Security Watch

As the Black Screen of Death Turns

Plus: Patch Tuesday fixes IE zero-day flaw; third party takes up XP's cause.

The IT community has seen many soap opera-type feuds. The most recent example? The episode involving Microsoft, Prevx and the so-called "black screen of death."

I reported last week of Prevx's assertion that Microsoft's November patches had been causing, in some instances, a black screen. I pointed out that Prevx was offering a fix for the problem -- indeed, that the company was claiming to be the only one with a fix for a problem that it alone had discovered. Microsoft hadn't yet responded at the time.

Well, Microsoft did eventually respond, saying emphatically that it wasn't aware of any black screens. Microsoft further said that if there were such black screens, they weren't widespread, nor were they caused by installing the November patches.

So it goes. Vendors will continue to make assertions against Microsoft that Microsoft will then refute, correct or both. There may even be blog battles, like the one between Microsoft and Sophos, who've been at odds for years.

Some may put it down to vendors behaving badly or tech writers engaging in he-said-she-said reporting. But if, as is the case here, the problem remains an unpatched mystery, the real losers are the users. This is something third-party vendors should recognize and Microsoft should address.

For now, though, it looks like the "black screen of death" has morphed into the "black screen of breadth," in the sense that the breadth of the controversy has spread across the Web faster than a solution.

Microsoft: Zero-Day Flaw Will Be Patched this Month
While the black screen won't be patched in December's Patch Tuesday slate, there will be an update fix for a zero-day vulnerability in Internet Explorer as part of a cumulative hotfix.

Since last week, Redmond has gone out of its way to say that the newly released IE 8 is not affected on any platform, and that "running Protected Mode in Internet Explorer 7 on Windows Vista mitigates this issue." This is according to Jerry Bryant, a spokesman for the Microsoft Security Response Center (MSRC), who first announced the advisory just before Thanksgiving.

Meanwhile, there are more proofs-of-concept in the offing, such as a recently announced TLS flaw that, according to Lumension's Don Leatham, will most likely force updates to all brands of browsers and all Internet servers using SSL/TLS.

Leatham, who is Lumension's senior director of solutions and strategy, said the flaw allows attackers to inject text into encrypted traffic.

"Although we'll have to wait until Patch Tuesday for confirmation, we are led to believe that Microsoft has chosen not to address this vulnerability in this round of patches," Leatham said. "There is controversy in the security community as to the true importance of speeding a fix to market for this flaw, and no widespread exploits have been reported."

Third Party Takes Up XP's Cause
We've seen this before: Microsoft takes a new strategic direction, but enterprise adoption lags by several months or even years, leaving room for channel partners, resellers and security vendors to fill the gap.

Case in point: Microsoft has announced that the end of Windows XP SP2 support is coming less than seven months from now, despite the fact that XP is still the most pervasive OS among enterprises and Windows consumers.

So security vendor Shavlik Technologies has decided to cash in, providing its own support for XP through the release of a comprehensive patch management solution for XP Embedded (XPe) devices.

XPe devices are commonly used in hundreds of applications. The devices use a stripped-down version of XP on a thin client, like a kiosk or point-of-sale device. Many of the services and components found in the full version of XP are disabled or unavailable.

Shavlik said its solution will secure XPe devices against viruses, worms and hackers -- and it certainly sounds like they need it.

"The number of XPe devices used by consumers and individuals every single day that may have never been patched is staggering," said Nancee Melby, Shavlik's director of product marketing, in a statement. "Shavlik's agentless approach eliminates the obstacles to patching Windows XPe devices and leaves no footprint other than the patches themselves."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Reader Comments:

Mon, Jan 11, 2010

I see no substantial facts/evidence one way or the other. Has anyone been able to reproduce this condition by measured specific steps that someone else can also reproduce? If so then I would think Microsoft and others would be interested in knowing your exact specifications (hw/sw) as well as the exact steps you took in order to reproduce the issue. Some of you have indicated that you did clean installs and encountered this issue and so if you were to wipe out that computer again, would the condition occur once again? This would be helpful because there would be a baseline metric to work from.

Thu, Jan 7, 2010 Brick

To the holier than though comment from the "it pro". So provide a solution to those affected. If not go back to your unreal cave in Redmond...

Tue, Dec 29, 2009 Bob

This issue is directly related to MS patches. I rebuilt a PC with a fresh install of Windows and then ran the updates. Nothing else was on this machine. After updates were installed, rebooted, and never got to the desktop. The computer would just keep rebooting. Safe Mode was fine. Once in Safe mode, looked into the event log and saw nothing. This is a Microsoft problem and they need to own up and fix this.

Mon, Dec 14, 2009 Larry

You guys sound like a bunch of whinny home users instead of IT pros. The black screen issue is not a Microsoft issue. Sorry to break that to you. As for windows updates bricking your computers....Thats very unlikely but if you need to blame someone for your poor IT I understand.

Fri, Dec 11, 2009

Very real, hit me while upgrading a friends disk on laptop running Vista basic. Turned what should have been a simple couple hour task into several days of MS nightmare... On the positive, I know more about Vista than I ever wanted to, and working on a new patent MS will have to pay me dearly for.

Thu, Dec 10, 2009

So they retracted their comments? It appears that the patching has had some bad results and does it really matter that Prevx or anyone else can not pin the cause down as yet? I applaud ANYONE that brings issues of this apparent magnitude to the net albeit perhaps too late for those of us on Automatic Update. I updated five of my machines, (1 Toshiba A75 Laptop - XP Home, three Win2K Pro desktops and one Compaq 2K Pro on the same LAN) Tuesday and now three get an error trying to retrieve further updates with error code 0x800c00002 and are basically dead for further updates, although Automatic Updates still seems to function though I hate using it and have just only started due to no further ability to use manual updateing. They are all clean - Malwarebytes/SuperAntiSpyware/HiJackThis/TrendMicro/CoutnerSpy found nothing. ALthough, no black screens upon reboot (as yet). Sure thing, nothing wrong in this last round of patches... Baloney!

Thu, Dec 10, 2009 JoeJoe Missouri

Just turned off my PC yesterday, which was on UPS, because of local power outadge at 7:30 AM due to winter storm. As I was shutting down and turning off Windows XP Media Center w/SP2 noticed updates were ready to install. Install of updates and turn off completed with no problems. Power to house was restored by 10:00 AM. Turnned on UPS and PC last night and got black screen, monitor was on be cause the power button was lit up. I am convinced that it is directly related to the Windows updates that were automatically downloaded.

Wed, Dec 9, 2009

The Black Screen of Death is a very real issue. I can tell you for a fact that until I downloaded the November patches to my father-in-law's computer 2 Saturdays ago (11/28) everything was running fine on his notebook. (OS Vista Home Edition - Service Pack 1 (never could get sp2 to install past the 3rd step + AVG free edition has been installed for quite some time currently running newest version 9.0) As with many other like machines, it "appears" to boot normally..even shows the little loading thermometer for a few seconds indicating Vista is loading... before graphics scramble and freeze or screen goes to black....then hd activity..nothing....but a big black screen. Letting Vista attempt to "repair" the problem produces only more black screens. Right now this notebook is nothing more than a pile of metal, plastic, and silicon. If there are thousands like me ( a very real possibility considering there are millions of these things around) This is not a minor problem. If we say on average someone has a thousand dollars tied up in their "black screen system" (to say nothing of the value of the data and the inconvenience this issue is causing,) multiply a paltry 50,000 "black screen" computers and we have a $50 million dollar pile of rubble. That's no minor problem. MS should ignore this very real "black screen" issue at their own peril. Imagine those hungry class action folks are now just salivating at the possibilities.

Wed, Dec 9, 2009 Bill Olander

RE: black scrren of death.I have seen it twice. The computer appears to boot normally, but when it should load the desktop only the mouse cursor is visible and it responds. But nothing else works;i.e., keyboard or video. the second variation does finally load to the desktop after a lengthy wait. The problem is there but as to what is the cause I will leave the speculation to others. My solution was to save the data and reinstall windows.

Wed, Dec 9, 2009

Best check your reporting, as several other articles have reported that Prevx has retracted there orginal statement against Microsoft as of Dec 2, 2009. The real facts seem to be that Prevx (a security vendor) jumped the gun in this case.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.