|
|
While the patch itself remains unchanged, the installation logic has been altered to check for "certain abnormal conditions". A number of users found out the hard way that if the MS10-015 update was applied to a system that had been infected with the Alureon rootkit the result was a blue-screen crash and an inability to start the system normally or in safe mode.
The vulnerability was classified by Microsoft as 'important'.
The number of complaints about this issue indicates how widely Alureon had spread, despite various security packages being able to detect it. Part of the problem is that if Alureon manages to get past security software that hasn't been kept up to date, it effectively disables that software. (Alureon is also known as TDSS, Olmarik and Tidserv.)
Now that the installation package has been changed to prevent installation if Alureon is present, Microsoft has resumed offering the update via Automatic Updates to affected systems.
What happens if the system is infected? Find out on page 2.
|
Various sets of instructions for removing Alureon can be found on the web, but it may be considered prudent to follow only those from trustworthy sources unless you can follow and understand each step.
Software from security vendors may automate the removal process. Sophos's free Anti-Rootkit tool claims to be able to remove Alureon.
Microsoft has also released a 'Fix it' tool to carry out the same checks without actually attempting the installation of the update, along with a downloadable version that can be used by system administrators as a component in an automated check of a fleet of PCs.
