Blue Screen Reboots After Microsoft Patch Could Mean Malware

Redmond announced today it has found the cause of reported rebooting problems after some Windows users installed a recent patch: The systems were infected with malware.

Specifically, the Alureon rootkit, a type of stealth malware that's used to hide other malware infections. Rootkits typically change important system files to perform their obfuscation, and in this case Microsoft says those system changes caused major problems after the MS10-015 kernel patch, shipped during the last Patch Tuesday, was installed.

A Microsoft Security Response Center post says that the company first heard of the reboot problems on the 10th, and halted the distribution of MS10-015 via Automatic Updates while it investigated. That research confirmed the problem with the rootkit.

According to the post, the Alureon varieties seen by Microsoft only affect 32-bit systems. Also, problem reports have largely involved Windows XP systems. For that reason, Redmond says it will resume distributing the MS10-015 patch for 64-bit systems via Windows Update.

While I'm more than willing to take Microsoft to task when they screw up, in this case I don't think anyone could hold Redmond at fault here when the root cause is a malware infection. It could even be a good thing, since the only thing worse than dealing with a constantly rebooting system is unknowingly using an infected system and having all your passwords and financial info stolen.  

Another post from the Microsoft Malware Protection Center provides some technical details on Alureon, and also notes that the latest varieties of the malware no longer conflict with MS10-015. Also, if your own PC has been constantly rebooting since applying this patch and you think you might be infected with the rootkit, Microsoft says it will provide free technical support at its PC Safety hotline at 1-866-727-2338.

Subscribe to the Security Watch Newsletter

Comments