MS10-015 re-released

Published: 2010-03-03
Last Updated: 2010-03-03 10:33:22 UTC
by Mark Hofman (Version: 1)
2 comment(s)

Microsoft has re-released the patch for MS10-015 (http://blogs.technet.com/msrc/archive/2010/03/02/update-ms10-015-security-update-re-released-with-new-detection-logic.aspx).  Reader Brian noticed that the patch in his WSUS had expired today and correctly surmised that an update was imminent.  

A tool has also been released that will scan machines for compatibility with the new patch.  This is also available from the above link.  

The update will not be applied to systems on which the original patch is already installed. 

Mark

2 comment(s)

Comments

Just to be precise:
KB977165 has *NOT* been recompiled or does *NOT* contain any binary changes. The "only" thing MS did is preventing the distribution/installation on "potentially" affected systems which have malware etc. installed. That prevention is done via a detection logic change provided via WSUS/WU/MU/AU, IOW the Windows Update Agent. Downloading KB977165 via DownloadCenter does *NOT* contain any changes and does *NOT* "protect" protentially affected systems from the installation of KB977165 which may lead to "malfunctions" of malware (and therefore may prevent the system to operate as expected) already installed on the system.
Microsoft also created a Fix It Solution which will tell you whether you have the Alureon/TDSS rootkit (they say abnormal condition) that hooks your mass storage driver http://support.microsoft.com/kb/980966/ but as commented in February, the rootkit has been updated so that the rootkit and patch no longer interfere with each other. Microsoft will presumably target the variation of the rootkit better in the March update of the MSRT (Malicious Software Removal Tool), which has previously targeted Alureon/TDSS.

Diary Archives