Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Order books and more at Amazon.com

Order Windows 2000 Secrets from Amazon.com

BugBlog Bug of the Month

Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past month. Sometimes, the bug will be the one which could potentially cause the most damage; sometimes it will be the bug which affects the most users. And sometimes, it will be the bug that is just the most interesting bug. This bug will be selected either from the free Bug of the Day, or from the subscription-only BugBlog Plus.

The Bug of the Day for November, 2005 was written on October 11

Four separate bugs that are present in most versions of Windows may allow a remote attacker to take complete of a Windows system. The most vulnerable version is Windows 2000, where a remote attacker may be able to take advantage of a bug in Microsoft Distributed Transaction Coordinator. This bug has a security rating of Critical for Windows XP Service Pack 1, along with Windows 2000. Microsoft urges those users to apply patches from http://www.microsoft.com/technet/security/bulletin/ms05-051.mspx immediately. Other versions of Windows, including Windows XP Service Pack 2 and Windows Server 2003, are vulnerable only if they are configured in a certain way. Microsoft credits eEye Digital Security, Cesar Cerrudo, and iDefense for finding these bugs.

Why this one, which was one of the critical security updates that Microsoft released on October's Patch Tuesday? The scope, for one thing. It affects Windows 2000 and Windows XP Service Pack 1, and may affect later versions of Windows. Another reason is the impact -- four bugs that may allow a remote attacker to take control of your system. Finally, because even the bug fix had problems, as was shown in the BugBlog of October 17

Microsoft says that their MS05-051 critical security update may cause problems if it is installed on Windows XP, Windows 2000 Server or Windows Server 2003. This update had been marked Critical by Microsoft, who had urged users to install it immediately. If users had previously changed the default permissions to the COM+ catalog, after installing this update they may have problems starting the Windows Firewall, COM+ EventSystem, or Windows Installer Service. Also, the Network Connections folder may be empty, and you may have problems with the Windows Update website. As a workaround, you will need to switch back to the default permissions for COM+. See http://support.microsoft.com/kb/909444 for the details.

So for all these reasons, Microsoft wins the Bug of the Month again.

Previous Bugs of the Month

October 2005: Acrobat Screws Up MS Word

September 2005: Apple Security Update Breaks 64-bit Apps

August 2005: Cisco IOS Vulnerable to IPv6 bug

July 2005: RealNetworks Fixes Four Bugs in Their Media Player

June 2005: Flawed Rollout for Netscape 8

May 2005: TCP/IP Fix for Windows

April 2005: Denial of Service against Symantec Norton AntiVirus

March 2005: IDN Spoofing Bug

February 2005: Windows Animated Cursor Bug

January 2005: Windows Firewall Problems with Dial-up connections

The Bug of the Month is also posted at Blogcritics.org