Microsoft: Malware Causes XP's MS10-15 BSOD

Thursday we reported that many Windows XP users were experiencing the Blue Screen of Death after installing Microsoft's latest batch of security updates. Security blogger Brian Krebs pinned the problem to MS10-15, a security update that addresses a 17-year-old kernel bug in all 32-bit versions of Windows XP. Users suffering the BSOD after installing the update were told to boot from the original Windows XP installation disc and fix the OS in the Recovery Console.

On Thursday Microsoft acknowledged the problem as stated in this blog, however at the time the Redmond company could not verify if the issue was specific to MS10-15, or if it was an interoperability problem with another component or third-party software. Microsoft pulled the patch from Windows Update until it could determine the source behind the BSOD issue.

However on Friday the Microsoft Security Response Center (MSRC) issued a report stating that malware installed on the systems were causing problems with the MS10-15 security patch. The MSRC team said that the BSOD issue is still under investigation, and has not yet ruled out other potential causes. Consumers experiencing the BSOD issues are asked to submit memory dumps if possible.

"In order to get the information we need to fully analyze the issue, some of our support engineers have actually driven to customer locations and picked up affected systems so we can get the needed crash data directly and help inform our investigation," the MSRC report said.

Microsoft customers were also advised to keep anti-virus software running and up-to-date in order to help prevent malware infections.

  • There is a rootkit going about computers lately, I have seen over 10 in the last week, infects either atapi.sys or the storage controller driver.. IE SISraid.sys, Iastor.sys ect ect.. causes the system to blue screen 7E error, which is usually related to hard drive corruption or corrupted drivers. Its quite possible that a computer is infected before the patch, and installing the patch interferes with the harmony the rootkit has with the system. could also be a combination of things.
  • mayne92
    So in other words...dumb consumers are still using the broken condoms of anti-malware...McAfee and Norton...
  • jhansonxi
    Sounds like the fanboy "theory" that malware writers weren't aware and using this 17 year old undocumented hole was BS. Another fine counter-example of security by obscurity.
  • XD_dued
    Hm...i'm running 4 comps with xp here, all fine with the update.
  • randomizer
    It takes them 17 years to patch this exploit and when they finally do it they screw up. Do they need a century to get it right?
  • ossie
    micro$uxx at it's finest... if you still didn't got it, it's a (unwilling) feature to discover unknown malware, not a bug. m$ never makes mistakes, others are always to blame - especially those duped to use m$ crap. Just wintarded m$ fankiddies drool in awe at every "innovation" dumped out from redmond, and windblow's legendary "reliability", "security", "interoperability", and "compatibility", trumpeted non-stop by m$ marketingdroids, and the m$m shills.
    randomizerIt takes them 17 years to patch this exploit and when they finally do it they screw up. Do they need a century to get it right?they never will... it's plain futile. Just another link in the never ending chain... of "innovation".
  • One word... Ubuntu.
    Yes. I do have a win7 PC, purely for games. It is for this exact reason I've jumped to the Linux camp.
  • Niva
    Oh come on, I'm an avid linux user and I only use Windows for Photoshop and very occasional games these days but seriously... all OSs have security problems including linux. Why doubt what MS is saying? I applied the security patches to my machine and it didn't BSOD/crater, I guess that branch of malware was not on my system. I believe them on this.
  • Well, at least the brakes work on microsoft. If a car had 'Windows',blah,blah,blah.
  • jlyu
    this happened to me on my windows 7 atapi.sys was infected, but i didnt want to delete it cause they say deleting it causes the computer to not start.

    I just clean isntalled my windows 7 and all the updates installed correctly.

    It was from me downloading and installing a exe that was corrupted with a virus