Malware could be cause of problems with Windows XP patch
Jerry Bryant has posted an entry on the Microsoft Security Response Center (MSRC) blog on possible causes of the recent problem with Windows XP crashes. An interaction between security patch MS10-015 and malware may be one cause, but the company is not ruling out other potential causes. Bryant adds that there is still a need to investigate whether there are any further problems interacting with other third party components or software.
After installing the security update, released as part of a major Microsoft patch day, some Windows XP users found themselves facing problems restarting their systems. The company consequently stopped distributing the patch via Windows XP's automatic update function.
What Microsoft has designated "Restart Issues" have been described by some users on forums as the 'blue screen of death', as it is impossible to restart their systems following the update, even in safe mode, – instead they end up with the blue screen. Victims can, however, remedy the problem by using an installation CD to uninstall the patch.
Patch MS10-015 is intended to fix a 17-year old security vulnerability in the virtual DOS machine, which allows 16 bit programs to manipulate the kernel stack associated with each process. Users with restricted privileges can exploit this to execute code with system privileges.
According to the Microsoft blog, its experts are in the process of narrowing down the cause of the problem on PCs borrowed from affected users. Until this has occurred, patch MS10-015 should not be used. Microsoft is, however, continuing to advise users to install all other security updates. Bryant stresses that "Our teams are working to resolve this as quickly as possible."