Microsoft Denies Security Patches Caused Black Screen Of Death

The so-called Black Screen of Death condition striking some Windows users is not caused by bugs in November’s Patch Tuesday updates, Microsoft stated 1 December.

Security vendor Prevx reported on its blog 27 November that Windows users were experiencing a black screen “due to a change in the Windows operating system’s lockdown of registry keys.” According to Prevx, the Windows patches most commonly tied to the issue are KB915597 and KB976098.

“The conditions under which the actual black screen is triggered are spasmodic,” explained David Kennerley, malware researcher at Prevx. “Some test systems always trigger the condition, others are less consistent … When the issue occurs the WinLogon Shell entry for Explorer.Exe becomes invalidated. The entry exists perfectly in the registry but is unusable [or] inaccessible and is therefore ignored by the OS, resulting in the desktop and task bar not being loaded.

“This entry is frequently the target of malware, so tightening access to it is probably a good thing,” Kennerley continued. “However, the black screen condition is the only sign of the problem, leaving nontechnical users with a major challenge.”

Microsoft did not offer an explanation for the problem, but stated that it had investigated the matter and found none of its November updates were causing the situation.

“Our comprehensive investigation has shown that the November security updates, the Microsoft Malicious Software Removal Tool, and the nonsecurity updates we released through Windows Update in November do not make any changes to the registry as claimed,” a Microsoft spokesperson said. “We do not believe Microsoft Updates are related to the behavior described in these reports.

“Based on our investigation so far, we can say that we’re not seeing this as an issue from our support organisation,” the spokesperson added. “The issues as described also do not match any known issues that have been documented in the security bulletins or KB articles.”

Prevx released a free tool to fix the most common causes of the issue the company has seen.

“In researching this issue we have identified at least 10 different scenarios [that] will trigger the same black screen conditions,” Kennerley blogged. “These appear to have been around for years now. But our advice is, try our tool first. If it works, great. If it doesn’t, you are no worse off.”

Customers concerned about the issue can also contact Microsoft’s Customer Service and Support for free assistance.