Vulnerabilities / Threats
12/1/2009
05:51 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Says Patch Isn't Cause Of Black Screen

Black screen issues are not widespread and may be caused by malware, Microsoft insists.

Microsoft on Tuesday denied a claim that its November security patch is among the possible causes of the black screen problems affecting some Windows users.

On Friday, Prevx, a maker of antivirus software, attributed some of these black screen crashes to a recent Window operating system change that locked down Windows registry keys.

But Microsoft insists that's just wrong.

"Microsoft has investigated reports that its November security updates made changes to permissions in the registry that that are resulting in system issues for some customers," said Christopher Budd, Microsoft security response communications lead, in an e-mailed statement. "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports. While we were not contacted by the organization [that] originally made these reports, we have proactively contacted them with our findings."

Budd said that Prevx's claims do not match known issues documented in security bulletins or Knowledge Base articles.

A spokesperson for Prevx, which is based in the U.K., did not immediately respond to a request for comment.

Delving into the issue in greater detail in a blog post, Budd also disputes Prevx's claim that the black screen issue represents a widespread problem.

Prevx's Dave Kennerley in a blog post suggested that millions of computers running Windows have been having black screen problems.

Microsoft's Budd counters that his company's worldwide Customer Service and Support organization is "not seeing 'black screen' behavior as a broad customer issue."

He adds that seeing a black screen is a known symptom of certain malware families, such as Daonol.

Update: In a blog post published shortly after this story was filed, Prevx's Jacques Erasmus confirmed that Microsoft's patch was not to blame and apologized to Microsoft "for any inconvenience our blog may have caused."

The black screen problem appears to be linked to improper alteration of the Shell value in the Windows registry, as explained in the blog post.

Register now for Black Hat DC, the largest and the most import

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.