News Stay informed about the latest enterprise technology news and product updates.

Microsoft blue screen affecting few corporate PCs

Corporate PCs with standard configurations do not appear to be returning a Blue Screen of Death, despite reports of the issue related to Microsoft's latest round of patches.

Some Windows PCs are being reportedly crippled with the Blue Screen of Death (BSoD) as a result of the latest round of Microsoft patches, but several patching experts say that it appears many corporate deployments are not experiencing any major issues.

Right now it looks consumerish and not enterprise impacting.
Susan Bradley,
Microsoft MVP and IT administratorTamiyasu, Smith, Horn and Braun Accountancy Corp.

Microsoft issued 13 bulletins, five critical in its latest round of patches, issued this week. In a Microsoft support forum thread, some people reported Windows XP PCs rebooting with the notorious blue screen. The issue was first reported by security reporter and blogger Brian Krebs. Several of those who have deployed the updates attribute the problem to MS10-015, which addresses two Windows kernel vulnerabilities. Uninstalling the fix appeared to correct the issue.

Jerry Bryant, senior communications lead at the Microsoft Security Response Center, issued a statement late Thursday acknowledging that Microsoft engineers were aware of the blue screen reports and investigating the issue.

Susan Bradley, a Microsoft MVP and IT administrator at Tamiyasu, Smith, Horn and Braun Accountancy Corp. in Fresno, Calif., said the issue should serve as a reminder to system administrators to test patches thoroughly before deploying them. Bradley noted that those on the support forum appear to be dealing with consumer machines.

Official Microsoft statement:
Update 7:37 p.m. ET, 2/11:

Microsoft halts MS10-015 update and continues investigation.

"Microsoft is investigating reports of an installation issue with a security update released on February 9, 2010. We are investigating the issue to determine the cause of the issue.

Anyone believed to have been affected can visit the Microsoft Consumer Security Support Center.
Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Those outside the United States can find local contact numbers at the Microsoft international support center."

"Microsoft does test patches but with the vast/huge/large/ecosystem of machines out here they cannot be perfect," wrote Bradley in an email message. "Right now it looks consumerish and not enterprise impacting."

Other patch management experts said Microsoft tests its patches thoroughly, but on fairly standard configurations. Corporate systems, which have fairly typical configurations, may not be impacted by the BSoD at all, said Don Leatham, senior director of solutions and strategy at vulnerability management vendor Lumension Inc. Leatham said the company received no reports from customers having blue screen issues. Tests by Lumension also came up clear, he said.

"People should take a second to look at the information inside the bulletin that Microsoft publishes and understand the mitigating factors," he said. "In this case [MS10-015], someone would need access to the machine, so if you know certain groups of machines are well protected then maybe you can hold off on this patch until we know more about any issues associated with it."

Microsoft updates:
Feb. - Microsoft patches SMB flaws, Hyper-V problem in big update: Microsoft issued 13 bulletins, patching more than two dozen flaws across its product line, including critical Server Message Block flaws and a hypervisor DoS vulnerability.

Jan. - Microsoft issues critical security update, blocks IE 6 attacks: Microsoft issued an emergency patch today blocking ongoing attacks against corporate networks that have been exploiting a vulnerability in Internet Explorer 6.

Jan. - Microsoft releases Windows OpenType Font Engine patch: Lone security bulletin is critical for Windows 2000 users.

Dec. - Microsoft gives Internet Explorer a major security overhaul: The final regular Microsoft update of 2009 repairs five critical vulnerabilities in IE and blocks public exploit code, which surfaced in November.

The BSoD is also being monitored at the Sans Internet Storm Center blog, where experts patching corporate systems reported few issues. Microsoft security bulletin MS10-015 contains a workaround for one of the flaws that can be temporarily deployed until the issue is resolved. MIcrosoft notes that users will not be able to run 16-bit applications as a result of implementing the workaround.

Wolfgang Kandek, chief technology officer of Qualys Inc., said his customers also reported no issues with the updates, though some are still testing them prior to deployment. Until Microsoft thoroughly investigates the reported blue screen issue, administrators shouldn't have a problem delaying the deployment of MS10-015, Kandek said.

"This patch release contains other issues of a much higher criticality," Kandek said. "Microsoft tests their patches very thoroughly, but if you haven't applied it yet you may take a cautious approach and see what comes out of this."

Kandek said extremely large enterprises with a mature patching process typically conduct testing in three stages. Testing begins on a standard test bed of a couple of Windows systems. Then the patches are deployed over 1% of the user base followed by 10% of the user base. The final deployment covers all machines, he said. Smaller businesses, with fewer machines to patch often streamline the process.

"Structured companies have standard configurations and that's why it is rare to come across patching problems," Kandek said. "We haven't heard anything from our corporate customers and some of them have very aggressive schedules for rolling out patches."

Jason Miller, data and security team leader, at St. Paul, Minn.-based Shavlik Technologies Inc. said he has been in contact with Microsoft and patching engineers are investigating the issue.

"I wouldn't hold off unless you have a really good reason not to," Miller said. "Not patching a system because of speculation is not a good idea. The big thing is that Microsoft is aware of this and they're researching it."

Miller added that it's hard to jump to conclusions when early reports of patching issues surface. In November, antivirus vendor Prevx, attributed some black screen crashes to a patch that altered Windows registry keys. Days later, Microsoft said its investigation found no link to its issued patches and Prevx reversed its warning.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.