Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: MS Update to MS06-015 and a Separate Fix for AEC.SYS Issue - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS Update to MS06-015 and a Separate Fix for AEC.SYS Issue
Lots of folks have sent us e-mail wondering why their WinXP boxen have suddenly indicated that they have a new patch.  It is this update that fellow handler Toby Kohlenberg mentioned a couple days ago, which has now been pushed.  Look here for details.

In other Windows-patching news, Microsoft has also released a completely separate patch to fix an error associated with KB900485, which fixes, and I quote:

"Date last published: 4/25/2006
Install this update to prevent an issue in which you may receive a 'stop 0x7e in AEC.SYS' error message on a computer that is running Windows XP Service Pack 2.  The error may occur during startup, or after the system has started.  AEC.SYS is the acoustic echo canceling driver.  After you install this item, you may have to restart your computer."

Microsoft has told us that this patch is associated with the following:

"This is the ACE reliability update.   It has been available via download center for several months; when people do hit the crash the Watson/OCA site refers them to the download.  For non-security updates, especially things like this reliability update, we do try to have them posted on www.microsoft.com/downloads and available through Watson/OCA or other means for some period of time before pushing out through WU. This gives us additional confidence in the quality of the update before pushing out to several hundred million users.

This specific fix is a random timing bugcheck that can happen when using two-way audio (e.g. netmeeting, messenger, etc.)  It is a random event that could happen at any time.  If you hit it, and reboot, you might not ever hit it again; or you might hit it next month, or in a few months, or the next day.

We monitor the Watson/OCA crash data, and when we have a higher-volume hit in a Windows component that we can fix, we do so, and post it on download center.  Over time, we then move the higher-volume cases to Windows Update. This is just one such case.  Installing this update helps prevent people from crashing in the future."

Interesting insights into how things work inside the magic curtain.  Thanks, Microsoft!
--Ed Skoudis
Intelguardians.
Ed

57 Posts

Sign Up for Free or Log In to start participating in the conversation!