Last week, Microsoft released a record of 13 patches to fix 26 vulnerabilities in Windows and Office. Of the 13, eleven were aimed at addressing problems in Windows.
Soon after the patches were released, reports started coming in from Windows XP users that one of the fixes, MS010-15 aka KB977165, was causing the dreaded "Blue Screen of Death" upon rebooting their machines. Microsoft suspended that patch while it investigated the problem.
Late last week, Symantec said that the BSOD was most likely caused by a rootkit that had infected the users' computers, and gave instructions on how to boot back up and what to do to clear out the rootkit.
In yesterday's ComputerWorld, there was a story about how the rootkit developers are now rushing to update their malware to try and not create a BSOD situation on a person's PC when Microsoft releases the patch again which would alert the person to the fact that they had an infected computer.
ComputerWorld quotes a Microsoft spokesperson as saying, "Automatic Updates for MS010-015 will remain disabled until our investigation into the restart issues is complete."
Maybe Microsoft would be doing a lot of people a favor by announcing that it was now releasing MS10-015 along with a message stating that if you end up with the BSOD, you are probably infected, along with what to do next.
The longer Microsoft waits, the more time it gives hackers to update their rootkit software to hide that they are there.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.
