[a_d_13]

From: http://www.microsoft.com/technet/securi ... 06014.mspx

Microsoft is announcing the availability of an update to winload.exe to address an issue in driver signing enforcement. While this is not an issue that would require a security update, this update addresses a method by which unsigned drivers could be loaded by winload.exe. This technique is often utilized by malware to stay resident on a system after the initial infection.

More information from: http://blogs.technet.com/b/srd/archive/ ... dates.aspx

The second advisory, KB 2506014, hardens Windows against kernel-mode rootkits. This specifically breaks the hiding mechanism used by the current Alureon/TDL4 rootkit family. It is an optional update available on WU and WSUS.

Looks like the TDL4 rootkit will no longer work properly, once this update is installed :)

Thanks,
--AD