Do we know this "several sources" isn't really the same source mentioned by different people? I recent "Windows problem" that wasn't really a problem, it was something picked up by one source and quoted by several other sources that didn't confirm everyone was reference the same one (inaccurate) source.
Basically I want to know it's more than this source being referenced: http://www.krebsonsecurity.com/2010/02/rootkit-may-be-culprit-in-recent-windows-crashes/ I have approved it in WSUS at most but no all locations, pending outcome of this: http://blogs.technet.com/msrc/archive/2010/02/12/update-restart-issues-after-installing-ms10-015.aspx David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Marc Maiffret [mailto:[email protected]] Sent: Friday, February 12, 2010 3:17 PM To: NT System Admin Issues Subject: BSOD MS10-015 I know it was mentioned here before but it has now been confirmed through multiple sources that the blue screen issues that are happening as it relates to MS10-015 are because of rootkits be installed on machines. So for those of you whom posted, or whom have seen it in your environment, that your system is blue screening after this patch there is a high degree of certainty that your computers are in fact compromised and backdoored with a rootkit. I would not simply just wipe and reimage a machine but investigate a bit to know what may or may not have been stolen from your organization etc... I am still looking for a few live systems to play with so if you had a system with this issue or are having a system with this issue I'd be happy to take a look for you. -Marc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
