Latest Microsoft Patch Aims To Block Rootkit

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Microsoft has rereleased a bug patch from last month that some Windows XP users blamed for repeated restarts and blue screen crashes.

After investigating, however, Microsoft (NASDAQ: MSFT) security engineers determined that the crashes and reboots were being caused by a piece of malware called a rootkit that infected those users’ PCs.

The updated patch, which is being distributed on Microsoft’s Automatic Update, looks for the rootkit, known as Alureon. If it’s found, the user receives a notice that the operating system is “incompatible” with the patch, which is numbered MS10-015, the company said in an e-mail to InternetNews.com.

“If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options. If this occurs, Microsoft customer support will work with impacted customers to resolve each issue,” the statement by Jerry Bryant, senior security communications manager lead, said.

Problems erupted soon after Microsoft released the patch — one of many that the company released during February’s Patch Tuesday distribution.

The patch was meant to fix a security hole that had been in Windows for 17 years but had only been discovered recently.

Immediately after installing the patch, many XP users began experiencing repeated reboots and what’s known as the “blue screen of death” (BSoD). Initially, because it only appeared to affect XP users who installed MS10-015, many users blamed the patch.

While it was investigating, Microsoft pulled the patch from Automatic Update.

A few days later, the company said it had traced the problem down to a rootkit infection that was spread by a Trojan that also infected the misbehaving systems.

Now, Microsoft has re-released the patch.

“In the meantime, Microsoft is working to develop an automated solution to detect and remove the Alureon rootkit from affected systems. We anticipate that tools for both consumers and enterprise customers will be available in a few weeks,” Bryant’s statement said.

Stuart J. Johnston is a contributing writer at “>Internet.com, the network for technology professionals.