Microsoft security patch could cause blue screen of death

Many Windows XP users who downloaded patch MS10-015 this week got shut down

Here’s a story that could affect the 73 percent of people who read GCN.com and FCW.com and use Microsoft XP as their operating system of choice. Most of you probably were automatically given a huge patch for that OS on Tuesday. Apparently, lots of users are reporting that the patch is causing the blue screen of death.

According to a growing Microsoft support thread, after the patch install, users are getting this message: "A problem has been detected and Windows has been shut down to prevent damage to your computer. PAGE_FAULT_IN_NONPAGED_AREA." Some users have also reported that once successfully booted into XP, the patch has caused their system to reboot, and then they get the aforementioned blue screen of death. The users with the problem also say that booting in safe mode is no help.

According to users with the problem, the patch MS10-015 is the problem. If they are able to uninstall that patch, labeled as KB977165, then their systems return to normal. Microsoft was trying to plug a years-old hole that could allow unauthorized users to elevate their privileges on a PC, which could then be used for bot-net activities.

If you can’t manually uninstall the patch (because of the blue screen of death) then there is a workaround if you can boot from your Install CD. You have to break out those old DOS commands to do it though. And users with PCs that don’t have the OS install disks (most laptop users) are out of luck at the current moment.

Microsoft is said to be investigating the problem, and has removed the patch in question until it gets to the bottom of the issue.

Although Microsoft’s altruistic motives in continuing to support an OS they would probably prefer people give up on have been brought into question, there is also a growing chorus of people saying that Microsoft actually has nothing to do with this problem. Security sites are reporting that the actual problem is a rootkit (malicious worm) that has already affected a fair number of computers. That rootkit changes the atapi.sys file, which loads very early in the bootup process. Apparently the new patch conflicts with the rootkit, which makes sense given that it is attempting to fix a problem that this worm exploits. Only computers that have been affected by the rootkit are hurt by the blue screen of death. Replacing the atapi.sys file with a fresh version could fix the problem, again if you are able to get to a DOS prompt to manipulate your files.

Until Microsoft works this out, it’s probably best to avoid installing any security patches on your XP systems. And using a program like Malwarebytes' Anti-Malware (the free version should work just fine) to scan your computer for rootkits and worms probably wouldn’t hurt.

Stay safe out there!

Reader Comments

Wed, Feb 17, 2010 Ico Calif.

I took your advice and downloaded the Malwarebytes' Anti-Malware program. And I'm glad I did! It found two viruses and one rootkit that I didn't even know was there. Thankfully I don't have the one that might cause the blue screen, but getting rid of any of them is great news. Thanks again.

Wed, Feb 17, 2010 BikerSki VA

No BSOD for me (yet), only a slow computer that acts like its on one big virus. Scan after scan revealed nothing and can't find the cause of frequent and random freezing. I even had to switch over to Firefox, since IE8 slowed down so much that it was difficult to navigate from page to page. Saw some active executables that are target files for malware too (dllhost.exe for example). Thanks M$ for the comprehensive security patch!!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above