KB977165?

[PC_LOAD_LETTER]

is this newsworthy?

http://www.computerworld.com/s/article/915...een_users_claim

http://social.answers.microsoft.com/Forums...24-817bf39c207b

[jaclaz]

IMHO:

1. The KB977165, yes.
   
2. Microsoft hosing a number of PC's with a wrong update, and the phone support sucking, NO, these are not "news".
   

jaclaz

[PC_LOAD_LETTER]

Yeah i can never tell whats newsworthy when it comes to MS stuff anymore because there are way to many people just waiting to attack at the first sign of a problem. I didnt know if it was affecting anyone. Lucky for me I have WSUS with the auto-approve rules disabled (because of deepfreeze) so my sites have not been widely affected. I have 1 reported case of the exact symptoms on a machine outside my domain but havent looked at it and it could just be any of the hundreds of other things that can cause XP to reboot loop.

[DigeratiPrime]

Here is a link to the TechNET bulletin with information and downloads for affected versions of Windows

http://www.microsoft.com/technet/security/...n/MS10-015.mspx

Support page with file information

http://support.microsoft.com/kb/977165

For XP these are the files that are modified:

Ntkrnlmp.exe Non-PAE Kernel for multiprocessor systems

Ntkrnlpa.exe PAE Kernel for uniprocessor systems

Ntkrpamp.exe PAE Kernel for multiprocessor systems

Ntoskrnl.exe Non-PAE Kernel for uniprocessor systems

BTW Safe Mode will load the normal kernel even if the PAE switch is enabled in boot.ini

[edit] OK I skimmed through that topic, and it looks like these systems had a rootkit (TDSS) with an infected miniport driver, commonly atapi.sys or iastor.sys. These rooted system files/drivers do not reference the updated kernel correctly when loaded and that is what causes a BSOD. As some people where able to get their systems to boot by replacing these files, even though they are not part of this update.

Read more about the TDSS rootkit

http://www.prevx.com/blog/139/Tdss-rootkit...ns-the-net.html