Microsoft refuses to patch infected Windows XP machines
By Stuart Turton
Posted on 15 Apr 2010 at 09:04
Microsoft has revealed that its latest round of patches won't install on XP machines if they're infected with a rootkit.
Back in February, a security patch left some XP users complaining of endless reboots and Blue Screens of Death. An investigation followed and Microsoft discovered the problems occurred on machines infected with the Alureon rootkit, which interacted badly with patch KB977165 for the Windows kernel.
Microsoft's latest patches also contain kernel updates, and in an effort to avoid a repeat performance, the company has prevented the patches from installing on infected machines.
This security update includes package detection logic that prevents the installation of the security update if certain abnormal conditions exist
"This security update includes package-detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systems," Microsoft cautions in the patch notes.
"These abnormal conditions on a system could be the result of an infection with a computer virus that modifies some operating system files, which renders the infected computer incompatible with the kernel update," it concludes.
As Microsoft has noted, while the solution prevents users from suffering the misery of Blue Screens of Death, it does leave them unprotected and the company has urged users to download its Malicious Software Removal Tool to clean up their machines and run the patch as soon as possible.
From around the web
How to identify machines that have not fully updated?
Can you tell how to identify if a machine has not fully updated?
Does it warn you it has not done a full update?
My real interest is if someone asks me to look at their machine and they say they have done all the updates.
I am the "token" administrator in the office and look after a few friends machines when they have problems.
Invariably they do not read or save notification messages or even recall what they may have done in the last 24hours!
By petermalins on 15 Apr 2010 
Hi petermalins,
Simply visit
http://update.microsoft.com
if the machine is running Windows XP. If there are updates available install them. If it is Vista or Windows 7 use Windows Update from the Start menu. Again if updates are available, install them.
Alternatively, go to
http://www.belarc.com/free_download.html
and download the free Belarc Advisor. The report it generates will tell you if all Microsoft security updates have been installed.
It might be no harm to run the Malicious Software Removal tool available from
http://support.microsoft.com/kb/890830/en-us
and then run Windows Update or go to (if applicable)
http://update.microsoft.com
as mentioned above just to be double sure all updates are being displayed to you.
I hope this helps.
By Jimbo762 on 15 Apr 2010
Jimbo
Many thanks
By petermalins on 15 Apr 2010
perhaps the editor should file this advice
Good advice, perhaps Tim could create a bit of web space for good advice like this (or is it already there!)
By gfmoore on 15 Apr 2010
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk