BJK Research

The BugBlog

The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All the current December bugs are here. Use the links on the left or below to jump back to past months, or use the search form. XML

1/31/2007 Reliability Update for Windows Vista

Microsoft already has a reliability update for Windows Vista. It fixes a number of USB problems, including bugs that cause devices such as fingerprint readers or Windows Media Center remote controls to stop working. It will also fix a problem that prevents you from reconnecting a USB device after you use the Safely Remove Hardware option to turn it off. Get the update 925528 at http://windowsupdate.microsoft.com.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Cisco, IBM, and Microsoft.

1/30/2007 TomTom is BadBad

A couple of viruses hitched a ride with TomTom Go 910 satellite navigation devices. TomTom says it was a "small number" of devices manufactured during September-November 2006. The devices have hard drives, and the win32.Perlovga.A Trojan and TR/Drop.Small.qp malware managed to sneak on. These are Windows malware, and while the Go 910 are Linux devices, you can connect them to your computer for backup and updates. TomTom says that antivirus software will work on the infected units. TomTom talks about it at http://www.tomtom.com/support/index.php?Language=1&FID=5327, while ZD Net covers the issue at http://news.zdnet.com/2100-1009_22-6154198.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Sun Microsystems.

1/29/2007 Vista Special Report

Should you upgrade to Windows Vista? In the words of a famous philosopher, Dirty Harry, "It all depends, do you feel lucky?" The BugBlog has gathered up all the Vista items from the past two months and added them to the Vista Special Report, which will be updated daily.

1/29/2007 AV Software Interferes with Windows Vista

Try to activate Windows Vista, and you may get an error message that includes one of these error codes:
0XC004D401 or 0x80080250
According to Microsoft, these codes show that there is an incompatibility between Vista and your antivirus software or your digital rights management (DRM) software. You'll have to upgrade that software before you can activate Vista.

Today's BugBlog Plus has five more bugs and fixes for ISC, Microsoft and Six Apart.

1/28/2007 Intuit QuickBooks Problems with Windows Vista

It appears that Intuit QuickBooks 2006 is not compatible with Windows Vista. In this case, the blame appears to lie with Intuit, for QuickBooks uses some techniques in communicating via the Registry that violate Windows XP standards, much less the newer Vista. David Berlind covers this in a number of posts at http://blogs.zdnet.com/Berlind/?p=316 and earlier.

1/26/2007 Yet Another Word Zero-Day Bug

The Symantec Security blog is reporting yet another Microsoft Word zero-day vulnerability. (This would be the fourth that's currently unpatched, if you are keeping score at home.) This one is called Trojan.Mdropper.W, and it will open a back door onto your computer that attackers will use. See more at http://www.symantec.com/enterprise/security_response/weblog/2007/01/new_microsoft_word_2000_vulner.html.

Today's BugBlog Plus has five more bugs and fixes for Cisco and Microsoft.

1/25/2007 Windows Vista Versus Your Startup List

The Windows Defender program may not like some of the items on the startup list on a Windows Vista computer. While your computer booting up, you may see a message over on the far right of your taskbar that says:
Windows has blocked some startup programs. Windows blocks programs that require permission to run when Windows starts. Click to view blocked programs.
Clicking will show you what's been blocked. (Chances are, they are older pre-Vista applications, especially if this is a computer you upgraded to Vista.) See http://support.microsoft.com/kb/930367 for various things you can do as a workaround.

1/24/2007 Apple Fixes QuickTime Bug

Apple has released a security patch for QuickTime 7.13 for both Mac OS X and Windows. Security Update 2007-001 fixes a bug that may allow malicious websites to run code on your computer via RTSP URLs. This is the first fix Apple has released for a bug from the Month of Apple Bugs website. You can get the fix from the automatic Apple Software Update, or from http://www.apple.com/support/downloads/.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Cisco, Microsoft, and Sun Microsystems.

1/23/2007 McAfee Takes Out Lotus Notes

After upgrading to McAfee VirusScan Enterprise 8.5i, you may have problems accessing your IBM Lotus Notes email. According to McAfee, things will be OK at first, but after a few hours working with Lotus Notes, you may see this error message:
You are not authorized to perform that operation.
After that, you won't be able to do anything in Lotus Notes, but you will be able to close the program. When you restart it, you will have access again, but you will hit the wall again after a few hours. The problem happens if you have VirusScan configured for Scan server mailboxes enabled. For now, McAfee says to disable both Scan all server databases and Scan server mailboxes. See http://knowledge.mcafee.com/article/573/7227825_f.SAL_Public.html for more.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Google and Microsoft.

 

1/22/2007 Microsoft Re-Releases Security Bulletin

Microsoft has re-released Security Bulletin MS07-002, which patched Critical security holes in Microsoft Excel. The reason they patched the patch was that the original did not fix the problem in Excel 2000 in the Korean, Chinese, or Japanese versions. The BugBlog's Asian readers can get the new version at http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, and Microsoft.

1/21/2007 Storm Worm Trojan Circulating Via Email

If you want information on the storms hitting Europe, stick to the Weather Channel. Do not open an email attachment that comes with the subject line "230 dead as storm batters Europe". If you do, you may end up with the Storm Worm Trojan Horse that opens a back door on your computer and will later steal data or send out spam. Read more at http://news.zdnet.com/2100-1009_22-6151414.html.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, and Mozilla.

1/18/2007 Java Bug Is Security Threat

There is a critical bug in the way that Sun Microsystems Java Runtime Environment handles GIF images. An attacker may be able to use this bug to raise the privileges of a Java applet. This could allow hostile code to run on a computer, outside the confines of the Java sandbox. Sun has updates at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1. They credit the Zero-Day Initiative and Tipping Point for finding this bug.

1/17/2007 The Zombies are After Symantec

It's not quite Night of the Living Dead, but an army of remotely controlled zombie computers are targeting computers running old versions of Symantec Client Security and Symantec AntiVirus Corporate Edition. You can read about the details at http://news.zdnet.com/2100-1009_22-6150560.html. Note that Symantec's consumer software, Norton Antivirus and Norton Internet Security, are not affected. Symantec actually patched the hole being used on 5/25/2006, so victims have had ample time to apply the fix. The original Symantec fix is at http://www.symantec.com/avcenter/security/Content/2006.05.25.html.

Today's BugBlog Plus has five more bugs and fixes for Microsoft, Oracle, Red Hat, and Zone Labs.

1/16/2007 IE 7 Brings A Non-working Icon

Upgrade to Internet Explorer 7 on a Windows XP Service Pack 2 computer, and you may get a new icon on your desktop that says "Restore My Active Desktop". Click on it, and nothing will happen. Microsoft has a Registry edit that will let you remove the icon. (Apparently dragging it to the Recycle bin doesn't work.) See the details, and important safeguards when editing the Registry, at http://support.microsoft.com/kb/929200/.

Today's BugBlog Plus has five more bugs and fixes for Apple, Google and Microsoft.

1/15/2007 Upgrading an Embedded Excel Chart is Buggy

If you upgrade a Microsoft Excel 2003 chart to Excel 2007, and the chart is embedded in a Microsoft PowerPoint 2003 presentation, data labels in the chart may get moved. According to Microsoft, this may make the chart difficult to read in PowerPoint. There is no workaround or fix yet.

Today's BugBlog Plus has five more bugs and fixes for Apple, CA, IBM and Microsoft.

1/13/2006 Bugs in Apple UFS Filesystem via DMG Files

The Month of Apple Bugs (MOAB) project has come up with a series of bugs in the UFS filesystem that can be triggered via DMG files (disk image files). At least one of the bugs can be remotely exploitable via Safari if the "opening safe files after downloading" option is turned on. These bugs occupy the #9 through #12 spot on the list at http://projects.info-pull.com/moab/. As workarounds, avoid DMG files from untrusted sources, and turn off that Safari option.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Google, Microsoft and NVIDIA.

1/12/2006 Too Much Multi-Tasking for NVIDIA

According to NVIDIA, if you have GeForce 8800 GTX and GeForce 8800 GTS based graphics cards running on a Windows XP Media Center computer, and you try to burn a DVD while also watching TV, you may crash with a blue screen of death. They say this has been fixed in the ForceWare Release 95 driver version 97.92.

1/11/2007 Word 2007 Doesn't Like Org Chart Editing

Try to edit an organization chart from within Microsoft Word 2007 by double-clicking the chart, and you may get this error message:
The program used to create this object is OrgPlusWOPX. That program is not installed on your computer. To edit this object, you must install a program that can open the object.
Microsoft has three suggested workarounds. First, try editing it again; they seem to think it may work the second time; if that doesn't work, right click the chart and select Edit. If that doesn't work, then you'll need to install the Organization Chart Add-in. See how to do this at http://support.microsoft.com/kb/930080.

1/10/2007 Adobe Patches Acrobat 7.0.8 Holes

Adobe now has a patch for the security problems in Adobe Reader and Acrobat 7.0.8 and earlier versions. The bugs, which were in the 1/4 BugBlog, may allow both cross-site scripting attacks and the ability of the attackers to take over the victim's computer. Adobe's earlier advice was to upgrade to the Adobe Reader 8. They now have a patch that will fix version 7.0.8 of the Reader as well as Acrobat Elements, Standard, and Professional. (Good news for those latter users, since the upgrade from 7.0.8 to 8.0 will normally not be free.) Get the patch at http://www.adobe.com/support/security/bulletins/apsb07-01.html.

Today's BugBlog Plus has eight more bugs and fixes for Adobe, Apple, LucasArts, Microsoft and Novell.

1/9/2007 Critical Bug in IE 6 and 7

There is a bug in the Vector Markup Language (VML) in Microsoft Windows that can allow remote attackers to run hostile code on your computer. The vulnerability will occur via Microsoft Internet Explorer 5.5, 6, and 7, which means it affects Windows 2000, Windows XP, and Windows Server 2003. (Vista is unaffected.) Microsoft says this is a Critical Update, which you can get at http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx. They also have workaround information there, if you can't install the patch right away. Microsoft credits Jospeh Moti working with the iDEFENSE Contributor Program for finding this bug.

Today's BugBlog Plus has six more bugs and fixes for Apple, Google, and Microsoft.

1/8/2007 Some of Word's Galleries are Missing

A new feature in Microsoft Word 2007 is the Building Block Gallery. There is a content control with a drop-down list of galleries, but Microsoft says that not all the galleries are displayed. Some of the ones that aren't are the Bibliography, Watermark, and Cover Page galleries. At http://support.microsoft.com/kb/930201 they say this behavior is by design, but they don't say anything about how to see the missing ones.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft and Sun Microsystems.

1/6/2007 Four Upcoming Security Bulletins from Microsoft

January 9 is Patch Tuesday. At first, Microsoft reported there would be eight security bulletins released. However, they have pulled four of them, and now say they will release only four -- one for Windows and three for Microsoft Office. You can read Microsoft's statement at http://www.microsoft.com/technet/security/bulletin/advance.mspx. You can read about the backtracking at http://news.zdnet.com/2100-1009_22-6147705.html.

Today's BugBlog Plus has seven more bugs and fixes for Adobe, Apple, Microsoft and OpenOffice.

1/5/2007 Opera Bugs in JPEG and SVG

Two bugs have been discovered in Opera Software's Opera 9 web browser, that may allow attackers to sneak hostile code onto a computer. One bug is in the way Opera handles DHT markers in JPEG files. The other is in the matrices are handled in JavaScript and SVG. These bugs have been fixed in Opera 9.10, which you can get at http://www.opera.com/download/. Opera credits iDefense Labs for finding these bugs.

1/4/2007 Adobe Reader and Plug-in Bugs

There are a number of bugs in the Adobe Acrobat Plug-In for browsers, and in the free Adobe Reader 6 and 7. A malicious website may be able to caryy out cross-site scripting attacks because the browser plug-in doesn't correctly validate URI parameters. There's no official word from Adobe, although US CERT says that it appears the bugs were fixed in Adobe Reader 8. Read their report at http://www.kb.cert.org/vuls/id/815960. Stefano Di Paola, Giorgio Fedon, and Elia Florio are credited with finding these bugs. UPDATE: Adobe now has a bulletin at http://www.adobe.com/support/security/advisories/apsa07-01.html.

1/3/2007 Google Patches Gmail Hole

It appears that Google has fixed a bug in Gmail that would allow a cross-site scripting attack. If a user logged on to Gmail, using their browser, and then later visited a malicious website (without logging out of Gmail), the attackers may have been able to steal all the email addresses from the Contacts list. There have been conflicting reports on how rapidly, and how completely, Google fixed this bug. Network World has the report as of 1/2/07 at http://www.networkworld.com/news/2007/010207-google-closes-gmail-cross-site-scripting.html

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Cisco, and Microsoft.

1/2/2007 Quicktime Bug Allows Buffer Overflow

There is a bug in the way that Apple Quicktime handles RTSP (Real time streaming protocol) links. It may be possible for an attacker to construct one of these links that would trigger a buffer overflow which could be used to run hostile code on your computer. According to the Secunia website at http://secunia.com/advisories/23540/, the bug has been verified in Quicktime 7.1.3.100 for Windows. It is also supposed to affect other Windows and Mac versions as well. Secunia credits LMH for finding the bug. It comes from the "Month of Apple Bugs" website at http://projects.info-pull.com/moab/.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, Microsoft, NVIDIA, and WordPress.

1/1/2007 MS Word Wins the Bug of the Month

Three unpatched zero-day bugs gives Microsoft Word the coveted award.

12/31/2006 Redesign on the Fly

We are going to start 2007 with a redesign of the BugBlog website as well as bjkresearch.com. From a design standpoint, it is only a subtle redesign, but in terms of the HTML behind the scenes, there are quite a few changes - dropping the old JavaScript powered rollover navigation buttons for CSS-based navigation controls, and using CSS layout and positioning instead of the old table-based design. Because I'm overlaying the new pages and graphics on top of the old, there's certainly a chance that something will get mangled. If you find a bug in the BugBlog, please let me know. All the old pages won't be converted -- but everything else going forward should be XHTML compliant.

12/30/2006 Reports of Some Gmail Problems

Techcrunch reports on an issue where a number of people, who all appear to be Mozilla Firefox 2.0 users, reported a mass deletion of their Gmail emails, while they were logged in. Read more at http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass-email-deletions/, including a link to a discussion of the problem at Google Groups, and a response from Google -- which indicates this affected around 60 people. Just goes to show that you should back up your Gmail, err... never mind.

 

Google
 
Web www.bjkresearch.com

 

 

 

 

Copyright 2003-2007 BJK Research LLC

 

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

BugBlog archives:

May 07
April 07
March 07
Vista Special Report
February 07
January 2007
December 06
November 06
October 06
September 06
August 06
July 06
June 06
May 06
April 06
March 06
February 06
January 06

See the Site Map for BugBlog archives back to 2002