"Blocks rootkit-infected PCs from getting latest kernel update to prevent Blue Screen of Death"
Microsoft took steps Tuesday to avoid repeating the debacle two months ago that left Windows XP users staring at the notorious "Blue Screen of Death" error message after they applied a patch.
In February, a security update that fixed two flaws in the Windows kernel -- the operating system's most important component -- wreaked havoc when it was applied by users, who almost immediately flooded Microsoft 's support forum with reports of crippled computers .
As the number of reports grew, Microsoft first stopped automatically serving the MS10-015 update, then confirmed that a rootkit caused the crashes . Only PCs that had been previously infected with the Alureon rootkit were incapacitated, Microsoft's investigation found.
Microsoft restarted distribution of the update only after it had come up with a way to block rootkit-infected PCs from receiving the patches. "If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options," said Jerry Bryant, general manager with the Microsoft Security Response Team, in early March.
Continued here: http://www.networkworld.com/news/2010/041410-microsoft-acts-to-avoid-windows.html