Windows Black Screen of Death Root Cause

As earlier suggested by Prevx in the fix for Black Screen of Death (BSoD), the actual reason was not related to a recent update pushed by Microsoft.

Prevx has now apologized to Microsoft and also blogged about the Root cause of the Black Screen of Death. Here are some snippets from the blog post.

The issue appears to be related to a characteristic of the Windows Registry related to the storage of string data. In parsing the Shell value in the registry, Windows requires a null terminated "REG_SZ" string. However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder.

This was the root cause that was causing the problem, which was earlier discovered by the SysInternals team a few years ago. They also said that they tested out the problem with the most recent Windows update.

Having narrowed down a specific trigger for this condition we’ve done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

So the Black Screen of Death is NOT caused by Windows update, but is caused by some sort of malware or application which caused the above problem to trigger.

Published by

Keith Dsouza

I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website. I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.