Windows systems that crashed during the latest Microsoft security updatedid so because they were infected with a rootkit program that made changes to the operating system kernel, Microsoft said late on Wednesday.
"The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state," Mike Reavey, director of the Microsoft Security Response Center, wrote in a blog post. "In every investigated incident, we have not found quality issues with security update MS10-015."
The patch addresses a vulnerability in the 32-bit Windows kernel that could allow elevation of privilege that was disclosed .
The Win32/Alureon family of malware can modify DNS settings, hijack searches, and fraudulently click on ads, Microsoft said in a post on its Malware Protection Center Blog. Last year, versions appeared that infect the miniport driver associated with the hard disk of the operating system, the post says.
Microsoft will not offer the patch through Automatic Update for 32-bit Windows systems until a solution is available, but 64-bit versions will be offered.
Anyone believed to have been affected by the Alureon rootkit can visit https://consumersecuritysupport.microsoft.com. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Those outside the United States can find local contact numbers at http://support.microsoft.com/international.
Customers who choose not to install the update can implement the workaround or install the update manually as outlined in the MS10-015 bulletin.
"A malware compromise of this type is serious, and if customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk," Microsoft said.