The BugBlog

bugblog

	The BugBlog uses monthly archives. All the December bugs will be on this page. Use the links on the left or below to jump back to past months. The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5. There will be no regular BugBlogging from December 25-29, and only some irregular blogging Dec 29-Jan 3. The daily BugBlog and BugBlog plus will return to full schedule on Jan 4. Read the special report on bugs, incompatibilities and other problems in entertainment software and hardware.
12/31	Mandrake Linux Update for ProFTPD If you are using ProFTPD on Mandrake Linux 9.1 or 9.2, you want to get the update to ProFTPD 1.2.7. This fixes a security problem that may allow a remote attacker create a root shell. This was originally fixed in September, but another bug was found in that update.
12/23	Windows XP Email Shortcut Gets Confused By default, the Windows XP Start menu has an email shortcut that points to Microsoft Outlook Express. If you install Microsoft Office 2003, this email shortcut gets changed so that it starts Outlook instead of Outlook Express. Later, if you remove Office 2003 from the computer, the email shortcut doesn't change back, and won't start Outlook Express. You will need to manually change this in Internet Explorer. Click Tools, Internet Options, and go to the Programs tab. In the list of Email programs, select Outlook Express, click Apply, and click OK.
12/22	Mac OS X 10.3.2 Update Fixes Firewall Problem If you upgraded to the Apple Mac OS X Panther (10.3) release, Apple says you may no longer have your Mac OS X firewall available to you. They have fixed this in the Mac OS X Update 10.3.2.
12/20	Import/Export Fixes in WordPerfect 11 Some problems getting data into and out of WordPerfect 11 have been fixed in Corel WordPerfect Office 11 Service Pack 1. The bug that was preventing Microsoft Word documents with nested tables from opening has been fixed. Problems publishing to both HTML and XML via a UNC path have been fixed. Also, the RTF exporting has been improved.
12/19	Shhh! Don't Wake the Computer Microsoft says that some modems have compatibility problems with the softmodem driver in Windows XP Media Center Edition. Because of this, if the computer is in hibernation it may wake up every time the phone rings. Microsoft says this will happen even if you've turned off the modem's wake option and turned off the wake on ring setting in the computer BIOS. Microsoft's only advice for now is to look for another modem.
12/18	Encrypted Files Cause Windows Computer to Hang Microsoft says there are times when a Windows 2000, XP, or Server 2003 computer is writing files encrypted with EFS (Encrypting File System) to an NTFS-formatted drive, the computer may hang. They say this has happened when restoring data from encrypted files using either VERITAS Backup Exec version 8.6 or later, or with NTBackup.exe. They have a hotfix for this, which will ship in a future service pack. If you are exposed to this problem, then you may want to contact Microsoft Technical Support and ask for the hotfix discussed in Knowledge Base article 828693. You may get charged for this call.
12/17	Macromedia Fixes Flash Fault Macromedia says that because of security flaws in Microsoft Internet Explorer and the Opera browser, a security flaw can be exploited in the Macromedia Flash Player's data file that may allow a malicious user to get to data stored on your computer. They've fixed this with the latest Flash Player (7.0.19.0) which you can get from http://www.macromedia.com/go/getflashplayer.
12/16	Follow-up on IE Spoofing, Plus an IE Parasite On 12/11 we blogged an item about a potential bug in Microsoft Internet Explorer that may allow a "bad guy" to spoof a site and possibly steal information. Microsoft has no specific fixes, but they do have a Knowledge Base article at http://support.microsoft.com/?kbid=833786 that gives you ways to protect against spoofing. If you start up Microsoft Internet Explorer 6, it may crash with a message similar to this Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. If you look at the details of the error message, it will point to Iexplore.exe 6.0.2600.0 Mfc42.dll 6.0.8665.0 Microsoft says that this problem usually occurs if Xupiter is also installed on the computer. The program Xupiter is probably referred to as a utility by its creator. Many other web sites label it spyware, nuisanceware, or a parasite. In any case, Microsoft says you may want to remove it from your system. You can do a manual removal following McAfee's guidelines at http://vil.mcafee.com/dispVirus.asp?virus_k=99904.
12/15	Resized Movie Woes in Apple Mac OS X 10.3 DVD Apple says that if you are using the DVD Player 4 on a Mac OS X 10.3 computer, the video display may slow down after you resize its window. Apple says this will happen if you resize the window so that it overlaps the transparent Info window. Apple says you can avoid this by not resizing while a movie is playing. If you do it anyway, you can fix the problem by pausing the movie and starting it again.
12/12	Bubba Comes with Cisco Unity Server If you have an IBM-based Cisco Unity server, there may be an accidental lapse in security. It seems that these servers shipped with an unintended local user account with the name "bubba". If you have one of these servers and don't want "bubba" to come logging in unexpectedly, see the workaround instructions at http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml.
12/11	Fake URL Exploit with Microsoft Internet Explorer Not long after Microsoft announced they would not be releasing any scheduled security bulletins this month, the Danish security company Secunia released information on how hackers could spoof a web site, and the URL it displays in Microsoft Internet Explorer. This could be used to create fake e-commerce sites and get people to give credit card information. For now, read about it on ZD Net at http://zdnet.com.com/2100-1105_2-5119440.html, because there's no fix yet.
12/10	Windows XP Wizard Says to Insert Floppy into Drive C: Windows XP has a somewhat-useful Forgotten Password Wizard. Why only somewhat useful? If you are running Windows XP on a computer that doesn't have a floppy disk drive, when you run the wizard it will prompt you to insert a floppy disk into drive C. Since that's normally a hard drive, it might prove to be a little difficult. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you think you need this feature (you don't have a floppy drive and you refuse to write down your passwords somewhere) you may want to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 830680. Note that you may be charged for this call.
12/9	iTunes for Windows Falls Prey to a Removable Drive Bug If you are using an iPod and iTunes for Windows, watch out if the drive letter after your iPod has been mapped to a network drive. If so, both iTunes and Windows Explorer will show the wrong amount of open drive space on the iPod. Apple points the finger at Microsoft, showing that it is a more general problem with removable disks on both Windows 2000 and XP, as shown by http://support.microsoft.com/?kbid=297694.
12/8	Firewall False Alarm with Adobe Creative Suite Adobe says that if you start any of the applications in the Adobe Creative Suite (ACS), such as Adobe Photoshop CS, Adobe Illustrator CS, Adobe InDesign CS, Adobe GoLive CS, or Adobe Acrobat 6.0 Professional, and you have a firewall running, there may be a report that the Adobe application is trying to access the Internet. According to Adobe, what happens is the file management system within ACS identifies the name and IP address of the computer when starting up. However, Adobe says that no data gets transferred from the computer unless you configure it as a networked computer.
12/6	In OneNote 2003, a Thousand Words May be Worth a Picture Microsoft says that if you paste text from an outline in OneNote 2003 into an Outlook 2003 contact, it gets pasted as a picture and not as text. Since you probably want it as text, since it is easier to manipulate, you have to do this: copy the text out of the OneNote outline; open the contact in Outlook 2003 where you want to paste; click where you want to paste, and then click Edit, Paste Special, HTML.
12/5	Service Pack Makes IE Draw a Blank After you install Microsoft Internet Explorer 6 Service Pack 1 to a Windows 2000 computer, IE may have problems loading a page that has frames and where the URL has a long query string. You may end up with a blank page and it will appear IE has locked up. This has been fixed in the November 2003 Cumulative Security Update for Microsoft Internet Explorer. You can get this at http://support.microsoft.com/?kbid=824145.
12/4	IPSec and Tunneling Updates for Windows 2000/XP Microsoft has updated Layer Two Tunneling Protocol (L2TP) and Internet Protocol security (IPSec) for both Windows XP Service Pack 1 computers and Windows 2000 Service Pack 3. It takes care of compatibility problems for IPSec connections from behind a NAT server, as well as some other functionality and security improvements. You can see the full list, and get the links to each download, at http://support.microsoft.com/?kbid=818043
12/3	Arrgh! AntiPiracy Run Amok in Norton AntiVirus Symantec has a fix for a bug in Norton AntiVirus 2004. This bug was causing NAV to prompt for product activation anytime the computer was restarted. Even if you entered the activation code every time, eventually you will get rejected with this message " The trial period has expired. This product has been disabled because you have not activated it." Symantec now has a fix so that their product will no longer treat users like pirates. It is in the file SymKBFix.exe and you can get it at http://service1.symantec.com/SUPPORT/nav.nsf/pfdocs/2003093015493306?Open
12/2	Adobe Acrobat Update Adobe has upgraded Acrobat 6.0 to the new version 6.01. The main improvements, according to Adobe, include improved compatibility with Microsoft Office 2003 and with AutoCAD 2004. There are separate upgrades for Acrobat Professional and Standard, as well as different versions for Windows and Mac. Get the one you need at http://www.adobe.com/support/downloads/.
12/1	ZoneAlarm Upgrade Tightens Security ZoneAlarm Pro 4.5.530.0 tightens security by implementing new measures to block host file tampering. This helps prevent someone from spoofing a web site. This update also has what Zone Labs terms "routine maintenance" plus eBay online fraud protection.
11/30	Internet Explorer Vulnerability Announced New security flaws in Microsoft Internet Explorer were announced to the public by researchers, before they were reported to Microsoft. Therefore, vulnerability information is out there without a fix yet. This story on CNet has some of the background.
11/26	Microsoft Works Suite Vulnerable To Bugs Found Earlier Three security bulletins dating from September 2003 have been updated by Microsoft to recognize that the security bugs also affect Microsoft Works Suite 2004. (Probably since Microsoft Word is part of the suite. It only took two months to figure this out?) So if you are are Works Suite 2004 user, you are vulnerable to a flaw via Visual Basic for Applications that may allow an attacker to run code on your computer. You also face a buffer overrun in the WordPerfect converter, plus a bug in Word macros may also let an attacker run code on your machine. The BugBlog Plus has info on a number of hotfixes for problems with Windows Server 2003. The BugBlog won't be updated 11/27 and 11/28, although there will be updates over the weekend.

| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02