X

Malware crashed systems during Windows security updates

Microsoft says computers that crashed while installing the latest security updates were infected with malware called a "rootkit" that had made changes to the Windows kernel.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Windows systems that crashed during the latest Microsoft security update last week did so because they were infected with a rootkit program that made changes to the operating system kernel, Microsoft said late on Wednesday.

"The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state," Mike Reavey, director of the Microsoft Security Response Center, wrote in a blog post. "In every investigated incident, we have not found quality issues with security update MS10-015."

The patch addresses a vulnerability in the 32-bit Windows kernel that could allow elevation of privilege that was disclosed last month.

The Win32/Alureon family of malware can modify DNS settings, hijack searches, and fraudulently click on ads, Microsoft said in a post on its Malware Protection Center Blog. Last year, versions appeared that infect the miniport driver associated with the hard disk of the operating system, the post says.

Microsoft will not offer the patch through Automatic Update for 32-bit Windows systems until a solution is available, but 64-bit versions will be offered.

Anyone believed to have been affected by the Alureon rootkit can visit https://consumersecuritysupport.microsoft.com. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Those outside the United States can find local contact numbers at http://support.microsoft.com/international.

Customers who choose not to install the update can implement the workaround or install the update manually as outlined in the MS10-015 bulletin.

"A malware compromise of this type is serious, and if customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk," Microsoft said.

For instructions on how to back up your files in Windows, visit this page. For instructions on how to reinstall Windows, visit this page.