UPDATE 12/02 : Since this report originally ran there have been new developments that no longer point to Microsoft’s security patches (KB976098 and KB915597) being the cause of the so-called “black screen of death” problem. Prevx, the company whose research many media reports were based on, conceded this point in an statement issued to its Web site late last night. PC World has published several updates to this story including: Microsoft: ‘Black Screens of Death’ Not Due to Patches, Microsoft: Don’t Believe the Black Screen of Death Hype, and Black Screen of Death: A Lesson in FUD.
(Original report follows)
Microsoft’s latest round of security patches appears to be causing some PCs to seize up and display a black screen, rending the computer useless.
The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said Mel Morris , the CEO and CTO for the U.K. security company Prevx.
Prevx was alerted to the problem by users of its security software last week, Morris said. Microsoft apparently made changes to the Access Control List (ACL), a list of permissions for a logged-on user. The ACL interacts with registry keys, creating visible desktop features such as a sidebar.
However, the latest patches appear to make some changes to those registry keys. The effect is that some installed applications aren’t aware of the changes and don’t run properly, causing a black screen, Morris said.
Security applications seem to be particularly affected. Morris said users of other security products have also complained about the issue, even going so far as trying to reinstall the operating system to fix it.
“If you’ve got this problem, it’s massively debilitating,” Morris said.
Prevx has released software that fixes the registry to match the ACL settings, which should resolve the problem, Morris said. Users could do this on their own by modifying their registry settings, but making alterations to those settings is risky since it can severely affect how the operating system runs.
On Nov. 10, Microsoft released 15 patches for vulnerabilities in Windows, Windows Server, Excel and Word.
Morris said Microsoft was likely just trying to fortify the security of the operating systems when it inadvertently made the error in its patches. “It’s one of those things that happens from time to time when you have a dynamic operating system,” he said.
Morris said his company hasn’t contacted Microsoft yet but will send the company a copy of the software fix.
Prevx has more detail on the issue on its blog and posted the software fix, which is free.
Windows has at least 10 different issues that could potentially cause a black screen, wrote Dave Kennerley who works in support for Prevx.
“Our advice is try our tool first,” Kennerley said. “If it works, great. If it doesn’t, you are no worse off.”
Microsoft officials could not be immediately reached for comment.