Feeds

MS kernel patch skirts infected machines

Damage control bypasses pwned PCs

Beginner's guide to SSL certificates

Microsoft's latest batch of patches contains a kernel update designed not to install on machines infected with a rootkit.

The move is designed to prevent the confusion that occurred when one of the patches released in February resulted in a Blue Screen of Death and continuous reboot cycles on some Windows XP machines.

Microsoft copped a fair bit of criticism for the incident before the cause was pinned down to the interaction between the hard-to-detect Tdss rootkit and a Windows kernel security update. Rootkits are a type of malware that attempt to avoid detection by anti-virus scanners by burying themselves in the likes of Windows kernel code.

Redmond's April patch batch also contains a Windows kernel patch. In an effort to prevent the same snafu as February, Microsoft is using technology designed to prevent the update from installing onto malware-compromised machines.

"This security update includes package-detection logic that prevents the installation of the security update if certain abnormal conditions exist" Microsoft explains in the FAQ for its MS10-21 patch.

"These abnormal conditions on a system could be the result of an infection with a computer virus that modifies some operating system files, which renders the infected computer incompatible with the kernel update."

The same technology was used in a modified version of the MS10-15 update, which was initially released as part of February's Patch Tuesday and revised with an "avoid infected systems" add-on in mid-March.

Users who attempt to install either the revised MS010-15 package or the new Ms10-021 kernel update on infected machines ought to get an error code.

Possible error codes (such as 0x8007F0F4) fail to explain what might have gone wrong, but a bit of judicious searching ought to direct sys admins or regular users who hit the snag to this advisory here. This notice explains that users who run across problems installing the patch are probably dealing with a malware-infected machine.

Microsoft's April patch batch included 11 bulletins along with an update to the software giant's Malicious Software Removal Tool. The idea is that this tool will remove malware and clean up systems which can then by safely patched at the second time of asking. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.