Wednesday, December 2, 2009

Microsoft Investigating 'Black Screen of Death' Issue in Wake of Software Update ... But Is It Really a Problem?

Microsoft said on Monday that it is investigating complaints from customers that a software update delivered on November 25 causes the desktop on various Windows systems to switch to a blank black screen and display only a single Windows Explorer window. The issue, dubbed the "Black Screen of Death" as an homage of sorts to the unrelated "Blue Screen of Death" system crash screen, can apparently occur on Windows NT, 2000, Server 2003, XP, Vista, Server 2008, or Windows 7.

"Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers," a Microsoft representative said Monday. "Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues."

The Black Screen of Death was first reported by Prevx, a British security firm. The company has also issued a download and separate workaround ( that may fix the problem, though they note that neither will fix all Black Screen issues.

"The cause of Black Screen appears to be a change in the Windows operating system's lockdown of Registry keys," a note from Dave Kennerley of Prevx Support reads. "This change has the effect of invalidating several key Registry entries if they are updated without consideration of the new ACL [which stands for access control list] rules being applied ... In researching this issue we have identified at least 10 different scenarios which will trigger the same Black Screen conditions."

That sounds serious. But less than 24 hours into its investigation, Microsoft provided an unprecedented update that suggests the Black Screen of Death may be overblown as a problem. "Based on our investigation so far we can say that we're not seeing this as an issue from our support organization," a Microsoft representative noted. "The issues as described also do not match any known issues that have been documented in the security bulletins or KB [Knowledge Base] articles."

No comments:

Post a Comment