Feeds

PrevX U-turn on Windows update Black screen of Death claim

Paint IT black

Protecting against web application threats using SSL

Updated PrevX has backtracked on earlier claims that a Windows update caused Windows machines to lock up with a so-called "Black Screen of Death".

An updated blog post from the UK-based software security firm withdraws earlier claims that a recent Microsoft update caused a glitch that resulted in affected PCs displaying only the My Computer folder on a blank screen. PrevX's new line is that changes in the Windows Registry that trigger the behaviour might be caused by malware or some other factor, which it is yet to pin down, but not the Windows update that it earlier held culpable.

Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

PrevX apologised for earlier pointing the finger of blame towards Redmond, adding that whatever the cause of the problem it has a fix.

We apologize to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar.

A blog posting by Microsoft Security Response, about research in Redmond that appears to have contributed to PrevX's volte-face, clearly states that the "Black Screen" reported by PrevX was not caused by Microsoft's updates.

We’ve conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November. That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don’t believe the updates are related to the "black screen" behaviour described in these reports.

Redmond adds that it hadn't received many reports of users getting clobbered by the problem, adding that previous instances of "black screen" behaviour have been associated with some malware families such as Daonol.

PrevX wasn't able to supply a screengrab illustrating the latest outbreak of "black screen" lock-ups in response to our request on Wednesday morning. PrevX's initial warning about the "Black Screen of Death" was widely reported by El Reg and many other media outlets, however it's unclear how many people have actually been affected.

No other security firm we're aware of bar PrevX has issued and advisory on the issue and several others have privately expressed skepticism about a least the extent of the problem. ®

Update

In an updated blog post on Tuesday, PrevX fought back against suggestions that it had overstated the scope of the Black Screen of Death glitch. Mel Morris, PrevX chief exec, said it's free Black Screen fix tool had been downloaded more than 50,000 downloads times since its publication last Friday.

Morris also criticised the media for misinterpreting PrevX's original warning by taking material out of context and causing "inconvenience for Microsoft".

However PrevX's original advisory is pretty clear is pointing blame towards recent Microsoft patches, KB915597 and KB976098, now ruled as blameless. Malware or problems between Windows and third-party software don't get a mention.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.