Did Aurora Fixes Lead To Windows XP Blue Screen of Death?
February 12, 2010 5:47 PM ET
Did Microsoft's rush to fix Internet Explorer vulnerabilities that surfaced with the Google China 'Aurora' hack lead to a rash of Windows XP "Blue Screen Of Death" issues?
That's the question that has been raised by the chief security officer for Q1 Labs, a security information event management (SIEM) software maker.
Chris Poulin, the chief security officer for Q1 Labs, a Waltham, Mass. SIEM vendor that doubled its customer base last year, suspects that Microsoft "didn't have time to do the QA (Quality Assurance) they usually do" when they issued what amounted to a a record 13-patch security update for its February 9 Patch Tuesday on repairing what it called 26 vulnerabilities in its Windows operating system and Office productivity software.
Microsoft released the patch that triggered the Windows XP Blue Screen of Death with the "same patches that patched up the Aurora vulnerability," Poulin said. "So there was a rush to market. When you hurry up your QA process you are bound to miss something."
"There's a scramble that happens when you are under the gun," said Poulin. "I'm sure there were a lot of Microsoft executives sweating after Aurora."
Microsoft did not respond to repeated requests for comment.
The highly publicized and sophisticated Aurora hack last month from China has sparked widespread fear among users because it targeted 34 of what should be the most cybersecurity savvy high tech companies including Google.
Poulin even suspects that Microsoft itself may have been hit by the Aurora hack. "If you are Microsoft you wouldn't admit it," he said. "If it was your product you would be a little bit hesitant to stand up and say 'Not only did our product allow you to be hacked. We allowed ourselves to be hacked and we didn't' detect it.'"
The Aurora hack has some pundits even questioning whether users should ditch IE because of the Google China Aurora hack.
Microsoft has responded to the flurry of complaints from Windows XP users that have seen their systems crippled by the Blue Screen of Death by pulling a security patch.
"We basically turned off the Automatic Update system for this bulletin," wrote Jerry Bryant, senior security communications manager lead in a post in The Microsoft Security Response Center. "This means that computers that have our recommended setting to automatically look for, download, and install high priority updates, will not pull this update down."
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
|
10 Security Predictions For 2012 CRN looks into its crystal ball and sees Android, hactivisim and cyber-espionage as some of the top 10 security threats in 2012. |
|
10 Biggest Security Breaches Of 2011 The Top 10 Security Breaches of 2011 show hackers were relentless in their pursuit of profit, compromising computer systems of universities, video-game makers and the largest banks. |
 More
Slide Shows |
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
- Remote Management and IT Security: Building Profits While Reducing Costs
