The BugBlog

bugblog

	The BugBlog uses monthly archives. All the January bugs will be on this page. Use the links on the left or below to jump back to past months. The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5. Read the special report on bugs, incompatibilities and other problems in entertainment software and hardware.
1/30	Potentially "Devastating" Security Hole in Microsoft Internet Explorer An article in InfoWorld, at http://www.infoworld.com/article/04/01/28/HNiehole_1.html, theorizes how you can link some previously announced vulnerabilities in Microsoft Internet Explorer, and create a worm or virus with a "devastating" impact. One workaround you might consider -- start using Mozilla as your browser.
1/29	Mac OS X Security Update Apple has released the 2004-01-26 Security Update for the Mac OS X 10.3.2 Client. There are fixes in this update for Apache 1.3, Classic, Mail, Safari, and Windows File Sharing. They also included the fixes from the 2003-12-19 Security update, too. You can get it at http://docs.info.apple.com/article.html?artnum=120301. Apple also has security updates for the Mac OS X Server, plus earlier OS X releases. These are covered in the BugBlog Plus.
1/28	Missing Terminal Services Causes Windows XP Problems with IntelliPoint There may be compatibility problems with Microsoft IntelliType Pro 5.0 or IntelliPoint 5.0 software when installed on a Windows XP computer, and the computer doesn't have Terminal Services turned on. Some of the problems may include non-functioning scroll wheels, or problems with the My Favorites or Programmable button assignments. You may also see these error messages when shutting down your computer Type32.exe is not responding. Point32.exe is not responding Microsoft has a software update for Intellipoint at http://go.microsoft.com/fwlink/?LinkId=22009 that should fix these problems.
1/27	Another New Virus Targets Windows Systems- Called Novarg or Mydoom The virus of the week in the Windows world is called W32.Novarg.A@mm or W32/Mydoom@MM. It will arrive as an email attachment with a file extension .bat, .cmd, .exe, .pif, .scr, or .zip. It can affect all versions of Windows back to Windows 95. If you get infected, it will set up a backdoor on your system and use that to do a number of other nasty things. It will also mount a denial of service attack against SCO Corporation. There are a variety of subject lines and text it uses in the email. You can see some of them at Symantec's write-up of this threat at http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html. ATI says that if you are using one of their graphics cards with their CATALYST 4.1 software on a Windows 2000/XP computer, if you leave a 3D game none of your user defined color settings from the Display Properties dialog are retained. They say this will be fixed in a future CATALYST release.
1/26	Soundtrack Gets Stuck in Apple iDVD Slide Show Apple says that if you are using iDVD 4 to set up a slide show, you can use an iTunes playlist for the soundtrack. When you are in preview mode, the songs will play in their list order. However, when you actually burn the DVD the first song on the burned disk will repeat, and you won't get the full list. As of now, there is no fix. Apple may have updates on this problem later at http://docs.info.apple.com/article.html?artnum=93646.
1/24	How to Prevent Problems with CDs/DVDs This isn't a bug, but advice on how to prevent problems in the future. The National Institute of Standards and Technology (NIST) has a 50 page guide (PDF, 1.2 MB) on the " Care and Handling Guide for the Preservation of CDs and DVDs".
1/23	Smoking Is Bad For Dell PowerEdge Servers Dell says that some PowerEdge 1650 servers shipped with defective motherboards. A bad inductor may cause the computers to overheat, start smoking and then die. This could happen in any PoweEdge 1650 manufactured between January and May 2003. You can read the details in ZD Net at http://zdnet.com.com/2100-1103_2-5145372.html.
1/22	Cisco Voice/IBM Server Combo Is Insecure Cisco has discovered that if you install many of their voice products on IBM servers, the Director Agent gets installed in an unsecure state. This means that outsiders may be able to launch denial of service attacks, or remotely control the Cisco products. The vulnerability list includes: Cisco CallManager; Cisco IP Interactive Voice Response (IP IVR); Cisco IP Call Center Express (IPCC Express); Cisco Personal Assistant (PA); Cisco Emergency Responder (CER); Cisco Conference Connection (CCC); Cisco Internet Service Node (ISN) running on an IBM with an affected OS version. Cisco has a repair script available at http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des. For more details see http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml.
1/21	Windows 2000 Docking Station Won't Let Go Sometimes you just need patience. If you have a laptop computer, running Windows 2000, and you've inserted it into a docking station, you may not be able to give the Eject PC command right away. Instead, you may get an error message like You cannot eject your computer because one of the devices in the docking station, 'Microsoft ACPI-Compliant Control Method Battery', cannot be stopped right now. Try closing all applications and ejecting the computer again later. Microsoft says that when you dock a computer, certain processes get run, and these all need to get finished before you undock. This time may vary, depending upon what programs are active, and what hardware is involved. So you'll just have to wait, but it may only be 20 to 30 seconds.
1/20	Latest Email Threats; Plus an Excel Hotfix The latest virus/worm/Trojan threat first popped up in Australia over the weekend. It's called Bagle-A, and it comes as an .exe attachment via email, often masquerading as a message from a systems administrator. Everybody should know by now that you don't click on these things. AV companies should have this in their latest signatures. By the way, if you got a message from US Bank asking for verification of your account details -- that was a fraud too. If you delete a number of cells in a Microsoft Excel 2003 worksheet, and then recalculate the worksheet with a SHIFT+F9 keypress, Excel may crash. Microsoft has fixed this and a number of other Excel 2003 bugs in an Excel 2003 Hotfix dated 1/12/2004. These fixes will be in a future service pack, but if you need the fix right away, you need to contact Microsoft Tech Support and ask for the 1/12/2004 Excel Hotfix, which is also described in Knowledge Base Article 833618. Note that you may get charged for this call. There is more Excel hotfix coverage in the BugBlog Plus.
1/19	Mozilla 1.6 Improves Rendering Mozilla 1.6 has been released. There have been improvements made to the rendering. For one thing, the opacity of decendents of a group should be changed correctly. Also, they have changed the Cascading Style Sheet inheritance so that it conforms to CSS 2.1. (This means that pages will display in Mozilla as the web designers intended -- but only if those web designers knew what they were doing in the first place.)
1/16	Not a Happy New Year for Palm Tungsten Here's a bug you actually won't have to worry about for a year. According to Palm, you may have problems turning off Tungsten T3 or E handheld computers in the first week in January. You may turn the power off, but it comes back on after a few seconds. Palm says this may be due to a birthday reminder that spans the end of the year. If you have a birthday reminder set to go off seven days before a birthday, for instance, and the birthday is January 5, you may not be able to power off for those first five days in January. The easiest workaround is to change the reminder time so that it doesn't span the year change.
1/15	Logitech MouseWare Doesn't Serve There is a new version of Logitech Mouse Software. However, Version 9.79.1 build 25 does not work with Windows Server 2003. The mouse will work as a basic pointing device, but you won't be able to program the buttons or see it in the MouseWare Control Center.
1/14	Windows 2000/XP Affected by MDAC Bug The most wide-ranging problem in January's batch release of security bulletins from Microsoft concerns a buffer overflow in Microsoft Data Access Components 2.5 through 2.8. While most people think they are unaffected, these components are included in Windows 2000/XP/Server 2003, as well as Microsoft SQL Server 2000. While this vulnerability may allow an attacker to run their own code on your computer, there are a number of factors that limit the scope of the vulnerability. See the details and get the patch at http://www.microsoft.com/technet/security/bulletin/ms04-003.asp. More bulletins from Microsoft, plus bugs and fixes from other companies, are in the BugBlog Plus. Not a subscriber? Find out more
1/13	Cisco Has an H.323 Problem Cisco has unearthed a bug in how many of their products process H.323 messages. These are usually related to Voice over IP (VoIP) applications or other multimedia messages. Products that use Cisco IOS® Software Release 11.3T and later are affected, as are: Cisco CallManager versions 3.0 through 3.3; Cisco Conference Connection (CCC); Cisco Internet Service Node (ISN); Cisco BTS 10200 Softswitch; Cisco 7905 IP Phone H.323 Software Version 1.00; and Cisco ATA 18x series products running H.323/SIP loads with versions earlier than 2.16.1. This bug can lead to denial of service attacks against the devices. Details and fix information are at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
1/12	Symantec LiveUpdate May Slow Down Your Computer If you have a Symantec product that uses LiveUpdate (such as Norton AntiVirus) you may have run into problems starting on 1/7/2004. According to Symantec if you suddenly notice your computer slowing down, and that Microsoft Word or Excel won't start, it may be due to issues involving security verification. In particular, they say that VeriSign (who handles the security certificate verification) suddenly started receiving a large number of requests for a certificate revocation list (CRL) starting on January 7-8, 2004. At this point, details are sketchy, but you may want to keep an eye on this page (really long URL) for later developments.
1/10	New Trojan Attack; Update Doesn't Come from Microsoft Microsoft does not deliver security updates by email. If you get an email message that says it's from Microsoft, with the text saying something like " "Window [sic] Update has determined that you are running a beta version of Windows XP Service Pack 1 (SP1)" and tells you to install the attached file -- DON'T! It's a trojan that is being called Trojan.Xombe.
1/9	Configuration Settings May Allow Easy Break-in to Cisco Personal Assistant Settings Cisco says that their Cisco Personal Assistant 1.4(1) and 1.4(2) may let unauthorized users come in and manipulate user preferences and configurations. This will happen if the Personal Assistant administrator goes to System, Miscellaneous Settings and checks the box "Allow Only Cisco CallManager Users", and the Personal Assistant Corporate Directory settings are the same directory service that is used by Cisco CallManager. Cisco says this can be fixed very easily. Just go to the Personal Assistant Administration site, then go to System, Miscellaneous and uncheck the "Allow Only Cisco CallManager Users" option.
1/8	ZoneAlarm Update for Compatibility Fixes Zone Labs ZoneAlarm Pro 4.5.538.0 includes a number of compatibility fixes so that the ZoneAlarm firewall gets along better with third-party programs. There are also a number of unspecified reliability enhancements. You can get the update at http://download.zonelabs.com/bin/free/information/zap/releaseHistory.html
1/7	Upgrade for Palm's Outlook Conduit If you have a Palm Tungsten T3 or E, and you recently updated on your desktop computer to Microsoft Outlook 2003, you may want to get the Outlook Conduits for Palm Update v1.01. The earlier version of the Outlook Conduit didn't support Outlook 2003. There are also some other minor bug fixes in it. Get the update at http://www.palmone.com/us/support/downloads/outlookupdate2k3.html.
1/6	Red Hat Fixes Kernel Security Bug Red Hat has a kernel update for Red Hat Linux 7.x, 8.0, and 9. This update fixes a security hole that may allow one of your local users to get root privileges. The bug was discovered by Paul Starzetz from ISEC in the Linux kernel versions 2.4.23 and earlier. You can get the Red Hat fixes from https://rhn.redhat.com/errata/RHSA-2003-417.html.
1/5	Microsoft Fix Slows Down Firewire Drives Microsoft released some bad news just before Christmas. They say that if you install Hotfix 329256 onto a Windows XP Service Pack 1 computer, you may adversely affect the performance of a 1394 (Firewire) hard drive. They say that both reading and writing to the drive may be affected, although the performance hits to different systems may vary. This happens because of "an increase in the gap count for stable enumeration." There's not a lot of details, but there may be updated information at http://support.microsoft.com/?kbid=831584.
1/4	iTunes for Windows Hates Web Accelerators Apple says that if you are using Web acceleration software (they aren't specific about companies or products) then you may have problems using iTunes for Windows. If you go to the Source list and click Music Store, the main iTunes window will go white and not show any data. Apple says to upgrade to iTunes for Windows 4.2 or later to fix this incompatibility.
12/31	Mandrake Linux Update for ProFTPD If you are using ProFTPD on Mandrake Linux 9.1 or 9.2, you want to get the update to ProFTPD 1.2.7. This fixes a security problem that may allow a remote attacker create a root shell. This was originally fixed in September, but another bug was found in that update.

| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02