Sophos has issued a patch after a faulty antivirus update led to some Windows users being faced with a black screen when attempting to log onto their computers. The botched update caused considerable chaos and confusion among users as it displayed the Windows 7 winlogon.exe as malware.
Sophos was quick to respond to the problem, issuing a patch on 4 September to "all endpoints", which according to the firm "corrected the problem within hours". Sophos said in blog: "Based on current case volume and customer feedback, we believe the number of impacted systems to be minimal and confined to a small number of cases. The most common impact to our customer base is that some administrators may need to clear several erroneous alerts from their administrator consoles."
The firm added that there may have been a "few cases" of Windows users having been confronted with a black screen when they attempted to log onto their computers before the fix was rolled out. In such cases, Sophos recommended waiting for 15 minutes, during which an update would be triggered, after which "a Microsoft ten minute retry loop checks for the presence of winlogon.exe allowing logon to complete".
According to security expert Graham Cluley, glitches like this are not uncommon, especially given that companies are obliged to issue new updates for constantly emerging fresh threats. The rising volume of malware, ransomware and other threats can often lead to firms' security sometimes slipping through the cracks while rapidly rolling out new updates.
"This isn't just a problem with Sophos, of course. Many other vendors have suffered from similar problems in the past, and will no doubt continue to do so in the future," Cluley said, adding: "It's important to balance a speedy response with proper quality control to ensure that huge goofs like this cannot occur."
Over the weekend, some Windows users the Sophos Enterprise Console, in Sophos Central or in Sophos Home were greeted with the message:
Virus/spyware 'Troj/FarFli-CT' has been detected in"C:WindowsSystem32winlogon.exe". Cleanup unavailable.