simply trying to startup Windows without the recovery console will not work, no matter the boot options selected, as the computer will not reboot and Windows will always end up displaying the BSOD.
“MS10-015 is an Elevation of Privilege that would require the attacker to have valid credentials in order to be able to leverage the vulnerability in an attack. Several other updates in this release were identified as having a high priority for deployment and we continue to encourage customers to thoroughly test the updates and deploy them immediately. At this time, we are not aware of any issues with the other updates that were released this month and we continue to encourage customers to install them as soon as possible in order to help ensure that they protected from the vulnerabilities they address,” Bryant added.
MS10-015 is designed to patch a 17-year old vulnerability affecting all 32-bit (x86) releases of Windows, including Windows Vista and Windows 7.