Vulnerabilities / Threats
12/1/2009
05:51 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Says Patch Isn't Cause Of Black Screen

Black screen issues are not widespread and may be caused by malware, Microsoft insists.

Microsoft on Tuesday denied a claim that its November security patch is among the possible causes of the black screen problems affecting some Windows users.

On Friday, Prevx, a maker of antivirus software, attributed some of these black screen crashes to a recent Window operating system change that locked down Windows registry keys.

But Microsoft insists that's just wrong.

"Microsoft has investigated reports that its November security updates made changes to permissions in the registry that that are resulting in system issues for some customers," said Christopher Budd, Microsoft security response communications lead, in an e-mailed statement. "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports. While we were not contacted by the organization [that] originally made these reports, we have proactively contacted them with our findings."

Budd said that Prevx's claims do not match known issues documented in security bulletins or Knowledge Base articles.

A spokesperson for Prevx, which is based in the U.K., did not immediately respond to a request for comment.

Delving into the issue in greater detail in a blog post, Budd also disputes Prevx's claim that the black screen issue represents a widespread problem.

Prevx's Dave Kennerley in a blog post suggested that millions of computers running Windows have been having black screen problems.

Microsoft's Budd counters that his company's worldwide Customer Service and Support organization is "not seeing 'black screen' behavior as a broad customer issue."

He adds that seeing a black screen is a known symptom of certain malware families, such as Daonol.

Update: In a blog post published shortly after this story was filed, Prevx's Jacques Erasmus confirmed that Microsoft's patch was not to blame and apologized to Microsoft "for any inconvenience our blog may have caused."

The black screen problem appears to be linked to improper alteration of the Shell value in the Windows registry, as explained in the blog post.

Register now for Black Hat DC, the largest and the most import

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0235
Published: 2015-01-28
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

CVE-2015-1375
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

CVE-2015-1376
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

CVE-2015-1419
Published: 2015-01-28
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.