Some users are claiming that Windows XP has been crippled with the “blue screen of death” following Microsoft’s Patch Tuesday update
Microsoft is investigating claims by some users that the Windows security update issued as part of Patch Tuesday, has resulted in the infamous “Blue Screen of Death” for Windows XP.
According to Microsoft, the problem appears to be related to MS10-015, but the company has not determined if the problem is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. The bulletin addresses two Windows Kernel privilege escalation bugs, and was among 13 issued 9 February to plug a total of 26 security holes.
Reports of the issue began trickling in on Windows support forums after the Patch Tuesday updates were rolled out. The claims mostly involve Windows XP. One of the user-proposed solutions is to boot from the XP installation CD, launch the recovery console and enter a series of commands detailed here.
“Our teams are working to resolve this as quickly as possible,” Jerry Bryant, senior security communications manager lead at Microsoft, wrote on the Microsoft Security Response Center blog. “We also stopped offering this update through Windows Update as soon as we discovered the restart issues. However, those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages.”
Bryant added, “At this time, we are not aware of any issues with the other updates that were released this month and we continue to encourage customers to install them as soon as possible in order to help ensure that they [are] protected from the vulnerabilities they address.”
If users choose not to install MS10-015, they can disable the NTVDM subsystem as a workaround for CVE-2010-0232. Exploitation requires the attacker to have valid log-on credentials and be able to log on locally, according to Microsoft’s advisory.