Microsoft Blames Rootkits for Security Update Crashes

By Geoff Duncan February 19, 2010

MS-DOS — Image used with permission by copyright holder

Earlier this month, Microsoft released a patch for its entire supported line of Windows operating systems—that’d be Windows 2000 all the way through Windows 7—which included a fix for a security vulnerability that had been lurking in its Virtual DOS Machine for some 17 years—a record by almost any standard. The problem was that the security update led to problems on some Windows XP machines: users would install the update, then find themselves faced with the dreaded Blue Screen of Death or an endless cycle of reboots. Some Windows XP users angrily railed against Microsoft for damaging their computers, and Microsoft promptly began looking into the problem. Their verdict? The problems Windows XP users experienced were caused by malware using the Alureon rootkit, not the security update.

“Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit,” wrote Microsoft’s Security Response Center director Mike Reavey, in a blog post. “We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third party applications and software. The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state.”

Recommended Videos

Microsoft has determined that 64-bit versions of Windows are not vulnerable to the problem, and so has re-enabled Automatic Updates for those systems. However, Microsoft is still holding off on making the update available to 32-bit systems via Automatic Update.

In the meantime, Microsoft is recommending users make sure they’re running up-to-date antivirus and security software to make sure their systems aren’t infected by malware prior to installing any system updates. If users can’t confirm they’ve been able to remove the Alureon rootkit—which does go to a lot of effort to hide itself—Microsoft users back up their important files and data, then completely restore their systems to a re-formatted drive.

Topics

Microsoft

Former Digital Trends Contributor

Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…

Computing

The latest Windows update is breaking VPN connections

Windows Update running on a laptop.

Microsoft has acknowledged that the Windows security updates for April 2024 (KB5036893 for Windows 11, KB5036892 for Windows 10) are causing disruptions to virtual private network (VPN) connections across various client and server platforms. According to information on the Windows health dashboard, devices running Windows may experience VPN connection failures following the installation of either the April 2024 security update or the April 2024 non-security preview update.

The company has also stated that it is actively investigating user reports regarding these issues and will share more details in the coming days. The impacted Windows versions include Windows 11, Windows 10, and Windows Server 2008 onward.

Computing

Microsoft may fix the most frustrating thing about Windows updates

Windows 11 updates are moving to once a year.

Most Windows users will agree that one of the most annoying things about the operating system is the updates. While Windows Updates are necessary, they often tend to come up at the worst possible time, interrupting work and gaming sessions with persistent reminders that the system needs to reboot. Microsoft might be fixing that problem in the upcoming Windows 11 24H2 build, but it's still too early to bid farewell to those ill-timed reboots.

As spotted in the latest Windows 11 Insider Preview Build 26058, Microsoft is testing "hot patching" for some Windows 11 updates. Hot patching refers to a dynamic method of updating that often doesn't change the software version and may not even need a restart. In the context of Windows 11, it's pretty straightforward -- Windows will install the update, and you won't have to reboot your system.

Computing

Microsoft plans to charge for Windows 10 updates in the future

Windows 11 and Windows 10 operating system logos are displayed on laptop screens.

Microsoft has confirmed it will offer security updates for Windows 10 after the end-of-life date for the operating system for consumer users but for a fee.

The brand recently announced plans to charge regular users for Extended Security Updates (ESU) who intend to continue using Windows 10 beyond the October 14, 2025 support date.