Windows Black Screens of Death Caused Rather by Malware, Not Updates

Reveals Microsoft

By on 2 Dec 2009, 08:39 GMT
Microsoft refuted third-party reports indicating that the November release of updates was at fault for errors causing users to be locked out of their Windows computers by Black Screens of Death. According to the Redmond company, its own conclusions, produced after a comprehensive analysis of last month’s wave of Windows refreshes, indicate that claims of updates generating Black Screens of Death are completely erroneous. The false error reports were first made by Prevx, a company which also delivered what it claimed to be a fix for such issues. Instead, the software giant pointed to malicious code as the source of problems where the Windows desktop screen turns black, and the OS becomes deprived of all functionality.

“Microsoft has investigated reports that its November security updates made changes to permissions in the registry that that are resulting in system issues for some customers. The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports. While we were not contacted by the organization who originally made these reports, we have proactively contacted them with our findings,” explained Christopher Budd, security response communications lead, Microsoft.

The software giant underlined that the November Security Updates had not made any changes to the Windows platforms they were destined for that could result in Black Screen issues. After all, Windows Updates are only validated for general availability and distribution through Windows Update, Microsoft Update and Automatic Updates after they reach a certain standard of quality, and not before. And in fact, reports that the November Security Updates were causing Black Screens of Death came from just a single source, which was obviously mistaken.

“Our support organization is also not seeing this as an issue. The claims also do not match any known issues that have been documented in the security bulletins or KB articles,” Budd added. “As always, we encourage customers to review the security bulletin and related KB articles and test and deploy security updates. If customers do encounter an issue with security updates, we encourage them to contact our Customer Service and Support group for no-charge assistance. Customers can contact CSS using the information at http://support.microsoft.com/security.”

Following its investigation, Microsoft found that neither the November Security Updates, not the Windows Malicious Software Removal Tool, or the non-security updates are responsible for alleged making permission changes in the registry to the value for the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell key. Since no modifications to the permissions in the registry are made by Microsoft updates, the company concluded that the “black screen” behavior reported is not caused by the refreshes.

Budd pointed out that Microsoft had been aware of some malware families, including Daonol, being associated with “black screen” behavior. “The successful deployment of security updates is the ultimate goal of the Microsoft Security Response Center. Because of this, we continually work with our Customer Service and Support teams to keep a close eye for issues that may impact customers’ deployment of security updates,” Budd stated.

Comments