A forum for reverse engineering, OS internals and malware analysis 

All off-topic discussion goes here.
 #5912  by a_d_13
 Tue Apr 12, 2011 11:50 pm
From: http://www.microsoft.com/technet/securi ... 06014.mspx
Microsoft is announcing the availability of an update to winload.exe to address an issue in driver signing enforcement. While this is not an issue that would require a security update, this update addresses a method by which unsigned drivers could be loaded by winload.exe. This technique is often utilized by malware to stay resident on a system after the initial infection.
More information from: http://blogs.technet.com/b/srd/archive/ ... dates.aspx
The second advisory, KB 2506014, hardens Windows against kernel-mode rootkits. This specifically breaks the hiding mechanism used by the current Alureon/TDL4 rootkit family. It is an optional update available on WU and WSUS.
Looks like the TDL4 rootkit will no longer work properly, once this update is installed :)

Thanks,
--AD