Microsoft reissues security update

Stephen Withers
Wednesday, 03 March 2010 07:38

Business IT - Security

A new version of a Windows security patch avoids the chaos caused when the original was installed on a system previously infected by a rootkit.

Microsoft has re-released the February patch for a elevation of privilege vulnerability affecting WIndows 2000, XP, Vista, Windows 7, and Windows Server 2008 and 2008.

While the patch itself remains unchanged, the installation logic has been altered to check for "certain abnormal conditions". A number of users found out the hard way that if the MS10-015 update was applied to a system that had been infected with the Alureon rootkit the result was a blue-screen crash and an inability to start the system normally or in safe mode.

The vulnerability was classified by Microsoft as 'important'.

The number of complaints about this issue indicates how widely Alureon had spread, despite various security packages being able to detect it. Part of the problem is that if Alureon manages to get past security software that hasn't been kept up to date, it effectively disables that software. (Alureon is also known as TDSS, Olmarik and Tidserv.)

Now that the installation package has been changed to prevent installation if Alureon is present, Microsoft has resumed offering the update via Automatic Updates to affected systems.

What happens if the system is infected? Find out on page 2.