The BugBlog is an almost-daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.
The BugBlog is starting back up, but in a new location. Instead of a painstakingly handcrafted blog, which took way too much time, it will be over on TypePad, where I can concentrate on the writing and not on the RSS. There won't be a BugBlog Plus (at least for awhile), but there will still be a Bug of the Day. Any longer-form writing or reviews (if I get around to them) will still be here.
As if AOL doesn't have enough problems, another one of their ActiveX controls has a security problem. The AmpX control for AOL Radio has a number of buffer overflows that an attacker can use to load hostile code on your computer via a web page. AOL has an update that's supposed to fix this. iDefense Labs has the details.
Windows Vista Ultimate or Windows Vista Home Premium may have problems with some digital TV tuners. If you are watching live TV in the Windows Media Center (WMC)and then put the system into hibernation, WMC may lock up once you wake the computer back up. There is a backup for WMC that should fix this. Get it at http://support.microsoft.com/kb/938929.
While you were able to sync between Address Book contacts between Mac OS X 10.4.x and .Mac, you may have problems after upgrading to OS X 10.5. If the Conflict Resolver says the contacts are identical, the problem may actually be in the images that you have saved with some contacts. Apple says to pick the Address Book contact as the correct one. See http://docs.info.apple.com/article.html?artnum=306792 for more.
Well, let's see if we can get the BugBlog started again - maybe not daily but three or four times a week. Because there are still bugs to stomp out.
For those of you wondering, I've had to put the BugBlog on hiatus. In addition to running my business, I've taken on a day job. That means activities that barely make any money, such as the BugBlog, have had to fall by the wayside. I hope to reorganize my schedule so that I can at least start up the BugBlog again soon -- because the bugs aren't going away.
Microsoft has an update for Windows Vista that fixes a number of incompatibilities. These include problems with Blu-Ray and HD-DVDs when you are displaying them on a large monitor, problems with NVIDIA G80 series graphic drivers, crashes with Windows Calendar, and more. Get it at http://support.microsoft.com/kb/938194.
After you install Adobe Acrobat 8.1, you may find that the PDFMaker option is missing from Microsoft Office 2007 applications. It may have gotten turned off, and can be found in the Disabled Add-In List. Adobe shows how you can turn it back on at http://www.adobe.com/go/kb401734, as well as some other possible fixes.
While you can have color profiles on a Windows Vista computer, some of its components can't handle them. So if a color profile is active and you use Windows Photo Gallery, your pictures may have a yellow tint. It's not permanent, all you need to do is turn off the profile. See how to do this at http://support.microsoft.com/kb/939395/
A number of bugs in Mac OS X 10.3.9 and 10.4 CoreAudio were patched in the Apple Security Update 2007-007. They patched three separate bugs that may allow a hostile web site to run their code on your Mac after you visit the site. The attack takes place via Core Audio's Java Interface. You can get the details, and the download, at http://docs.info.apple.com/article.html?artnum=306172, or wait for Software Update to take its course.
Mozilla Firefox may pass off arguments to other applications without properly encoding spaces and double quotes in URIs. Attackers may be able to exploit this to run hostile code. This is fixed in Mozilla 184.108.40.206, and there is also workaround information at http://www.mozilla.org/security/announce/2007/mfsa2007-27.html, Mozilla credits Jesper Johansson, Billy Rios and Nate McFeters with research on this problem, along with Secunia.
The Windows Vista Special Report has been updated with all the BugBlog Vista items from February through July. BugBlog Plus items will be added later.
A problem with the digital signing of some Windows XP drivers may interfere with Apple iTunes for Windows ability to connect with your iPhone or iPod. Instead, you will see this error message:
iTunes might be unable to launch or communicate with iPod or iPhone. For help repairing your operating system, click More Information.
Apple has information on how to create a batch file that will fix this at http://docs.info.apple.com/article.html?artnum=305999.
According to Mozilla, there is a bug in the way that Microsoft Internet Explorer calls registered URL protocols. If you browse a malicious webpage with IE, it could start Mozilla Fifefox and pass the bad data on to the other browser. This may allow an attacker to run hostile code on your computer. The Fifefox 220.127.116.11 update will plug this hole on the Firefox side, but does not fix the original bug in IE. See http://www.mozilla.org/security/announce/2007/mfsa2007-23.html for the details.
There is a bug in Symantec Backup Exec for Windows Servers 10.x and 11 that may allow remote attackers to launch denial of service attacks that turn off the backup service. They may also be able to exploit the bug to run hostile code on the server. Symantec has a hotfix for this at http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11a.html. They credit iDefense with finding this bug. See their explanation at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=553.
A number of bugs in the Microsoft .NET Framework 1.x and 2.0 may allow critical attacks against Windows 2000 and Windows XP computers, with less severe attacks possible against Windows Server 2003 and Windows Vista. Remote attackers may be able to exploit these bugs to run their code on the victim's computers. Microsoft has links to the patches at http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx. Microsoft credits Dinis Cruz of OWASP, Paul Craig of Security Assessment, Jeroen Frijters of Sumatra and Ferruh T. Mavituna of Portcullis Computer Security Ltd. for finding these bugs.
There is a memory leak in the Windows ReadyBoost driver for Windows Vista. ReadyBoost is a way to use flash memory to boost Vista's performance, and according to Microsoft, you may not even know if it is running. In some hardware configurations, it leaks memory which may lead to this error message:
STOP: 0x0000006F (parameter1, parameter2, parameter3, parameter4) SESSION3_INITIALIZATION_FAILED.
Microsoft also said there could be other problems that could generate this error message, other than the memory leak. They do have a hotfix for it. Either wait for the service pack, or see http://support.microsoft.com/kb/939008/ on how to get it earlier.
This Tuesday is Patch Tuesday, and in honor of the occasion Microsoft is giving us six presents. Three of them are Critical level security patches, covering Office, Excel, Windows, and the .NET framework. Two are important, for Office, Publisher, and Windows XP. There's one Moderate security bulletin for Windows Vista. Stay tuned for the details on Tuesday afternoon.
One of the worst things that can happen to your computer is hard drive failure. What can contribute to drive failure? At ZD Net's Storage Bits blog, there is an article called "Disk Drive Life Depends On...Luck", which is either encouraging or discouraging, depending on your point of view. Read it at http://blogs.zdnet.com/storage/?p=156.
If you've updated to Mac OS X 10.4.10 on an Intel-based Mac, you may hear some audio distortion from external speakers. Apple describes it as "popping". They have an Audio Update 2007-001 that is supposed to fix it. Read more about it at http://docs.info.apple.com/article.html?artnum=305840.
Microsoft has a hotfix for Outlook 2007 that fixes a number of Presence bugs. Presence requests from Office applications to presence applications should now work correctly; if a number of presence icons appear, they should no longer flicker; and they should show the correct information. See http://support.microsoft.com/kb/936864/ for information on how to get the fix.
Try to start up Adobe After Effects, Audition, Encore DVD, Photoshop, Premiere Elements, Premiere Pro, or Soundbooth on a Windows XP computer with a Realtek High Definition Audio integrated sound card, and you may get a system crash with this error message:
"Stop: 0X000000C5" or "Stop: 0x0000008E"
To fix this, Adobe says you need an updated driver from Realtek. Get version 1.33 at http://www.realtek.com.tw.
Mozilla will not be updated the Firefox 1.5 browser line in the future. To help users make the jump up to Firefox 18.104.22.168, there is a new migration tool called Major Update for Firefox 1.5 to 2.0. They talked about it in early June at http://developer.mozilla.org/devnews/index.php/2007/06/06/rollout-of-major-update-for-firefox-15-to-20/, and it's been offered since June 28 for people ready to make the jump into the future.
A bug in the WebCore for Apple Mac OS X 10.3.9 and 10.4.9 may allow a website to launch a cross-site scripting attack, tricking you into revealing personal data to the wrong website. Apple has fixed this in the 2007-006 Security Update. Read more about it at http://docs.info.apple.com/article.html?artnum=305759. Apple credits Richard Moore of Westpoint Ltd.for finding this bug.
Copyright 2003-2007 BJK Research LLC