Applying the latest patches from Microsoft can cause Windows XP machines to crash with the infamous blue screen of death. Updating systems with the MS10-015 bulletin, which addresses "important" vulnerabilities in Windows Kernel, can cause machines to lock up when restarted before falling into a never-ending reboot loop. The …
"booting from a Windows CD or DVD"
If you're lucky enough to have one...
Thankfully we do, though at least as equally thankfully we also managed to avoid this problem!
This is why...
... this first thing I do after I've completed an XP setup is disable System Updates (after I've installed an AV/Firewall).
I've been too often by "updated" that crash my PC.
That's kind of stupid. The chances of an unpatched machine getting nobbled (firewall or not) are probably far higher than one of these updates causing damage.
There are some things AV/Firewalls can't secure, and not all updates are security updates.
Not updating because nothing has ever happened doesn't mean nothing ever will.
I always disable automatic updates, but I always manually apply updates when the notification comes up.... except today when I had a chance to read this (and other ) article and now I can wait for M$ to fix the problem.
Being up to date is very important, but it is even more important to make informed decisions on patch management. I don't have blind faith that every patch is safe.
Over the last 8 years, Ive personally had far fewer problems switching crap dates off than from any problems through not updating.
It is after all, the fear of not updating that under pins Microsoft's business model which I dont subscribe to.
Disabling them completely is not a good idea, but setting it to the option where it will notify you of the existence of updates without blindly installing them is sensible. Then you can install them when it's convenient for you.
I've had a machine doing something overnight before now that I hadn't realised was set to install updates. Along comes an update, machine reboots on its own in the middle of the night, goodbye to what it was doing and I lose time because it failed to complete the test run.
Probably just before that update came an update that turns automatic updating back on, even when you've expressly turned it off.
RE: This is why...
This is why as well as a "Good Microsoft" and an "Evil Microsoft" icon, we need El Reg to provide us with one that clearly indicates that MS have committed yet another technical blunder...!
A Facepalm icon, perhaps with Gates' or Ballmer's face.
A merged image of Steve Ballmer and Frank Spencer would be much better :)
Vista as well as XP
Vista's also affected, at least on my wife's Vaio laptop...
What makes you think the problem is Vista, and not Vaio
Given Sony's bizarre attitude to unstandardizing the Viao's, my first thought would be which bit of Sony cruft is breaking Windows.
Nope, it's the updates and not the Vaio crap
Because it was working, then the updates went live and it stopped. I removed the updates and it worked again. To check, I allowed Update to redo what it wanted and went through the whole cycle one more time.
Its a conspiracy
MS did it on purpose to try and convince people to upgrade yo 7 by making XP look unstable. ;)
Thanks Guys, that update has been sitting there for a couple of days. Just excluded that particular patch (977165) from the process and perhaps saved a whole load of bother.
It's not done it to me so fa
My sofa is also unaffected.
It's not done it to my sofa either... :0)
No doubt the official support from Microsoft is "we recommend upgrading to Windows 7 for the best Windows experience"?
Let's just check the release notes here:
"MS10-015: addresses an issue where Windows XP fails to boot to the Blue Screen Of Death, potentially enabling authorised users to get some work done"
My mates work computer died this morning with BSoD, safe mode wouldn't work and a quick fixboot/fixmbr didn't fix it. Whole day wasted trying to rebuild another computer, copy backups and generally dick about.
So who gets to pay the $$$ in maintenance charges?
Fixboot and fixMBR
They only fix Boot sector and boot file related issues, wouldn't help here. Last known good might work
Not the first time...
Around November, a patch was released that wouldn't bluescreen, but also put certain combinations of PC's in the never ending boot condition, making me a very busy person. Many people thought a "virus" broke their computers, and I'm somewhat tempted to agree. Haven't found a way out other than to revert the patch and stop windows updates altogether.
Microsoft killed our systems again!
Just a couple of months ago, several of our Windows XP machines got screwed up by a false-positive antivirus alert which caused the antivirus service to delete critical system files. We couldn't believe it at first, all users login to limited accounts but the weak link was the antivirus service.
The machines wouldn't boot normally but did boot into safemode. Unfortunately, the System Restore facility failed so we couldn't just roll back to a restore point. While manually restoring the system, Microsoft's anti-piracy subsystem kicked in, rendering the system useless as it disallowed safemode logins.. and the system wouldn't boot normally. So we were locked out because Windows didn't think its licence had been activated, but we couldn't login to register/activate it!
Now just a couple of months later, this has happened.. an official Microsoft update has rendered the systems unusable again!
We're now looking at deploying a Debian-based Linux distribution on all our desktops. Microsoft Windows is a far too unstable for serious business use!
or deploy a centrally managed decent AV product which would no doubt be a lot simpler and give a better ROI
You work for a company who don't bother to test their AV releases before rolling them out, this then caused the AV software to kill the OS and you blame the OS' stabillity? Furthermore, you then decide that the easiest way to resolve this problem is to switch OS. Good luck with that.
Hm, which to do first... patch or back up?
Makes me think that perhaps I should perform that monthly backup before patching :) Either that or wait until the Friday for the ill effects of those critical patches to be discovered.
microsoft updates cause blue screen
microsoft are doing this on purpose to get people away from xp altogether cause they know people wont move to vista or 7 because either they cant afford to move or there systems dont support the new os. chances are there system wont support it the drivers in particular my mothers laptop is over 4 5 years old it came preinstalled with xp home and ive tried 7 on it and straight away loads of features got disabled when i did so i solved buy moving back to xp using the recovery cd.
You're right, I think this is deliberate. And because it's a Microsoft patch, it didn't work properly and a great deal fewer machines were affected than were intended. Even their malware sucks...
News I'm picking up
is that the issue is affecting PCs which have been rootkitted and the rootkit is being hosed by the update.
The linked MS thread has info here. Seems that the problem may be due to the TDSS rootkit. Replacing the infected atapi.sys that this POS puts in place with a kosher one on affected machines seems to fix the problem (as does uninstalling the "dodgy" patch - for which instructions are provided).
This would explain why those machines affected don't seem to have anything else in common by way of configuration.
If this does turn out to be the root (hah) cause, I don't think we can blame MS......well, not for this particular cockup anyway. I'll keep the flamethrower on standby 'til a definitive answer turns up.
BSOD's linked to r00t'd boxen ...
Check the comments section after the SANS/ISC article:
Hmmm, Sony ... Vaio ... probably came with a root kit!
Ohh so I wasn't wrong in my thoughts...
I just got settled into my new place, internet just tuned up after 3 days of withdrawl...Good Ol Microsoft Update! I went into reboot cycling, tried fixing it, spent 4 hours on the phone (mostly on HOLD) intermittantly interrupted by some thick indian accented individual NEVER mentioning.."Ohh that...we know about that" Even after describing my problem.
Now they make the push to upgrade...the only thing I'm likely to upgrade to is LINUX (wonder how Mandrake is...haven't used that in a while). I just KNEW I was going to find this cheezy steamin pile of BAD NEWS!! I had a feelin this was the cause, now it's confirmed!
what, me worry?
if this backfires, all i need to do is delete the virtualbox image and copy a backup image and i'm good to go.
i have a basic + fully patched winXP/Office 2007 virtual machine used only when i need to do office work.
tux because it was a better match to Alfred.
Wandering around the internet looking at this wonderful new achievement from Microsoft I think it may not be just Win XP.
Quote from "Ars Technica" dot com
"The majority of users who are complaining about the issue are on Windows XP, but some users in the thread mention this occurs for them on Windows Server 2003 and Windows Vista."
AV or Drivers
The update is supposed to fix certain kernel issues, many times such patches disable features and system calls that shouldn't be used in the first place, but some drivers use them anyway.
I have dealt with similar problems involving Kernel updates not playing well with drivers
Good job I havnt 'upgraded' from Win 2K then
Systems with a rootkit seem to blue screen after the update:
Other issues introduced too
I've noticed other issues on some machines I've updated- including previously stable machines dropping wireless connections, and any previous installed clients for managing connections (such as the MSI manager) being disabled in favour of allowing Windows manage connections. I've had to reinstall drivers and apps on 3 different systems thus far. I'm far from happy.......
Once upon a time Windows XP SP2 when it first came out after installtion broke my firewire card driver from initialising properly. If you left the network enabled in windows it would not boot just a black screen. Had to pull the card out and disable it.
Then with vista I did one of those "hiigh priority updates" which cause the machine to be stuck in a reboot loop, and the only way of fixing it was to plug the drive into a linux machine and delete the pending.xml file. On installing the update a second time it was fine.
This is the crappiness you expect from Microsoft, learn to live with it.
Ahh... perfect. This solved a puzzle I had with a Toshiba laptop. After following the instructions in the Microsoft post, the BSOD has gone.
I had a different error number for the STOP, but fixed the same way by uninstalling that update.
(Good to see MS put the answer at the TOP of that thread instead of having to wade through a discussion)
Back up first.
My recipe: keep the Windows/applications system partition separate and small (15 GB plus hibernation file, page file 4000 MB on a separate volume), and back it up regularly, particularly before a Windows Update session. But do apply those updates promptly, because bad people examine them specifically to find out how to hack computers that haven't got 'em.
Maybe a failed update will work when applied a second time - for instance if the order of different updates matters. If you leave an update off, note the description of the risk that it addresses, and avoid doing the risky thing e.g. clicking on hyperlinks in e-mail.
I've been using Knoppix 6.2 Linux on bootable CD or USB stick, and specifically partimage, to make a single copy of volume C split into 333 MB files (which pack nicely onto CDs or DVD), but I'm planning to switch to ntfsclone because partimage apparently has a problem with volumes containing bad sectors(?) I had an unpleasant virus-type experience while using SystemRescueCD which may not have been its fault.
If you don't use hibernation or if you disable it before backing up, a hidden file C:\hiberfil.sys equal to your RAM size is NOT included in the backed-up volume. If something goes wrong with Windows (and it has), you can just boot Linux and restore C to the way it was. (We don't need no steenking restore points!)
Of course the saying applies "You only THINK you've got a backup" - it's better to have a fallback position in case your latest backup fails when you try to restore. Also, verify your CDs or DVDs, including by comparing files to the files on disk.
Keeping your backups away from nosy people is an exercise you can work out for yourself!
No Problems Here
Here it's been pushed out by WSUS to over 200 PCs and I've had no problems...
500 XP clients...
patched so far and counting with NO problems, sounds like another mountain out of a mole hill to me. I suspect in the grand scheme of things the number of affected units will be very low, nothing to see here.
... (but it may not be true) that it seems to be tied to certain device drivers or even perhaps device firmware. If so then MS testing probably wasn't as thorough as it should be. However, if this does turn out to be the case I'm willing to bet MS will manage to spin it that the drivers concerned did not comply with Windows standards.
Of course it might not be the case at all, I don't think we've had a single BSoD reported out of over 4000 XP machines patched this week and that covers a huge variety of hardware.
Why Not Just ....
...uninstall it via the Control Panel's "Add or Remove Programs"? Add a dheck to show updates and it's listed under Windows XP with a "Remove" button.
Of Course ...
... if you can get to the Control Panel you're likely having no problems. Oh silly me!
Malware can be the trigger
I am dealing with this issue on a customers PC as I type. Having read many of the posts on this problem I would just give the following summary.
The most common trigger for this issue appears to be a pre-existing malware infection - especially a Rootkit infection of the ATAPI.SYS file. The key givaway for this infection is that the infected ATAPI.SYS file has no Version Tab when you look at its properties panel. Replacing this file with a clean copy can be the start of the cleanup and often allows you to boot the system. The following link may be helpfull:
"It's still unclear why affected systems throw a wobbler while other near-identical Win XP PCs chug along quite happily after the updates are applied."
If you can figure this one out, perhaps you can tell me why of 6 identical brand new XP latitudes we got in recently, two wouldn't run windows update and one was missing the 'RunOnce' reg key, meaning it wouldn't install VPN software.
This happened me before with Thinkpads. Booted two brand new identical ones up, one bluescreened straight away
It's not ones and zeros, it's blood and tears.
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination
- I KNOW how to SAVE Microsoft. Give Windows 8 away for FREE – analyst
- Geek's Guide to Britain How the UK's national memory lives in a ROBOT in Kew