Windows security patch results in BSOD, stops Windows from booting
By Tim Quax on 12 february 2010
One of the updates from this month's Patch Tuesday is giving out free Blue Screens of Death for some Windows PC's, according to a thread on Microsoft Answers.
Based on the findings of users in the Microsoft Answers thread, the faulty update is KB977165. This update is described by Microsoft as "MS10-015: Vulnerabilities in Windows kernel could allow elevation of privilege". Sounds familiar? It should, this is the 17-year-old Windows bug discovered some time ago.
Microsoft Security Bulletin MS10-015 goes into further detail about the bug being patched:
"The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users."
The majority of victims to this update are using Windows XP, though some users have mentioned this occurs for them on Windows Server 2003 and Windows Vista as well. The fact that a Windows Server edition is involved makes it an even more serious problem. The issue may not be limited to these Windows versions, the issue is, after all, fairly recent so it's possible more versions will have a broadened horizon as well.
The topic starter explains the problem:
"I updated 11 windows xp updates today from Microsoft.com and restarted my pc like it asked me to. (There has definitely been absolutely NO CHANGE in my computer software or hardware installation apart from [these] updates) From then on, Windows [could not] restart again! It is stopping at the blue screen with the following message:"
A problem has been detected and windows has been shutdown to prevent damage to your computer.
PAGE_FAULT_IN_NONPAGED_AREA Technical Information: STOP: 0x00000050 (0x80097004, 0x00000001, 0x80515103, 0x00000000).
"I tried all kinds of restarting option[s], namely safe modes etc. but everything is returning to the blue screen"
Users in the thread have tracked down a fix. Though it consists of uninstalling the update, the fix has been marked as the answer to the thread by a Microsoft Support Engineer. To do this, you have to boot from your Windows CD / DVD / usb stick and start the recovery console, and type in the following commands:
CHDIR $NtUninstallKB977165 $\spuninst
BATCH spuninst.txt
systemroot
exit
Microsoft Security Bulletin MS10-015 goes into further detail about the bug being patched:
"The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users."
The majority of victims to this update are using Windows XP, though some users have mentioned this occurs for them on Windows Server 2003 and Windows Vista as well. The fact that a Windows Server edition is involved makes it an even more serious problem. The issue may not be limited to these Windows versions, the issue is, after all, fairly recent so it's possible more versions will have a broadened horizon as well.
The topic starter explains the problem:
"I updated 11 windows xp updates today from Microsoft.com and restarted my pc like it asked me to. (There has definitely been absolutely NO CHANGE in my computer software or hardware installation apart from [these] updates) From then on, Windows [could not] restart again! It is stopping at the blue screen with the following message:"
A problem has been detected and windows has been shutdown to prevent damage to your computer.
PAGE_FAULT_IN_NONPAGED_AREA Technical Information: STOP: 0x00000050 (0x80097004, 0x00000001, 0x80515103, 0x00000000).
"I tried all kinds of restarting option[s], namely safe modes etc. but everything is returning to the blue screen"
Users in the thread have tracked down a fix. Though it consists of uninstalling the update, the fix has been marked as the answer to the thread by a Microsoft Support Engineer. To do this, you have to boot from your Windows CD / DVD / usb stick and start the recovery console, and type in the following commands:
CHDIR $NtUninstallKB977165 $\spuninst
BATCH spuninst.txt
systemroot
exit
React on this article
Advertisement
Relevant news
Site Links
Partner Sites
Community
Subscribe
