As was first reported by people on SANS and the Microsoft Answers forum, the cause of the MS10-015 blue screens of death was actually malware called Alureon or TDSS, i.e. a root kit that was already on the machine and had damaged it. The update legitimately updated the system and the root kit failed, causing a blue screen.
This highlights a few things:
- Get your anti-malware installed and keep it up to date. AVG has a free product. Avast has a free product. Best of all, Microsoft Security Essentials is also free. Microsoft’s free anti virus would have protected those people who were impacted. Their business product would have protected those business users.
- 64-bit computers have a built in process that defends system files. They were not affected. Walk into a PC store and have a look at the Windows 7 PC’s. I bet you all (not the netbooks maybe) are running a 64-bit edition of Windows 7.
- This situation was a great story for Microsoft Answers, the forum aimed at supporting the consumer. This was where consumers raised awareness of the problem, Microsoft responded with a workaround, and they could gather information to identify the cause.
- Make sure your patches are kept up to date. Configure Windows Updates on home/small office PC’s and use WSUS/ConfigMgr to manage updates in the business/enterprise. Quite often, these malware attacks leverage vulnerabilities that MS would have released patches for quite some time before.
By the way, Microsoft Windows lets you know of issues in the System Notification area (bottom right) with a red shield. That allows you to quickly get at a tool to view your security setup where any update or configuration problems will be highlighted.
Microsoft have explained the issue in depth. The long and short of this one was that people did not defend their PC’s adequately. Free tools that were marketed and advertised would have protected those people. Take the time now to check your PC and your security settings.
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.
No related posts.