Microsoft today denied that its November Windows updates are causing a widespread "black screen" lock-out of users' PCs.
"Microsoft has investigated reports that its November security updates made changes to permissions in the registry that are resulting in system issues for some customers," Christopher Budd, Microsoft's security spokesman, said in an e-mail. "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports."
The report Budd referred to stemmed from a blog post by U.K.-based security vendor Prevx last week that claimed recent Windows updates changed Access Control List (ACL) entries in the registry, preventing some installed software from running properly. The result, said Prevx, is a black screen, sometimes dubbed "black screen of death" in an allusion to the "blue screen of death" that Windows puts up after a major system crash.
Since that initial report, Prevx has called out a pair of updates, one in late November and the other from last July, as the cause of the black screen lock-out.
"The conditions under which the actual black screen is triggered are spasmodic," admitted Dave Kennerley of Prevx's support team in an update to the original blog post of last week. "Some test systems always trigger the condition, others are less consistent. The windows patches which seem common to the issue arising are & KB915597 and KB976098 ."
Kennerley's use of the word "spasmodic" is a turn-about from his initial post of last Friday, which was headlined "Black Screen woes could affect millions on Windows 7, Vista and XP."
Searches of Microsoft's support forums by Computerworld have found only one "black screen" thread with posts from last month. Since yesterday, several additional users have reported that their PCs have been afflicted with a black screen.
"Received a patch on Nov 24 or 25. Upon reboot the computer has a totally black screen," said a user identified only as "General Zod" in a message added to the thread around 2:30 p.m. ET today. "Not even the BIOS startup stuff appears."
Kennerley also said that the flaw was in the WinLogon Shell registry entry for Explorer.exe, the name of Windows' file manager. "The entry exists perfectly in the registry but is unusable/inaccessible and is therefore ignored by the OS resulting in the desktop and task bar not being loaded," Kennerley added.
Some outsiders were skeptical today of Prevx's contention that the black screen problem was due to the two updates Kennerley cited. Rafael Rivera, who writes the Within Windows blog -- and most recently took Microsoft to task for lifting code from an open-source project for the company's Windows 7 USB/DVD Download Tool (WUDT) -- said his investigation pointed toward November's Malicious Software Removal Tool (MSRT) update. MSFT, which is upgraded and delivered to users automatically via Windows Update, detects and deletes malware that Microsoft has identified as pervasive and dangerous.
"Those particular updates don't, gleaned from limited testing, touch the Shell registry entries," said Rivera in an interview conducted via instant messaging today. "I believe the only update that touched this part of the registry recently is the Malicious Software Removal Tool for November."
Rivera pointed to one of MSRT's two malware detection updates last month as the most likely culprit.
But Microsoft was adamant that it was not at fault for any black screens.
"We've conducted a comprehensive review of the November security updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November," Budd added. "That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don't believe the updates are related to the 'black screen' behavior described in these reports."
Budd also said that Microsoft's technical support teams are "not seeing 'black screen' behavior as a broad customer issue."
This story, "Microsoft: 'Black Screens of Death' Not Due to Patches" was originally published by Computerworld.