Microsoft needs your help to fix botched patch KB 2859537

Discussion in 'other security issues & news' started by ronjor, Aug 21, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  2. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Just recently examined a system that BSOD'd after this patch. Turns out there was a rootkit on the system. Rootkit killed, BSOD went away. So, anyone who has problems with the patch seriously ought to look for some malware. Or just non-malicious kernel hooking software, I suppose.
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I wonder how many that have MS13-063 installed are aware of what might be lurking underneath.
     
    Last edited: Aug 21, 2013
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    And after Windchild's report, that's @ least another to the list !

    I "think" the main reason MS are asking for help, is they realise these RK's have managed to gain access to areas thought not possible etc. But obviously they did :D

    Rootkits evading dectection, & especially on W7. Who could have predicted that ;)
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Those that have experience BSOD's post MS-063 should run an immediate AV - AS scan as it is assumed these corrupt installations are caused by malware prior to patching.

    If none are found, you may continue with your day. If you are experiencing issues with the update contact MS Answers.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Calling an update "botched" because A) it is incompatible with a rootkit and B) bad kernel hooks from Avast and a few games.

    Wow.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Nope, Nope and Nope.

     
  8. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I found it interesting that the vuln doesn't affect these 64-bit OS:

    http://technet.microsoft.com/en-us/security/bulletin/ms13-06

    Anyway, I tried it on Win7 x64 and it doesn't "botch" the system. A bit ironical though that an update like this becomes a sign/indicator for possible previously undetected rootkit. It's also a bit unfortunate to see Avast previously as part of the problem...good thing though they updated it.
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The requisites for a "botched" MS13-063 are: an infected kernel mode driver aka a pirated PC | one that was infected prior to installation of said patch.

    If none of those prerequisites are met, the user has no reason for concern.

    If AVAST is flagging this item, AVAST needs to come clean and explain to the users why a flag is happening. I have not seen an explanation from AVAST as to this as of yet.

    Many assumptions and statements have been made of this - many of which are sheer speculation from those with nothing better to do than propagate something that does not exist.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Please read the article.
     
Loading...
Thread Status:
Not open for further replies.