Sunday, February 14, 2010

MS10-015 Is Cause of Some Windows XP BlueScreens (BSoD)

We have been testing Microsoft Patch Tuesday's updates on our virtual machines we use for testing with Windows 2000, XP, Server 2003, Windows 7, and Server 2008. We have also received several responses from many users at Support@GoDigitalDesigns.com dealing with the issue.


MS10-015 is an Elevation of Privilege that would require the attacker to have valid credentials in order to be able to leverage the vulnerability in an attack. Part of many critical updates released by Microsoft on Tuesday February 9th.


ISSUE FROM USER:
I updated 11 windows xp updates today from Microsoft.com and restarted my pc like it asked me to. (There has definitely been absolutely NO CHANGE in my computer software or hardware installation apart from this updates)
From then on, Windows cannot restart again! It is stopping at the blue screen with the following message:
A problem has been detected and windows has been shutdown to prevent damage to your computer.
PAGE_FAULT_IN_NONPAGED_AREA
Technical Information:

STOP: 0x00000050 (0x80097004, 0x00000001, 0x80515103, 0x00000000).


I tried all kinds of restarting option namely, safe modes etc.  but everything is returning to the blue screen.

I hope Microsoft technical support has an answer as to how to resolve this problem. 






TESTING:
We have found that after installing MS10-015 that we receive the blue screen (BSoD). When booting into safe mode the system hangs when loading the system driver "mups.sys"

The solution below as been modified to specify the removal of just this one patch.

RESEARCH:
"Microsoft posted acknowledgment of this issue, saying that it stopped shipping the problematic update via Windows Update as soon as it recognized the problem. They are investigating the cause of the conflict. Until then, applying the patch, users can use Microsoft's click+install "Fix It" tool which will disable the vulnerable Windows component.  





SOLUTION:
We have found that there's only a single patch that requires un-installation to resolve the blue screen (BSoD) issue. KB977165 is the patch in question, the other patches do not seem to cause the blue screen behaviour and do not need to be uninstalled.
With that in mind, here's the updated solution steps:
1. Boot from your Windows XP CD or DVD and start the recovery console (see Microsoft Support for help with this step)
Once you are in the Repair Screen..
2. Type this command: CHDIR $NtUninstallKB977165$\spuninst        
3. Type this command: BATCH spuninst.txt
4. When complete, type this command: exit

IMPORTANT:If you are able to uninstall the patch and get back into Windows, in order to stay protected you can use the following automated solution which secures your PC against the vulnerabilities that are resolved with KB977165 until you can successfully get the update installed without the blue screens.
Please see the link below for the article describing the vulnerability that is fixed with KB977165 and how you can get protected without installing the actual KB update:
http://support.microsoft.com/kb/979682

ADDITIONAL NOTES:
User's who use Netbooks will run into an additional problem. Since Netbooks are so light and small they do not have an optical (CD/DVD-ROM) drive. For this solution would be to build a custom XP install/boot disc on a USB drive. 
A user will need:
1. Find a system that DOES have a CD drive
2. Copy of Windows XP install CD, and a formatted USB drive. 
3. Have a formated USB flash drive

*This posting is provided "AS IS" with no warranties, and confers no rights.*

No comments:

Post a Comment

Thank you for your contribution. Your post will be published shortly after it is filtered for any inappropriate material. Please do not use ALL CAPS, flame, use inappropriate material/references in your post or they may not be published.