Feeds

PrevX U-turn on Windows update Black screen of Death claim

Paint IT black

SANS - Survey on application security programs

Updated PrevX has backtracked on earlier claims that a Windows update caused Windows machines to lock up with a so-called "Black Screen of Death".

An updated blog post from the UK-based software security firm withdraws earlier claims that a recent Microsoft update caused a glitch that resulted in affected PCs displaying only the My Computer folder on a blank screen. PrevX's new line is that changes in the Windows Registry that trigger the behaviour might be caused by malware or some other factor, which it is yet to pin down, but not the Windows update that it earlier held culpable.

Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

PrevX apologised for earlier pointing the finger of blame towards Redmond, adding that whatever the cause of the problem it has a fix.

We apologize to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar.

A blog posting by Microsoft Security Response, about research in Redmond that appears to have contributed to PrevX's volte-face, clearly states that the "Black Screen" reported by PrevX was not caused by Microsoft's updates.

We’ve conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November. That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don’t believe the updates are related to the "black screen" behaviour described in these reports.

Redmond adds that it hadn't received many reports of users getting clobbered by the problem, adding that previous instances of "black screen" behaviour have been associated with some malware families such as Daonol.

PrevX wasn't able to supply a screengrab illustrating the latest outbreak of "black screen" lock-ups in response to our request on Wednesday morning. PrevX's initial warning about the "Black Screen of Death" was widely reported by El Reg and many other media outlets, however it's unclear how many people have actually been affected.

No other security firm we're aware of bar PrevX has issued and advisory on the issue and several others have privately expressed skepticism about a least the extent of the problem. ®

Update

In an updated blog post on Tuesday, PrevX fought back against suggestions that it had overstated the scope of the Black Screen of Death glitch. Mel Morris, PrevX chief exec, said it's free Black Screen fix tool had been downloaded more than 50,000 downloads times since its publication last Friday.

Morris also criticised the media for misinterpreting PrevX's original warning by taking material out of context and causing "inconvenience for Microsoft".

However PrevX's original advisory is pretty clear is pointing blame towards recent Microsoft patches, KB915597 and KB976098, now ruled as blameless. Malware or problems between Windows and third-party software don't get a mention.

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.