Thursday, February 11, 2010

Windows XP Restart Issues After Installing MS10-015

Microsoft is aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. From reports, it has appears that this issue occurs after installing MS10-015 (KB977165). It may or may not be specific to a particular brand of PC or third party software. While Microsoft works on this problem, the update has been removed from Windows Update. Additional details are available at the MSRC Blog in Restart issues after installing MS10-015.

If you have not installed the February updates yet, you will not be offered MS10-015, however, it would be wise to check all updates if your Windows Update settings are to download and let you decide when to install. In order to protect your computer from the Elevation of Privilege vulnerability that MS10-015 addresses, there is a Microsoft Fix it that mitigates the vulnerability, available from

For anyone experiencing the BSOD after installing MS10-015, following are the instructions for removing the update, as provided by Kevin Hau, MSFT at Microsoft Answers:

1. Boot from your Windows XP CD or DVD and start the recovery console (see this Microsoft article for help with this step).

Once you are in the Repair Screen..

2. Type this command: CHDIR $NtUninstallKB977165$\spuninst

3. Type this command: BATCH spuninst.txt

4. When complete, type this command: exit

In the event you are unable to locate the Windows XP CD or DVD and do not have the recovery console installed, free assistance is available form Microsoft by calling 1-866-PCSafety (1-866-727-2338) or from International customers can find local support contact numbers here:

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

Eric the Red said...

Opinion is that this problem is occurring on machines already infected with malware. Please see Patrick W. Barnes' blog at