Latest Microsoft patches cause black screen of death

Discussion in 'Windows News' started by kemical, Dec 1, 2009.

  1. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,829
    Likes Received:
    1,565
    IDG News Service - Microsoft's latest round of security patches appears to be causing some PCs to seize up and display a black screen, rendering the computer useless.
    The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said Mel Morris , the CEO and CTO for the U.K. security company Prevx.
    Prevx was alerted to the problem by users of its security software last week, Morris said. Microsoft apparently made changes to the Access Control List (ACL), a list of permissions for a logged-on user. The ACL interacts with registry keys, creating visible desktop features such as a sidebar.
    However, the latest patches appear to make some changes to those registry keys. The effect is that some installed applications aren't aware of the changes and don't run properly, causing a black screen, Morris said.
    Security applications seem to be particularly affected. Morris said users of other security products have also complained about the issue, even going so far as trying to reinstall the operating system to fix it.
    "If you've got this problem, it's massively debilitating," Morris said.
    Prevx has released software that fixes the registry to match the ACL settings, which should resolve the problem, Morris said. Users could do this on their own by modifying their registry settings, but making alterations to those settings is risky since it can severely affect how the operating system runs.
    On Nov. 10, Microsoft released 15 patches for vulnerabilities in Windows, Windows Server, Excel and Word.
    Morris said Microsoft was likely just trying to fortify the security of the operating systems when it inadvertently made the error in its patches. "It's one of those things that happens from time to time when you have a dynamic operating system," he said.
    Morris said his company hasn't contacted Microsoft yet but will send the company a copy of the software fix.
    Prevx has more detail on the issue on its blog and posted the software fix, which is free.
    Windows has at least 10 different issues that could potentially cause a black screen, wrote Dave Kennerley who works in support for Prevx.
    "Our advice is try our tool first," Kennerley said. "If it works, great. If it doesn't, you are no worse off."
    Microsoft officials could not be immediately reached for comment.

    Latest Microsoft patches cause black screen of death
     
  2. adduncan

    adduncan New Member

    Joined:
    Jun 10, 2009
    Messages:
    150
    Likes Received:
    0
  3. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,829
    Likes Received:
    1,565
    I know it's weird... I've not had any problems at all and I'm pretty sure it hasn't been cropping up in the forum?
     
  4. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    25,706
    Likes Received:
    379
    I have installed all updates without any problems this way ?
     
  5. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,829
    Likes Received:
    1,565
    Same here Whoosh.. Perhaps it's just the Apple boys spreading 'fud'..;)
     
  6. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    25,706
    Likes Received:
    379
    Would not surprise me :)
     
  7. adduncan

    adduncan New Member

    Joined:
    Jun 10, 2009
    Messages:
    150
    Likes Received:
    0
    Same here. All updates applied as they are released. Not had any problems
     
  8. tblount

    tblount New Member

    Joined:
    Sep 27, 2009
    Messages:
    3,537
    Likes Received:
    64
    Updates will overwrite drivers, check your update history.. this is from mine: (when it applies the new drivers I get a warning message in my Event Viewer/administrative logs that says there is a problem with atikdmag every time the system boots... I roll back the drivers and the warning goes away... until windows update messes with it again. There should be some kind of LOCK to prevent this.)

    ATI Technologies Inc. driver update for ATI Radeon HD 4800 Series
    Installation date: ‎11/‎11/‎2009 11:07 AM
    Installation status: Successful
    Update type: Important
    This driver was provided by ATI Technologies Inc. for support of ATI Radeon HD 4800 Series
     
  9. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,829
    Likes Received:
    1,565
    I have my updates set to 'check for updates but allow me to choose whether to download and install them'.. This way I can keep an eye on most of the updates.. (they do slip the odd secret one in now and again)
     
  10. tblount

    tblount New Member

    Joined:
    Sep 27, 2009
    Messages:
    3,537
    Likes Received:
    64
    It doesn't make sense that you can lock your tool bar and lock your browser and lock folders on your hard drive.. yet you can't lock working drivers. Even if you could export the drivers details from registry ... so that you could easily import them back after an update screwed them up.... the .sys files that have been replaced would have to also be rolled back.

    Even if you were to try to move the driver locations there would still need to be a pointer in the registry... then the updates would still track them down. As for now it seems the only solution is to manually update and be cautious and selective. How could regular users be expected to do that?

    Microsoft needs to change this part of the updating to make it crystal clear that you WANT new drivers. How can they assume it's broken... if it's not broken, don't fix it.
     
  11. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,829
    Likes Received:
    1,565
    I guess, like you say, that it's trying to make life easier for the end user but as we both know, life just isn't that simple and rarely works out as it should.. Mind you, I feel that if you run something whether it be a computer, car or whatever, then simply using it without knowing how to maintain it is asking for trouble....
     
  12. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    tblount,.

    No reason to get so upset.

    There is a very good utility that will backup Microsoft drivers and 3rd party drivers,.

    It's called Double Driver;

    You can download it here:

    |MG| Double Driver 3.0 Download
     
  13. Super Sarge

    Super Sarge New Member

    Joined:
    Jun 4, 2009
    Messages:
    1,737
    Likes Received:
    64

    Try this at our own risk if ou are have the above problem
    If anybody wants their fix here is the website. It may be better to let Microsoft issue one. If you need it now here is a link

    Black Screen woes could affect millions on Windows 7, Vista and XP

    The fix can also be downloaded from here

    ?Black screen of death? for some Windows users - Security- msnbc.com/

    The windows patches which seem common to the issue arising are listed below:
    KB915597 and KB976098
     
  14. tblount

    tblount New Member

    Joined:
    Sep 27, 2009
    Messages:
    3,537
    Likes Received:
    64
    WHAT? I'M NOT UPSET !!!!

    Ok.. that was a joke. I know I sometimes write with passion but I don't need to be medicated... not yet anyway.

    Thanks.. but I'll say the same thing that someone said about the first Apple computers that came out and had a problem ejecting the floppy disk. The solution someone offered was that it was easy to use a paperclip and jiggle it out.... then someone replied asking "Why don't they include the paperclip when they sell the machine?"

    They were pointing out the obvious.... it should have been fixed, done right, the first time... or Double Driver should be included in the install.

    For an update to automatically overwrite drivers is major blunder by design. As we see, when updates change drivers, they often "fix" something that wasn't broken by breaking it. They aren't making an omelet here so they shouldn't be cracking any eggs.
     
  15. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
  16. tblount

    tblount New Member

    Joined:
    Sep 27, 2009
    Messages:
    3,537
    Likes Received:
    64
    Editor's note: This article has been updated to reflect Microsoft's latest statement regarding possible causes of the problem.

    Why the Black Screen of Death is cause for serious concern for consumers and the
    enterprise alike.
    1. It affects all Windows installations
    Those who operate older versions of Windows might think that they won't be
    affected by the Black Screen of Death, but, unfortunately, they're wrong. The
    issue affects just about everyone using a Windows PC today, which means millions
    of users are potentially in danger.
    2. The system is crippled
    When the Black Screen of Death strikes, users lose all ability to control
    Windows. According to Prevx, a security company that has been monitoring the
    outbreak, users experiencing the problem lose the taskbar, sidebar, system tray
    and desktop. In other words, users won't be able to do anything with their
    systems when trouble strikes.
    3. Some fixes don't even work
    Prevx currently has a fix on its site to help those impacted by the Black Screen
    of Death. But after further investigation, the security company found that there
    are several causes, so its solution will not work for everyone. Worst of all,
    there's no easy way to know what the direct cause is, making fixing it even more
    difficult.
    4. It might come from Microsoft Prevx has done significant research to determine
    what the cause of the latest outbreak of Black Screen of Death came from.
    According to the company, some Black Screen of Death issues may possibly be
    caused by installing two security updates from Microsoft. For its part,
    Microsoft contends that its updates haven't caused any issues. Regardless,
    Microsoft is on shaky ground when it comes to security. To potentially cause a
    problem through a software update does not instill confidence.
    5. Microsoft is still moving slowly
    Although Microsoft said it investigated the problem, there's currently no
    indication that a fix to the Black Screen of Death will be coming any time soon.
    The longer it takes for Microsoft to address the problem, the more cause for
    concern there will be. We can also probably expect to see more people affected
    in that time. Microsoft needs to do something soon.
    6. It's more widespread than you think
    Although news of the Black Screen of Death is still fresh, the issue is
    affecting a slew of Windows users. Due to the fact that it can potentially
    impact just about every Windows PC in operation today, there are millions of
    users that could potentially see the deadly black screen. Prevx wrote on its
    site the week of Nov. 23 that it found millions of Google results relating to
    the Black Screen of Death with several results featuring pleas for help from
    Windows users.
    7. Trust is a key component in software security
    Without trust, software security means nothing. Now that some users believe that
    the latest cause of the Black Screen of Death is downloading a Windows update,
    what are the chances that they will fully trust any other update Microsoft
    pushes to their systems? PC users don't like losing all their content over
    something they didn't do. They might stop downloading any Microsoft updates. The
    software giant needs to address this issue as soon as possible—especially if it
    didn't cause it.
    8. The domino effect
    Following that, it's important to note that a domino effect could result from
    the Black Screen of Death. If users decide to not download patches from
    Microsoft until they know that they're safe, it will not only make their systems
    less secure, but it could also impact the entire Windows ecosystem. Each Windows
    PC's security relies upon the security of other PCs to some extent. If users
    decide against patching Windows, their computers will be unsafe, leading to an
    easier transfer of malicious files from one computer to another.
    9. Nontechnical users are in deep trouble
    According to Prevx, nontechnical users who attempt to repair their systems will
    have a difficult time of it. Although the company's fix is somewhat
    straightforward, it's not so simple for those less advanced users. Plus, if that
    doesn't fix the problem, the vast majority of nontechnical users will likely be
    lost.
    10. The future is in doubt
    At the moment, we just don't know what to expect from the Black Screen of Death.
    Will it simply go away after Microsoft addresses the problem or will it continue
    to plague Windows PCs? For now, we do know that it can easily impact computers,
    more and more users are being affected each day, and Microsoft has yet to
    release a fix. It's a scary time.
     
  17. tblount

    tblount New Member

    Joined:
    Sep 27, 2009
    Messages:
    3,537
    Likes Received:
    64
    I have concluded that it's in my best interest to turn OFF automatic updating. Then be very informed and selective about what updates I allow.

    Is that a good idea?
     
  18. Super Sarge

    Super Sarge New Member

    Joined:
    Jun 4, 2009
    Messages:
    1,737
    Likes Received:
    64
    Even the company that reported the problem has apologized to MS

    Link

    QUOTE

    "The issue appears to be related to a characteristic of the Windows Registry related to the storage of string data. In parsing the Shell value in the registry, Windows requires a null terminated "REG_SZ" string. However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder.

    SysInternals was one of the first companies to discover this characteristic of the registry a number of years ago in their utility: RegHide Systems Internals Tips and Trivia which modifies registry entries to prevent them from being accessible within the operating system. This technique is frequently used by malware authors which is why it is recommended to first query the length of a registry value, and then read it into a buffer, forcing the null termination of strings whether or not null terminated by their content.

    Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

    We have not analyzed further whether a change occurred in the OS interpretation of this or other registry values. In any case, we believe there are significant benefits in the OS using the length of the value as recommended by the SysInternals article.

    We have always strongly recommended keeping Windows and all other software up-to-date to reduce the window for exploitation by new threats. We'll keep you updated with further progress if we find anything new.

    We apologize to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar."

    END OF QUOTE
     
  19. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    Drew,. never noticed it at all.

    OOOPPPs, I told a lie
     
  20. RAK

    RAK Extraordinary Member

    Joined:
    Jul 6, 2009
    Messages:
    2,502
    Likes Received:
    126
    Seems likely that the problem is mostly connected with hardware. I have, on three very different computers, updates to "check for updates but let me choose whether to download and install them" So far, apart from disallowing some updates, for which I have no use (Built in Camera, Modem etc) I have had no problems. This includes many installs on other computers. I have not put any restrictions,in every instance, on driver updates.
     

Share This Page

Loading...