Home > Computers and Internet > Microsoft MS010-015/KB977165 triggering BSOD on Windows XP and Vista devices

Microsoft MS010-015/KB977165 triggering BSOD on Windows XP and Vista devices


There are manual fixes to bring a device back from a BSOD after applying MS010-015/KB977165.  Information on this problem is found below.
 
Backdoor.Tidserv (TDL3) is a threat that uses advanced rootkit technology to hide its presence in a system by infecting low-level kernel drivers and then covering its tracks. This is the cause for the reports of MS10-015/KB977165 making Windows XP and Vista devices get the BSOD.  Symantec’s official stance is as follows:

 

"Symantec detects these infected drivers on disk as Backdoor.Tidserv!inf, but recommends that the files are replaced manually, since attempting to remove the file automatically may render the system unbootable."

 

At this point it appears that Microsoft has not found a way around this but claims that there are a limited number of systems that have experienced this.  While they have discontinued the delivery of this update via Auomatic Updates this has given the writers of this code an opportunity to make modifications.  So maybe this patch will work no matter what when they try again and we will have a threat that we cannot detect on our systems.  Time will tell.

 

Source: http://www.symantec.com/connect/blogs/tidserv-and-ms10-015

 

Supporting References:

http://blogs.technet.com/msrc/archive/2010/02/12/update-restart-issues-after-installing-ms10-015.aspx 

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1381423,00.html

http://blogs.technet.com/msrc/archive/2010/02/12/update-restart-issues-after-installing-ms10-015.aspx

 

Manual Fix:

https://patrickwbarnes.com/blog/2010/02/microsoft-update-kb977165-triggering-widespread-bsod/ 

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: