The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.
The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All the current December bugs are here. Use the links on the left or below to jump back to past months, or use the search form.
Techcrunch reports on an issue where a number of people, who all appear to be Mozilla Firefox 2.0 users, reported a mass deletion of their Gmail emails, while they were logged in. Read more at http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass-email-deletions/, including a link to a discussion of the problem at Google Groups, and a response from Google -- which indicates this affected around 60 people. Just goes to show that you should back up your Gmail, err... never mind.
There is a new Linux 2.6 kernel for Novell SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10. It fixes a bug in the UDF filesystem that sometimes caused the computer to hang when it was truncating files. It also plugged a struct file leak in the perfmon(2) system that happened when the OS was running on an Itanium-based system. Find out more at http://www.novell.com/linux/security/advisories/2006_79_kernel.html
If you want to view Adobe Acrobat PDF files within the Apple Safari web browser, you must be using Mac OS X 10.4.3 or later. Adobe says that the Adobe PDFViewer for Mac OS X won't work on older versions. Also, it will only work within Safari; it doesn't work with Firefox or Opera running on a Mac. See http://www.adobe.com/support/techdocs/333545.html for configuration information.
Today's BugBlog Plus has five more bugs and fixes from EA, Microsoft and Red Hat.
Once you have installed Windows XP Media Center Edition 2005 Update Rollup 2, you may have problems with Windows Media Digital Rights Manager files. Try to play back one of the protected files, and you may get an error message similar to one of these:
Restricted Content: Restrictions set by the broadcaster and/or originator of the content prohibit playback of the program on this computer
0xC00D2751: A problem has occurred in the Digital Rights Management component. Contact Microsoft product support.
Microsoft has issued a new fix to take care of the bug introduced by Update Rollup 2. Get the latest fix at http://support.microsoft.com/kb/913800/. Watch here to find out what bugs this latest bug fix introduced.
Today's BugBlog Plus has ten more bugs and fixes from Adobe, Apple, Microsoft and Novell.
The BugBlog will be taking Christmas off, and since there's significant readership in Canada and the UK, we are going to take Boxing Day off, too.
The Microsoft Security Response Center may have had a slight delay in the beginning of their Christmas holiday, with reports of a public exploit against the Client Server Run-Time Subsystem in Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. According to their blog, the attacker must have authenticated access to a computer system in order to carry out the attack, which makes it potentially less damaging. More interesting, however, is that Vista is included on the list of vulnerable systems. Read the whole thing at http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx.
Today's BugBlog Plus has ten more bugs and fixes from Adobe, ATI, Microsoft and Mozilla.
The Internet Storm Center has posted a very useful chart. It shows their count of Microsoft's zero-day bugs. (Where exploits are known, but there isn't a fix yet.) As of 12/21, there are three critical bugs (all for MS Word), four that are marked less urgent, and three bugs where they don't know enough details to label their severity yet. See the whole list at http://isc.sans.org/diary.php?storyid=1940.
There is a bug in the way that Mozilla Firefox 2.0 and 126.96.36.199, Thunderbird 188.8.131.52, and SeaMonkey 1.0.6 set the CSS (Cascading Style Sheet) cursor property. The bug may cause a buffer overflow as the custom cursor is converted to a Windows bitmap. This can possibly be exploited by a malicious website to install hostile code on your computer. This has been fixed in Firefox 184.108.40.206 and 220.127.116.11, Thunderbird 18.104.22.168, and SeaMonkey 1.0.7. Mozilla rates this as a Critical bug, and credits Frederik Reiss with finding and reporting it.
Today's BugBlog Plus has ten more bugs and fixes from Adobe, Apple, ATI, Microsoft and Mozilla.
Apple has hired some creative writers for their Knowledge Base. They say "As if it were a swarm of bees, you should stay away from the SyncServices folder" for Mac OS X 10.4. If you don't heed their advice you could end up with duplicate data in your address book or iCal. Even worse, you may lose some data. If you don't know where that folder is (and remember that you shouldn't go there), it's in Home folder, Library, Application Support. Appreciate their entire literary effort at http://docs.info.apple.com/article.html?artnum=301920.
Today's BugBlog Plus has six more bugs and fixes from Adobe, Apple, Microsoft and Skype.
The anti-phishing shield in Microsoft Internet Explorer 7 may cause the browser to bog down and run slowly if you visit a web page that has lots of frames, or if you browse through many different frames over a short period of time. Microsoft has a fix for this. IE 7 users can get it at http://support.microsoft.com/kb/928089.
Today's BugBlog Plus has five more bugs and fixes from Apple, ATI, and Microsoft.
Here's a review of the new data-sharing web site, Swivel
Yahoo (I'm not putting in the exclamation point) says there is a bug in their Yahoo Messenger due to a bad ActiveX control. The bug may trigger a buffer overflow, which could be activated by visiting a maliciously designed web page. Yahoo says you may be vulnerable if you installed Yahoo Messenger before 11/2/06 (although they didn't post this notice until 12/8/06). You can get an update that fixes this bug at http://messenger.yahoo.com/security_update.php?id=120806
Today's BugBlog Plus has five more bugs and fixes from Adobe, Google, and Microsoft.
Microsoft has changed the way that the Microsoft Update Standalone packages work for Windows Vista. The old way to view the contents or extract the contents of one of the packages will not work -- especially if you are trying to do this on a non-Vista computer. It's because they use the "New and Improved" (those are air-quotes) Intra-Package Delta (IPD) compression technology. You will need to get the Windows Vista OEM Pre-installation Kit (OPK) if you want to view and extract. See http://support.microsoft.com/kb/928636 for the details.
A security patch for Microsoft Office for the Mac was accidently released ahead of time via auto-update. According to the Microsoft Security Response Center blog, they are still testing this patch, and a pre-release version was accidently released. They've taken the patch out of circulation, and they also recommend that you uninstall the patch. See http://blogs.technet.com/msrc/archive/2006/12/13/information-on-accidental-posting-of-pre-release-security-updates-for-office-for-mac.aspx for the details.
Today's BugBlog Plus has ten more bugs and fixes from Adobe, Apple, IBM, Microsoft, Sophos, Sun Microsystems, and Symantec.
There are two critical bugs in Windows Media Format files that can affect almost all current versions of Microsoft Windows. One bug is in the way that Windows handles Advanced Systems Format (ASF) files, and the other is in Advanced Stream Redirector (ASX) files. Run into one of the maliciously-designed files at a website or in email, and the attacker may be able to take control of your system. It affects Windows 2000, Windows XP, and Windows Server 2003, but not Windows Vista. It affects all versions of Microsoft Windows Media Format 7.1 through 9.5 Series Runtime, but version 11 is not affected. Microsoft has patches available at http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx.
Today's BugBlog Plus has six more bugs and fixes from Microsoft's Patch Tuesday security bulletins.
There is a new zero-day attack against Microsoft Word, apparently unrelated to the zero-day attack discussed in the 12.6 BugBlog. It affects Word 2000, 2002, 2003, and the Word Viewer 2003. However, the brand new Word 2007 is not affected. (A cynical person would say this is all a marketing ploy to get people to upgrade. Luckily, I'm not cynical.) The issue is being actively exploited, according to Microsoft. At this point, it does not appear that there will be a fix for either of these issues in time for the 12/12 Patch Tuesday Security Releases. See http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx for more.
Today's BugBlog Plus has four more bugs and fixes for Adobe, Apple, and Microsoft
There is a buffer overflow bug in an ActiveX control in AOL 7, 8 and 9 that may allow a malicious website to run their code on your system. You would need to visit the website with Microsoft Internet Explorer, and AOL 9.0 Security Edition revision 4156.910 or earlier (including America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230). The bug was discovered by Secunia Research, who say that using the automatic update function for AOL will get you a version of AOL 9 that is fixed. See http://secunia.com/advisories/23043/ for the details.
Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft, and Red Hat.
Adobe says that Acrobat 7 and the Adobe Reader 7 have a number of critical bugs that need to be fixed. Attackers may be able to design a malicious PDF file that takes advantage of these to take control of your computer. Users of the free Adobe Reader 7 need to upgrade to the free Reader 8 at http://www.adobe.com/products/acrobat/readstep2.html. Users of Acrobat 7.x should see the fix information at http://www.adobe.com/support/security/bulletins/apsb06-20.html.
There is a new zero-day attack against Microsoft Word 2000, XP, 2003, Word for the Mac, and Microsoft Works. Users could only be affected if they opened up a maliciously designed Word document. Microsoft itself claims in their security advisory that attacks have been limited, but hostile code is circulating on various malware sites. We are a week away from the next Patch Tuesday, so I'm guessing that Microsoft is working fast to get a fix ready. Read more at http://www.microsoft.com/technet/security/advisory/929433.mspx
Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Novell, and Red Hat.
Today's BugBlog Plus has seven more bugs and fixes for Apple, Google, and Microsoft.
You will not be able to install the Microsoft Zune software on a Microsoft Windows XP Media Center 2005 computer unless you have installed the Rollup Update 2 for the Media Center. Without it, you will get this blunt error message:
"Operating System Not Supported"
To achieve compatibility, get the update at http://support.microsoft.com/kb/900325. Also, the Zune software is totally incompatible with both Windows XP Media Center Edition 2002 and Microsoft Windows XP Media Center Edition 2004. If you are using those versions, I guess you can always stick with iTunes.
Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Google, Microsoft and Symantec.
The latest in a series of ActiveX problems gives Microsoft another "win".
If you have upgraded to Windows Vista from Windows XP, and then on the same computer upgrade to Microsoft Office 2007 from some earlier version of Office, you may have a problem doing searches in Outlook 2007. If Outlook 2007 uses Rich Text Format (RTF) as its file type, none of your searches will find results within RTF messages. Microsoft has a fix for this. See the details at http://support.microsoft.com/kb/927595.
Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.
Microsoft officially launched Vista on November 30. That's also the day that the anti-virus firm Sophos said that some malware already known to be on the Web can bypass Vista's defenses if downloaded through third-party Web-based email. Even if the malware gets through, however, other parts of Vista may still be able to stop it from causing damage. Read the whole thing at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005542.
There is a bug in an ActiveX control for Adobe Reader 7.0.x and Adobe Acrobat 7.0.x that may allow an attacker to crash a computer after opening a corrupt PDF. However, it only affects you if you click on a link within Microsoft Internet Explorer to view a PDF file. Adobe's suggested workaround is to delete the ActiveX control. This means you won't be able to view PDFs from within IE; however, you will still be able to open them in the stand-alone Adobe Reader or Acrobat. See http://www.adobe.com/support/security/advisories/apsa06-02.html for the details on how to delete the file, if you use IE.
Copyright 2003-2007 BJK Research LLC