There is rising concern regarding MS10-015 causing BSOD on machines.  According to Microsoft and other sources in the Security world the issue is linked to Malware already on the machine when the patch is applied.  Microsoft has pulled the patch from WU likely to reduce impact to home users who are more likely to have Malware on their machines that could cause this, but the patch is still available in WSUS, SUS, and SCCM.  The patch is still available to Shavlik Customers as well.

Shavlik Recommendations:

  • Adequate Patch Testing in place - Microsoft tests patches before release and Shavlik does additional testing in our environments to ensure detection logic is correct and there are no widespread issues encountered with patching the machine.  Lab testing can only do so much.  It is highly recommended to implement any level of testing in your environment as well.  This will ensure environment specific variables we cannot reproduce will not cause you issues.  Your testing could be a group of Virtual machines representing a cross section of machines in your environment or it could be IT and a select group of users and servers.
    soft break
  • If you are concerned about the patch, are aware of recent Malware outbreaks in your environment, andor patch testing resulted in machines encountering the BSOD, you can setup a template to scan for all other Security Patches except MS10-015.

Steps to do this:

1. Go to Patch Groups on the Navigation Bar and create a new
patch group.  Call it MS10-015 and click Add Patches.

2.  Scroll down to MS10-015 and check the box and click select then
click Save.

3. Create a New Scan Template.  Call it something like
"Security Patches Except MS10-015".  This by default is setup to
scan for all security patches.

4. In the Patch section select the Skip Selected and next to Patch
Groups click ... to browse and select your new patch group.

5. Scan using this new template and you wills can for all security
patches except MS10-015.

  • If customers are experiencing a BSOD as a result of pushing MS10-015 they can contact Microsoft directly for support using the country specific numbers provided at support.microsoft.com/security. In North America, customers can call 1-866-PCSAFETY for this support.

- Chris Goettl