Newsletter Archives

• Blue Screen Stop 0x050 error reported for this week’s Black Tuesday KB2976897, KB2982791, and KB2970228

  Posted on August 14, 2014 at 06:31 CDT by woody • Comment in the Forums

  Sporadic reports of BSODs associated with this month’s Black Tuesday patches. If you hit one, head over to the Microsoft Answers forum and tell ’em all about it.

  InfoWorld Tech Watch

  Windows Patches/Security August 2014 Black Tuesday, BSOD, KB2970228, KB2976897, KB2982791

• Users hit by Blue Screen, 0xC1900101 – 0x40017 error with Windows 8.1 update

  Posted on October 18, 2013 at 19:31 CDT by woody • Comment in the Forums

  So far there don’t appear to be any fixes.

  InfoWorld Tech Watch

  Windows Patches/Security BSOD, Windows 8.1 install

• Symantec Endpoint Protection 2.1 causing BSODs

  Posted on July 14, 2012 at 11:00 CDT by woody • Comment in the Forums

  If you are running Windows XP and Symantec’s Endpoint Protection 2.1, beware of the latest update. (Endpoint Protection is generally a corporate product, but if you have a company laptop, you may be affected too.)

  According to Reuters, Symantec admits that the latest updates are blue-screening XP machines.

   

  Windows Patches/Security BSOD, Symantec

• MS10-015 Blue Screens due to TDL3 rootkit infection

  Posted on February 18, 2010 at 05:05 CST by woody • Comment in the Forums

  Fascinating.

  Last week I wrote about Microsoft’s security patch MS10-015 causing Blue Screens of Death on some machines: if you install MS10-015/KB 977165, or it gets installed for you, your machine may BSOD on reboot. Every reboot.

  Marco Giuliani on the Prevx site has this explanation:

  TDL3 rootkit looks incompatible with MS10-015 update. This is the cause of the BSOD. Problem resides in the lazyness of rootkit writers when writing the driver infection routine.

  When the rootkit dropper is run, the infection calculates the RVA offsets of some Windows kernel APIs and hard code them so that at every restart the portion of the rootkit loader injected inside the infected driver can use these offsets to immediately calculate the address of the wanted functions.

  This worked well until the MS10-015 update, when Microsoft updated Windows NT kernel. This update changed those offset values and consequently broke the rootkit code. When the update procedure is finished, system is restarted. At system restart, the rootkit code tries to call a non-valid address and this causes the BSOD.

  Good news is that TDL3 authors care about us and they released in a couple hours a new updated version of the rootkit compatible with the Microsoft patch.

  Windows Patches/Security BSOD, KB 977165, MS10-015, rootkit
• Newer Entries »