Did Aurora Fixes Lead To Windows XP Blue Screen of Death?
That's the question that has been raised by the chief security officer for Q1 Labs, a security information event management (SIEM) software maker.
Chris Poulin, the chief security officer for Q1 Labs, a Waltham, Mass. SIEM vendor that doubled its customer base last year, suspects that Microsoft "didn't have time to do the QA (Quality Assurance) they usually do" when they issued what amounted to a a record 13-patch security update for its February 9 Patch Tuesday on repairing what it called 26 vulnerabilities in its Windows operating system and Office productivity software.
Microsoft released the patch that triggered the Windows XP Blue Screen of Death with the "same patches that patched up the Aurora vulnerability," Poulin said. "So there was a rush to market. When you hurry up your QA process you are bound to miss something."
"There's a scramble that happens when you are under the gun," said Poulin. "I'm sure there were a lot of Microsoft executives sweating after Aurora."
Microsoft did not respond to repeated requests for comment.
The highly publicized and sophisticated Aurora hack last month from China has sparked widespread fear among users because it targeted 34 of what should be the most cybersecurity savvy high tech companies including Google.
Poulin even suspects that Microsoft itself may have been hit by the Aurora hack. "If you are Microsoft you wouldn't admit it," he said. "If it was your product you would be a little bit hesitant to stand up and say 'Not only did our product allow you to be hacked. We allowed ourselves to be hacked and we didn't' detect it.'"
The Aurora hack has some pundits even questioning whether users should ditch IE because of the Google China Aurora hack.
Microsoft has responded to the flurry of complaints from Windows XP users that have seen their systems crippled by the Blue Screen of Death by pulling a security patch.
"We basically turned off the Automatic Update system for this bulletin," wrote Jerry Bryant, senior security communications manager lead in a post in The Microsoft Security Response Center. "This means that computers that have our recommended setting to automatically look for, download, and install high priority updates, will not pull this update down."