BJK Research

The BugBlog

The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All the current December bugs are here. Use the links on the left or below to jump back to past months, or use the search form. XML

12/31/2006 Redesign on the Fly

We are going to start 2007 with a redesign of the BugBlog website as well as bjkresearch.com. From a design standpoint, it is only a subtle redesign, but in terms of the HTML behind the scenes, there are quite a few changes - dropping the old JavaScript powered rollover navigation buttons for CSS-based navigation controls, and using CSS layout and positioning instead of the old table-based design. Because I'm overlaying the new pages and graphics on top of the old, there's certainly a chance that something will get mangled. If you find a bug in the BugBlog, please let me know. All the old pages won't be converted -- but everything else going forward should be HXMTL compliant.

12/30/2006 Reports of Some Gmail Problems

Techcrunch reports on an issue where a number of people, who all appear to be Mozilla Firefox 2.0 users, reported a mass deletion of their Gmail emails, while they were logged in. Read more at http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass-email-deletions/, including a link to a discussion of the problem at Google Groups, and a response from Google -- which indicates this affected around 60 people. Just goes to show that you should back up your Gmail, err... never mind.

12/29/2006 Novell Pops a New SUSE Linux Kernel

There is a new Linux 2.6 kernel for Novell SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10. It fixes a bug in the UDF filesystem that sometimes caused the computer to hang when it was truncating files. It also plugged a struct file leak in the perfmon(2) system that happened when the OS was running on an Itanium-based system. Find out more at http://www.novell.com/linux/security/advisories/2006_79_kernel.html

12/28/2006 Acrobat Viewer for the Mac Only Likes Safari

If you want to view Adobe Acrobat PDF files within the Apple Safari web browser, you must be using Mac OS X 10.4.3 or later. Adobe says that the Adobe PDFViewer for Mac OS X won't work on older versions. Also, it will only work within Safari; it doesn't work with Firefox or Opera running on a Mac. See http://www.adobe.com/support/techdocs/333545.html for configuration information.

Today's BugBlog Plus has five more bugs and fixes from EA, Microsoft and Red Hat.

12/27/2006 Media Center Update Causes DRM Bug

Once you have installed Windows XP Media Center Edition 2005 Update Rollup 2, you may have problems with Windows Media Digital Rights Manager files. Try to play back one of the protected files, and you may get an error message similar to one of these:
Restricted Content: Restrictions set by the broadcaster and/or originator of the content prohibit playback of the program on this computer
or
0xC00D2751: A problem has occurred in the Digital Rights Management component. Contact Microsoft product support.
Microsoft has issued a new fix to take care of the bug introduced by Update Rollup 2. Get the latest fix at http://support.microsoft.com/kb/913800/. Watch here to find out what bugs this latest bug fix introduced.

Today's BugBlog Plus has ten more bugs and fixes from Adobe, Apple, Microsoft and Novell.

12/23 Have a Merry TechnoChristmas

The BugBlog will be taking Christmas off, and since there's significant readership in Canada and the UK, we are going to take Boxing Day off, too.

12/22/2006 Threat Against Windows, Including Vista

The Microsoft Security Response Center may have had a slight delay in the beginning of their Christmas holiday, with reports of a public exploit against the Client Server Run-Time Subsystem in Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. According to their blog, the attacker must have authenticated access to a computer system in order to carry out the attack, which makes it potentially less damaging. More interesting, however, is that Vista is included on the list of vulnerable systems. Read the whole thing at http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx.

Today's BugBlog Plus has ten more bugs and fixes from Adobe, ATI, Microsoft and Mozilla.

12/21/2006 What Does Microsoft Have to Fix?

The Internet Storm Center has posted a very useful chart. It shows their count of Microsoft's zero-day bugs. (Where exploits are known, but there isn't a fix yet.) As of 12/21, there are three critical bugs (all for MS Word), four that are marked less urgent, and three bugs where they don't know enough details to label their severity yet. See the whole list at http://isc.sans.org/diary.php?storyid=1940.

12/20/2006 Cursor Bug Trips Up Mozilla

There is a bug in the way that Mozilla Firefox 2.0 and 1.5.0.8, Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 set the CSS (Cascading Style Sheet) cursor property. The bug may cause a buffer overflow as the custom cursor is converted to a Windows bitmap. This can possibly be exploited by a malicious website to install hostile code on your computer. This has been fixed in Firefox 2.0.0.1 and 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7. Mozilla rates this as a Critical bug, and credits Frederik Reiss with finding and reporting it.

Today's BugBlog Plus has ten more bugs and fixes from Adobe, Apple, ATI, Microsoft and Mozilla.

12/19/2006 Apple Says -- Avoid This Folder!

Apple has hired some creative writers for their Knowledge Base. They say "As if it were a swarm of bees, you should stay away from the SyncServices folder" for Mac OS X 10.4. If you don't heed their advice you could end up with duplicate data in your address book or iCal. Even worse, you may lose some data. If you don't know where that folder is (and remember that you shouldn't go there), it's in Home folder, Library, Application Support. Appreciate their entire literary effort at http://docs.info.apple.com/article.html?artnum=301920.

Today's BugBlog Plus has six more bugs and fixes from Adobe, Apple, Microsoft and Skype.

12/18/2006 Anti-phishing Speedup for IE 7

The anti-phishing shield in Microsoft Internet Explorer 7 may cause the browser to bog down and run slowly if you visit a web page that has lots of frames, or if you browse through many different frames over a short period of time. Microsoft has a fix for this. IE 7 users can get it at http://support.microsoft.com/kb/928089.

Today's BugBlog Plus has five more bugs and fixes from Apple, ATI, and Microsoft.

12/16/2006 Review: Swivel

Here's a review of the new data-sharing web site, Swivel

12/15/2006 Yahoo Messenger Tripped Up By ActiveX Bug

Yahoo (I'm not putting in the exclamation point) says there is a bug in their Yahoo Messenger due to a bad ActiveX control. The bug may trigger a buffer overflow, which could be activated by visiting a maliciously designed web page. Yahoo says you may be vulnerable if you installed Yahoo Messenger before 11/2/06 (although they didn't post this notice until 12/8/06). You can get an update that fixes this bug at http://messenger.yahoo.com/security_update.php?id=120806

Today's BugBlog Plus has five more bugs and fixes from Adobe, Google, and Microsoft.

12/14/2006 Vista Changes Unpacking Method

Microsoft has changed the way that the Microsoft Update Standalone packages work for Windows Vista. The old way to view the contents or extract the contents of one of the packages will not work -- especially if you are trying to do this on a non-Vista computer. It's because they use the "New and Improved" (those are air-quotes) Intra-Package Delta (IPD) compression technology. You will need to get the Windows Vista OEM Pre-installation Kit (OPK) if you want to view and extract. See http://support.microsoft.com/kb/928636 for the details.

12/13/2006 An Accidental Patch from Microsoft

A security patch for Microsoft Office for the Mac was accidently released ahead of time via auto-update. According to the Microsoft Security Response Center blog, they are still testing this patch, and a pre-release version was accidently released. They've taken the patch out of circulation, and they also recommend that you uninstall the patch. See http://blogs.technet.com/msrc/archive/2006/12/13/information-on-accidental-posting-of-pre-release-security-updates-for-office-for-mac.aspx for the details.

Today's BugBlog Plus has ten more bugs and fixes from Adobe, Apple, IBM, Microsoft, Sophos, Sun Microsystems, and Symantec.

12/12/2006 Windows Media Format Bugs Allow System Takeover

There are two critical bugs in Windows Media Format files that can affect almost all current versions of Microsoft Windows. One bug is in the way that Windows handles Advanced Systems Format (ASF) files, and the other is in Advanced Stream Redirector (ASX) files. Run into one of the maliciously-designed files at a website or in email, and the attacker may be able to take control of your system. It affects Windows 2000, Windows XP, and Windows Server 2003, but not Windows Vista. It affects all versions of Microsoft Windows Media Format 7.1 through 9.5 Series Runtime, but version 11 is not affected. Microsoft has patches available at http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx.

Today's BugBlog Plus has six more bugs and fixes from Microsoft's Patch Tuesday security bulletins.

12/11/2006 Another Microsoft Word Bug Allows Attack

There is a new zero-day attack against Microsoft Word, apparently unrelated to the zero-day attack discussed in the 12.6 BugBlog. It affects Word 2000, 2002, 2003, and the Word Viewer 2003. However, the brand new Word 2007 is not affected. (A cynical person would say this is all a marketing ploy to get people to upgrade. Luckily, I'm not cynical.) The issue is being actively exploited, according to Microsoft. At this point, it does not appear that there will be a fix for either of these issues in time for the 12/12 Patch Tuesday Security Releases. See http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx for more.

Today's BugBlog Plus has four more bugs and fixes for Adobe, Apple, and Microsoft

12/08/06 An AOL ActiveX Control Allows Attack

There is a buffer overflow bug in an ActiveX control in AOL 7, 8 and 9 that may allow a malicious website to run their code on your system. You would need to visit the website with Microsoft Internet Explorer, and AOL 9.0 Security Edition revision 4156.910 or earlier (including America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230). The bug was discovered by Secunia Research, who say that using the automatic update function for AOL will get you a version of AOL 9 that is fixed. See http://secunia.com/advisories/23043/ for the details.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft, and Red Hat.

12/7/06 Security Bugs With Adobe Acrobat and Reader 7

Adobe says that Acrobat 7 and the Adobe Reader 7 have a number of critical bugs that need to be fixed. Attackers may be able to design a malicious PDF file that takes advantage of these to take control of your computer. Users of the free Adobe Reader 7 need to upgrade to the free Reader 8 at http://www.adobe.com/products/acrobat/readstep2.html. Users of Acrobat 7.x should see the fix information at http://www.adobe.com/support/security/bulletins/apsb06-20.html.

12/6/2006 Zero Day Attack Against MS Word

There is a new zero-day attack against Microsoft Word 2000, XP, 2003, Word for the Mac, and Microsoft Works. Users could only be affected if they opened up a maliciously designed Word document. Microsoft itself claims in their security advisory that attacks have been limited, but hostile code is circulating on various malware sites. We are a week away from the next Patch Tuesday, so I'm guessing that Microsoft is working fast to get a fix ready. Read more at http://www.microsoft.com/technet/security/advisory/929433.mspx

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Novell, and Red Hat.

12/5/2006 Worm Reports on MySpace

Security researchers at Websense Security Labs report on a worm that is exploiting a bug on MySpace, along with the Apple QuickTime player's support of Javascript, to infect webpages on MySpace. After the infection, links on a MySpace profile may get replaced with links to phishing sites. If you see an empty QuickTime video, or it looks like your links have been changed, you may have been infected. See http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708 for more.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Google, and Microsoft.

12/4/2006 Update Windows XP Media Center to Appease Zune

You will not be able to install the Microsoft Zune software on a Microsoft Windows XP Media Center 2005 computer unless you have installed the Rollup Update 2 for the Media Center. Without it, you will get this blunt error message:
"Operating System Not Supported"
To achieve compatibility, get the update at http://support.microsoft.com/kb/900325. Also, the Zune software is totally incompatible with both Windows XP Media Center Edition 2002 and Microsoft Windows XP Media Center Edition 2004. If you are using those versions, I guess you can always stick with iTunes.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Google, Microsoft and Symantec.

12/3/2007 Microsoft XML Bug Wins December Bug of the Month

The latest in a series of ActiveX problems gives Microsoft another "win".

12/2/2007 Vista and Office 2007 Upgrade Together Brings Bugs

If you have upgraded to Windows Vista from Windows XP, and then on the same computer upgrade to Microsoft Office 2007 from some earlier version of Office, you may have a problem doing searches in Outlook 2007. If Outlook 2007 uses Rich Text Format (RTF) as its file type, none of your searches will find results within RTF messages. Microsoft has a fix for this. See the details at http://support.microsoft.com/kb/927595.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

12/1/2006 Vista Officially Launched, And Threat Identified

Microsoft officially launched Vista on November 30. That's also the day that the anti-virus firm Sophos said that some malware already known to be on the Web can bypass Vista's defenses if downloaded through third-party Web-based email. Even if the malware gets through, however, other parts of Vista may still be able to stop it from causing damage. Read the whole thing at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005542.

11/30/2006 Adobe Acrobat ActiveX Bug Can Cause Crash

There is a bug in an ActiveX control for Adobe Reader 7.0.x and Adobe Acrobat 7.0.x that may allow an attacker to crash a computer after opening a corrupt PDF. However, it only affects you if you click on a link within Microsoft Internet Explorer to view a PDF file. Adobe's suggested workaround is to delete the ActiveX control. This means you won't be able to view PDFs from within IE; however, you will still be able to open them in the stand-alone Adobe Reader or Acrobat. See http://www.adobe.com/support/security/advisories/apsa06-02.html for the details on how to delete the file, if you use IE.

Google
 
Web www.bjkresearch.com

 

 

 

 

Copyright 2003-2007 BJK Research LLC

BugBlog archives:

May 07
April 07
March 07
Vista Special Report
February 07
January 2007
December 06
November 06
October 06
September 06
August 06
July 06
June 06
May 06
April 06
March 06
February 06
January 06

See the Site Map for BugBlog archives back to 2002