The BugBlog Plus - November 2003

BugBlog

Subscription portion of the BugBlog

11/26	Three security bulletins dating from September 2003 have been updated by Microsoft to recognize that the security bugs also affect Microsoft Works Suite 2004. (Probably since Microsoft Word is part of the suite. It only took two months to figure this out?) So if you are are Works Suite 2004 user, you are vulnerable to a flaw via Visual Basic for Applications that may allow an attacker to run code on your computer. You also face a buffer overrun in the WordPerfect converter, plus a bug in Word macros may also let an attacker run code on your machine. Microsoft says that if a Terminal Services client is attached to a Windows Server 2003 computer, opens up a Microsoft Word attachment in Microsoft Outlook and tries to print it to a networked printer, the server may crash with this error message Stop 0x0000008E KERNEL_MODE_EXCEPTION_NOT_HANDLED CAUSE Microsoft has a hotfix for this, which will be in a future Windows Server 2003 service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix discussed in Knowledge Base article 829422. Note that you may get charged for this call. Microsoft says that a Windows Server 2003 computer may lock up during Remote Desktop Protocol (RDP) sessions. You may end up with: a blank screen in the RDP session; a blank screen at the console; the keyboard or mouse may quit; Computer Management may quit. Microsoft has a hotfix for this, which will be in a future Windows Server 2003 service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix discussed in Knowledge Base article 826139. Note that you may get charged for this call. Microsoft says the Hungarian version of Windows Server 2003 has problems installing the File Server or Print Server for Macintosh services. The problems will prevent the Macintosh clients from connecting. Microsoft has a hotfix, which will be in a future service pack. If you Hungarian Mac users need it earlier, contact Microsoft Technical Support and ask for the fix discussed in Knowledge Base article 819673. Note that you may get charged for this call. If you are running Microsoft Exchange Server 2003 on a Windows Server 2003 computer, and you have auditing turned on, the server may bog down during periods of high server use. Microsoft says the auditing makes too many remote procedure calls (RPCs) to the event log, and the server may appear to lock up. Microsoft has a hotfix for this, which will be in a future Windows Server 2003 service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix discussed in Knowledge Base article 822820 . Note that you may get charged for this call. Microsoft says that if you install an array controller on a Windows Server 2003 computer, a number of bad things may happen: the server may lock up; it may crash when restarting or shutting down; there may be problems with the host bus adapter; there may be problems with the Storport.sys driver. Microsoft has a hotfix for this, which will be in a future Windows Server 2003 service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix discussed in Knowledge Base article 823728. Note that you may get charged for this call. Microsoft says that after you run a Windows Server 2003 computer for several days (a behavior that most people look for in a server) it may start to slow down or become unresponsive because of a memory leak in the Lsass.exe process. Microsoft has a hotfix for this, which will be in a future Windows Server 2003 service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix discussed in Knowledge Base article 821008. Note that you may get charged for this call.
11/25	Novell has an update for iChain 2.2 Support Pack 2. This new version 2.2.110 fixes three security problems. One may allow one user access to another user's session. A second one eliminates a denial of service attack via WGET. The third takes care of known vulnerabilities on SSL. The update can be downloaded from http://support.novell.com/servlet/tidfinder/2967439. On a Windows XP Service Pack 1 computer, a problem with the USB 2.0 controller may prevent the processor from going into a C3 power state (a Clock-Stopped) after a device is disconnected from a USB 2.0 hub. This has been fixed in Microsoft's USB driver update to SP1. Get the update at http://support.microsoft.com/?kbid=822603. After upgrading to Windows XP Service Pack 1, problems with USB drivers may cause a computer to restart instead of resuming after a hibernation. There may also be a blue screen of death with this error message STOP 0x000000A in Usbport.sys. This has been fixed in Microsoft's USB driver update to SP1. Get the update at http://support.microsoft.com/?kbid=822603. Novell's latest update for iChain 2.2 Support Pack 2 fixes a number of bugs that were causing abends. Some of the places they were occurring included: when walking a list of "not initialized" services; at shutdown with STOP.NCF; while the LDAP server was down; when writing large .JSP files; and in SetSrvIP.NLM. The update can be downloaded from http://support.novell.com/servlet/tidfinder/2967439. Red Hat has a security update for Pan, the Gnomve/GTK+ newsreader. This fixes a possible denial of service attack triggered by a long author email address. There are new packages for Red Hat Linux 7.x, 8.0, and 9. You can find them at https://rhn.redhat.com/errata/RHSA-2003-311.html. Red Hat has updates for the iproute packages for Red Hat Linux 7.x, 8.0 and 9. A bug discovered by Herbert Xu may let iproute accept spoofed messages from local users, which may trigger local denial of service attacks. Links to the updates are at https://rhn.redhat.com/errata/RHSA-2003-316.html.
11/24	If you are using Windows Media Player (WMP) to play an AVI file on a Windows XP computer, don't switch between a windowed command prompt and a full-screen command prompt while WMP is playing. Microsoft says that if you switch multiple times, WMP may crash with a message like Windows Media Player cannot play the file. The file is either corrupt or the Player does not support the format you are trying to play. 0xC00D1199: Cannot play the file. Microsoft says to use the Windows Task Manager to turn off WMP. You can then restart it. Apple says that their Apple Hardware Test may fail to recognize that a Bluetooth module is present, although it is there and working. If the Hardware test fails to find Bluetooth, Apple says to use the System Profiler's Devices and Volume tab. This should report accurate results. If, after you have upgraded to Microsoft Windows XP Service Pack 1, you may notice that a Hi-Speed USB isochronous device, such as a video camera, may hog up to 80 percent of CPU time during streaming video. This, of course, may cause problems elsewhere on your system. You can fix this by getting the USB driver update from Microsoft at http://support.microsoft.com/?kbid=822603. On a computer running Windows XP Service Pack 1, using the Safely Remove Hardware utility to take a USB storage device offline may cause your system to crash, with an error message similar to STOP 0x0000007E in Usbhub.sys. Microsoft says to get the USB driver update at http://support.microsoft.com/?kbid=822603to fix this. If you are using Microsoft Windows Media Player 9 for Windows XP to view a DVD, using subtitles, the subtitles may become disabled if you put the computer into Suspend or Hibernate mode. When you resume, and go back to the DVD, the subtitles will be gone. However, you can just go back to the Play Menu, Captions and Subtitles, and turn the Closed Captions back on. RealNetworks says there are some compatibility problems between RealOne Player 2, and Symantec Norton Internet Security and Norton Personal Firewall software. The two security products will block the content portion of RealOne Messages, although you will be notified of the message and see the title. RealNetworks has no workaround information. Red Hat has an updated XFree86 package for Red Hat Linux 9. The update fixes some bugs that may allow a remote attacker to either launch a denial of service attack or run their own code, because of some heap and stack buffer overflow attacks. According to Red Hat, this only affects client computers. You can get the update at https://rhn.redhat.com/errata/RHSA-2003-288.html.
11/21	NVIDIA has an updated unified driver (both Windows XP and 2000) for nForce, nForce2, and nForce3. They say it includes some general compatibility fixes, plus some specific audio fixes, including a fix for the bug that sometimes caused a blue screen of death when loading DLS files. You can get the driver at http://www.nvidia.com/object/nforce_udp_winxp_3.13. If you are using Microsoft Access 2003 along with the Microsoft Jet 4.0 Service Pack 5, you may have problems adding records to a datasheet. If that datasheet is made by a query with three tables or more, then Access may crash with an error message such as MSACCESS caused an invalid page fault in module MSJET40.DLL Microsoft says to upgrade to Microsoft Jet 4.0 Service Pack 6 (SP6) or later to fix this. If you have installed Microsoft Windows XP Service Pack 1, and then later have problems getting a USB mouse to wake a hibernated computer, then get the updated USB drivers for XP SP1 from http://support.microsoft.com/?kbid=822603. The Novell BorderManager VPN Client 3.7.3 update fixes some compatibility problems with Centrino processors. It also fixes a bug that was interfering with the ability to enter Hibernate / Standby modes. You can get the update in the file bm37vpn4.exe from http://support.novell.com/servlet/tidfinder/2967299. RealNetworks has a security update for the RealOne player. The 10/14/03 update fixes security holes that may allow an attacker to embed scripts or false URLs in the RealOne players temporary files. It also fixes a bug that may have allowed scripts to be run remotely. Get the update at http://service.real.com/help/faq/security/securityupdate_october2003.html. If you run the RealNetworks RealOne Mobile Player for Pocket PC's setup program when Microsoft ActiveSync 3.1 is not in its Connected status, then the Mobile Player may never successfully recognize ActiveSync 3.1, and will keep on giving error messages like " Please install Microsoft ActiveSync 3.1 or any later version before installing RealOne Player." RealNetworks says to change the ActiveSync status to Connected, and then install.
11/20	Microsoft says that if an Excel 2003 workbook has an Office 2003 Smart Document attached, and if the Excel workbook was opened either inside an OLE container or ActiveX document container, you may not be able to close Excel. Close that workbook or container, and Excel will still be in the Task list. Microsoft does not yet have a fix. Apple says that if you are using Mac OS X 10.2, and you want QuickTime Java support for Java 1.3 or Java 1.4.1, then you shouldn't upgrade to QuickTime 6.4. There are compatibility issues. For now, stay with QuickTime 6.3. If you have already upgraded, use the QuickTime 6.3 Reinstaller at http://docs.info.apple.com/article.html?artnum=120255. Creative has an update for the Audigy MP3 Creative Recorder. You need this update to the recorder, REC2-WEB-2-LB, if you have upgraded to the AUD_EAX4DRV_031031.exe driver for this device. You can get the upgrade at http://us.creative.com/support/downloads/download.asp. Don't upgrade to and then start Microsoft Office Outlook while a Pocket PC device is sitting in the docking cradle attached to this computer. Microsoft says there will be a file mismatch between some open .DLL files and the new ones for Outlook 2003. You may then see this error message Cannot start Microsoft Office Outlook. Unable to open the Outlook window. The set of folders could not be opened. Microsoft says to take the Pocket PC device out of the cradle before doing the upgrade. Another bug in Microsoft Outlook 2003's Business Contact Manager -- while you may create a task directly from any Business Contact Manager item, the new task won't appear to be linked to the BCM item. Microsoft has a couple ways to work around this. See http://support.microsoft.com/?kbid=828243 for the details. Oracle says that Oracle9i Application Server Portal Release 1, v 3.0.9.8.5 (and earlier) and Oracle9i Application Server Portal Release 2, v 9.0.2.3.0 (and earlier), are both susceptible to a SQL injection vulnerability, which may give an attacker unauthorized access to user data. Oracle has patches for the products. Get the patch details at http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf. (Doesn't Oracle have enough money to turn their bulletins into HTML?)
11/19	Some USB webcams may crash Mandrake Linux 9.2. Mandrake points fingers at some Philips webcams, but there may be others. As a solution, they say to upgrade to kernel 2.4.22-18mdk. If you are using Apple Final Cut Pro 4.0 or 4.0.1 on a Mac OS X 10.3 computer, Apple says that Final Cut may crash right after opening. As a fix, they say to upgrade to Final Cut Pro 4.0.2. Dell has an upgraded driver for Creative Labs Sound Blaster Live! 5.1 Digital sound cards, which are optional in some Dell Dimension computers. The new version 5.12.1.203 has a number of unspecified bug fixes, plus some new features. Microsoft says that when you install Office 2003, it removes the Office 2000 Web Components. This means that web pages or custom solutions that rely on these components will start generating errors, especially ones that look like ActiveX Component Can't Create Object Microsoft has two methods to get the Office 2000 Web Components back, depending on whether you upgraded from Office 2000 or Office XP. See the details at http://support.microsoft.com/?kbid=831590 Microsoft says the behavior of Word 2003 is different than earlier versions in terms of markup text. Although you can still show or hide markup text, if it is hidden it will still be shown immediately when you open or save the document. They said they did this so that you won't accidently send a document with the markup text available. (That's for all the people who put rude comments in their markup, I guess.) Microsoft has released the Office XP Web Services Security Patch, which is for both Office XP and SharePoint Team Services. It is needed to fix a security bug that may allow an attacker to start a denial of service attack. You need both Windows Installer 2.0 and Office XP Service Pack 2 before installing this patch. Get it from http://support.microsoft.com/?kbid=812708.
11/18	Apple says that iTunes for Windows has compatibility problems with the sound cards on some Dell computers. (They aren't specific on makes and models.) The incompatibility may cause the songs to play faster than normal. If all your iTunes sound like they are being played by Alvin and the Chipmunks, then contact Dell for a sound card driver update. Apple says that Safari 1.1, running on Mac OS X 10.3, has compatibility problems with PithHelmet 0.7.1 from http://www.culater.net/. According to Apple, Pith Helmet may cause Safari to crash when it starts, because that version of Pith Helmet is designed for Mac OS X 10.2.8 or earlier. You will need to get an upgrade from http://www.culater.net/. Microsoft says that if you are using Microsoft Office Outlook 2003 with the Business Contact Manager, you may not be able to add a Microsoft Exchange email account to the profile. There is a conflict between Business Contact Manager and the Exchange profile, which may trigger this error message: The Business Contact Manager database has been removed from this profile, because this version of Business Contact Manager does not support Microsoft Exchange Server e-mail accounts. Please use a profile that does not contain an Exchange Server e-mail account. Microsoft has two different methods for a workaround. See the details at http://support.microsoft.com/?kbid=813348. Microsoft says that Windows XP Service Pack 1 had a modification to the stream.sys class driver. This change caused problems with video capture devices that connect via USB. They say that if the system shuts off the device, you won't be able to restart it. This will then lock up any program, such as a video editor, that may want to restart the device. Microsoft has a hotfix for this, which will be in a future service pack. If this bug is causing problems, you can contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 813348. Note that you might get charged for this call. Novell has an upgrade for BorderManager, the ICSA Compliance Kit (which they refer to as ICK) that will bring BorderManager up to ICSA standards. It can be installed on BorderManager running on NetWare 5.1 SP6, NetWare 6 SP3, and NetWare 6.5. You can get ICK at http://support.novell.com/servlet/tidfinder/2967316. Red Hat has an update for the Zebra package for Red Hat Linux 7.2, 7.3, 8.0 and 9. The Zebra package, which handles TCP/IP routing, had a bug that may allow a remote attacker to launch a denial of service attack. You can get the update to fix this bug at https://rhn.redhat.com/errata/RHSA-2003-307.html.
11/17	In the continuing saga of Microsoft Security Bulletin 03-043, Microsoft made two changes last week. This bulletin, about a bug in the Windows Messenger service that could allow attackers to run code on your system, was released 10/15/03 and then revised twice in October, once to include fix information and once to address an additional issue. The bulletin was then revised 11/13/2003, because it had the wrong file version for the Windows XP update. It was then revised 11/14/03 because the Windows XP update was putting some files in the wrong spot. To get the patch of the patch, go to http://www.microsoft.com/technet/security/bulletin/ms03-043.asp. Apple has updated Mac OS X 10.3. The new version 10.3.1 takes care of a bug in the FileVault feature. Apple says there are some circumstances where preference settings may be lost when FileVault reclaims some space. Apple's update of Mac OS X to 10.3.1 is still susceptible to causing data loss on external FireWire hard drives that have the Oxford 922 bridge chip set. Apple says to upgrade the firmware on these drives before upgrading the OS. Apple's update of Mac OS X Server to 10.3.1 is still susceptible to causing data loss on external FireWire hard drives that have the Oxford 922 bridge chip set. Apple says to upgrade the firmware on these drives before upgrading the OS. On 11/13/2003 Red Hat re-released new packages for glibc for Red Hat Linux 9. The reason for the change was to make the glibc packages compatible with kernels that didn't come from Red Hat. You can get these new packages at https://rhn.redhat.com/errata/RHSA-2003-325.html. Red Hat has new versions of the PostgreSQL packages for Red Hat Linux 7.2, 7.3, 8.0, and 9. This update fixes two bugs that may lead to a buffer overflow when Postgres SQL does ASCII conversion routines. Get the updates at https://rhn.redhat.com/errata/RHSA-2003-313.html.
11/14	If you are using the Microsoft Windows XP Fax Service to send a fax both to someone in your address book and to a group in your address book, and that person is also included in the group, you will see this misleading error message: Some recipients were discarded because their addresses don't appear to be fax numbers. (IDS_BAD_ADDRESS_TYPE). Microsoft's workaround is straightforward -- remove the duplicate recipient. When using Microsoft Windows XP Media Center Edition 2004, yo may have some odd video behavior after resuming a computer from standby, when you had been playing a video. When you restart the video (after resuming the computer), and double-click the screen to maximize it, you will have a completely black video window. Microsoft says as a workaround, restart the video with the Play button on the remote control. MandrakeSoft has a security update for Linux 9.0, 9.1, 9.2, the Multi Network Firewall 8.2, and Corporate Server 2.1. This fixes a bug in the fileutils and coreutils packages that was discovered by Georgi Guninski that may lead to a denial of service attack. You can get the update automatically via MandrakeUpdate, or do it manually with the package information found at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:106. If you have a volume license for Macromedia Contribute 2, Dreamweaver MX 2004, Fireworks MX 2004, Macromedia Flash MX 2004, FreeHand MX, or Studio MX 2004, each end user may be prompted to enter the serial number when the software is started the first time. This will happen even if an administrator has serialized and registered the product. Macromedia has no fix at this time. If you are using Macromedia Dreamweaver MX 2004 with PHP and MySQL, be careful of the software versions. You need PHP 4.1.1 and higher, 4.2.x or 4.3.x. If you are using an earlier version, when you test the PHP/MySQL connection you will get an unidentified error. There are other configuration problems that may lead to these errors, but it helps to clear up the easy ones first. When using Macromedia products on an Apple Macintosh OX X 10.3, note that they are incompatible with Mac Fast User switching. Macromedia says their applications don't support this. Macromedia products have shortcuts mapped to the F9, F10, and F11 keys. In Apple Mac OS X 10.3, their Exposé utility uses these keys for its own functions, and will override the Macromedia shortcuts. Macromedia says that if you want their shortcuts back, do this: go to Mac System Preferences; choose Exposé; within the Exposé dialog, assign those functions to some other keystroke.
11/13	Adobe Acrobat Capture 3.0 - 3.03 does not like file names with more than one period. If you are doing a Capture image on one of these files, you may get one of the following error messages: " Could not commit because output file does not exist" " Capture step aborting: Reason: Unable to commit file." " Too many failures; forcing this page to image-only" " Created placeholder file [filename.xxx.acp]" The simplest workaround is to rename the file. You probably can't go wrong with an 8.3 file name, but at least lose the extra period. Adobe also says that this is fixed in Acrobat Capture 3.05. If you are using NVIDIA's Personal Cinema GeForce FX 5200 on a Windows XP computer, you may get some screen flickering when using WinDVR for a preview. NVIDIA says this has been fixed in the latest driver 52.16. Apple Final Cut Pro (FCP)4 has compatibility propblems with Digidesign audio cards. If you have one of these cards installed, when starting up FCP you may get this error " Out of Memory" and then FCP quits. As a workaround, Apple says to go the Mac OS X System Preferences and switch the sound output device to "Built-in audio controller." If that doesn't work, the next two fixes are more drastic -- either remove the audio card or upgrade to Mac OS X 10.3. Microsoft has released the FrontPage 2000 Server Extensions November 2003 Security Patch. This is for both Windows 2000 and Windows XP. This patch plugs a security hole that may allow an attacker to run a temporary denial of service attack. This fix was already included in Windows 2000 Service Pack 4, so if you installed that you can pass on this.
11/12	There is a new patch for Microsoft Excel 97, 2000, and 2002. This fixes a security hole that may allow an evildoer to run their own code on your computer via a spreadsheet. This happens because of the way Excel checks the spreadsheet before doing a macro. A fix for each version of Excel is available from http://www.microsoft.com/technet/security/bulletin/ms03-050.asp. Microsoft credits Kazuyuki Housaka with finding this problem for them. A bug in the way that Microsoft Word 97, 2000, and XP checks the length of macro names in a document opens up a security hole. This might allow a malicious user to run their own code on your computer, if you try to open a specially-constructed Word document. Patches for the affected versions of Word are at http://www.microsoft.com/technet/security/bulletin/ms03-050.asp. At the end of September, 2003, Cisco published a security alert that summarized their products susceptibility to the Open SSL attack. They have recently updated the bulletin, for they have found that the Cisco Content Service Switch (CSS) 11000 series is also vulnerable, but only the SCM. To view the full report, see http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml. Novell has patched the NetWare 6.5 TCP module. They found that if Vptunnel was configured, then the wrong source address was going into ICMP packets. You can get the update in the file tcp651t.exe at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967376.htm. Novell has an update for TCP in NetWare 6. It fixes a bug that was causing Path MTU discovery to malfunction when used with IP Load Sharing or Load Balancing. You can get the update at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967016.htm. If you are using Novell NetWare 6 with IPSec, and getting ABENDS during the encryption process, then upgrade to the lates TCP for this version of NetWare. Get it in the file tcp607k.exe from http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967016.htm. Apple has a security update for Mac OS X 10.3 and Mac OS X Server 10.3. It squashes a security bug in the Terminal application that may allow an intruder to access your system. Get the update at http://docs.info.apple.com/article.html?artnum=120269.
11/11	If you are upgrading from Windows 2000 Server to Windows Server 2003, be careful of your versions. You can't upgrade a retail version of Windows 2000 with an OEM version of Windows Server 2003. If you try, you will see this error message: " Windows Setup does not support upgrading from Microsoft Windows 2000 Server to Microsoft Windows Server 2003, Standard Edition. " Microsoft says you should contact Microsoft Product Support Services to get the correct version of Windows. (Don't worry, I'm sure they won't ask any questions on where you got the OEM version, if it's yours, are you a pirate? Etc.) Microsoft says that once you install their Content Management Server 2001 Service Pack 1 (SP1) on a Windows Server 2003 computer, you may disable the Server Configuration Application (SCA) tool on the server. This will happen if the Active Server Pages (ASP) Web service extension is not turned on in the Internet Information Services (IIS) 6.0 on the Windows Server 2003-based computer. By default, it is not turned on. You can turn it on in the IIS Manager. If you need details on how to do this, see http://support.microsoft.com/?kbid=816609. Adobe says that the Deskew Image tool in Acrobat Capture 3.0-3.0.4 won't always work. You will still have crooked images. They say you will need to upgrade to Acrobat Capture 3.0.5 if you want to keep things straight. Upgrade information is at http://www.adobe.com/support/techdocs/31f46.htm. If you try to install Adobe Acrobat Capture 3.0.4 with a roaming user profile, instead of as a local Administrator, you may see one of these error messages: " A license violation was detected. The machine called [computer name] is using the same serial number as this workstation." " The product type and serial number do not match. No agents or steps will be allowed to run." " Could not open the workflow database." These errors may also be triggered by a version mis-match during an update. Adobe's advice is to upgrade to Acrobat Capture 3.0.5. If you are running Eutechnyx Limited's Big Mutha Truckers on a computer with a NVIDIA GeForce FX 5900, once you return to the desktop you may see a corrupted display. This has been fixed in the NVIDIA driver 52.16. Updates are at http://www.nvidia.com/content/drivers/drivers.asp. If you are using Microsoft Flight Simulator 2004 on a computer with a NVIDIA GeForce4 MX 440, you may get a blue screen of death crash if your display settings during a flight are set with 2x or Quincunx antialiasing enabled. This has been fixed in NVIDIA's 52.16 driver update. Get the update at http://www.nvidia.com/content/drivers/drivers.asp.
11/10	In Apple Final Cut Pro 4, if you are using one of the Boris Calligraphy text generators, and the font you used previously is no longer on the computer, then Final Cut Pro 4 will crash. Apple says there are two workarounds. The first is to restore the previously used font. If that isn't possible, they say to delete the Final Cut Pro 4 Preferences files in your home folder at /Library/Preferences/Final Cut Pro User Data/. If you have other custom user settings in Final Cut Pro, this workaround will delete them. Apple doesn't say if it is possible to just edit the preference files to eliminate references to the missing font. If you want to use Apple's iPod Software Updater for Windows, make sure that Windows is installed on the C: drive. If it is installed anywhere else, you may see this error message when installing or restoring the iPod software "Can't Mount iPod" There is no workaround. Apple says that if you are using your iPod for voice recording, pressing Pause while recording, and then leaving the iPod on Pause, may quickly run down the battery. Their advice is to turn off voice recording instead of Pausing. If you are using a NVIDIA GeForce FX 5200 on a Windows XP computer, and playing Massive Development Aquanox 2, reflections may not show up correctly. This has been fixed with the latest driver update, 52.16, from NVIDIA. Updates are at http://www.nvidia.com/content/drivers/drivers.asp. If you have a NVIDIA Forceware driver, and you are playing Blizzard Entertainment's Warcraft 3, after exiting the game you may end up with a corrupt display and possibly the wrong orientation. This has been fixed in the Forceware 52.16 driver, which you can get at http://www.nvidia.com/content/drivers/drivers.asp. If you have a NVIDIA GeForce FX installed on a Windows XP computer, and you are playing Gas Powered Games Dungeon Siege, turning on antialiasing may show corruption around the mouse pointer. This has been fixed in the Forceware 52.16 driver. You can get it at http://www.nvidia.com/content/drivers/drivers.asp.
11/7	If you use Microsoft Word 2003 to open a .DOC file from an earlier version of Word, that had Editing Restrictions applied, you will not be able to edit even if you have been given the password permissions for the document. Microsoft says this is due to incompatibilities in the Information Rights Management feature. Instead, go to the Tools menu and click Uprotect. See http://support.microsoft.com/?kbid=827397 for details. A problem in Microsoft Outlook Express (OE) may trigger errors in Microsoft Outlook 2002. If OE is corrupted, trying to do a Send/Receive in Outlook 2002 may give an error message that looks something like unknown error 0x80040154 As a fix for Outlook, Microsoft says to uninstall and then reinstall OE. If you upgrade from Microsoft Exchange 2000 Server to Microsoft Exchange Server 2003, you might mess up offline Address Book replication between servers. Exchange Server 2003 has an extra folder called OAB Version 3a to handle Unicode. There is no counterpart in Exchange 2000. Microsoft says you are going to have to manually enter the offline Address Book replication information. For steps on how to do this, see http://support.microsoft.com/?kbid=817377. Microsoft's IISLockdown tool includes URLScan. If this is installed on Microsoft Outlook Web Access (OWA), using Microsoft Internet Explorer to view the Exchange 2003 Inbox may return a blank screen. However, Microsoft does admit that there is no problem with Netscape Navigator. So you can probably switch to Netscape, although Microsoft probably prefers that you edit the Urlscan.ini file to modify the URLScan settings to permit additional WebDAV and HTTP verbs. For details, see http://support.microsoft.com/?kbid=822928. Microsoft Exchange Server 2003, in both the Standard and Enterprise Edition, has a surprise for third-party programs that use Collaborative Data Objects (CDO) to access a mailbox. If a user account had been previously accessed by a client computer running Outlook 2003, the third-party program may crash. Microsoft has a hotfix for this, which will be in a future service pack. (By which time they will probably come up with a new way to trip up third-party programs.) If you need this fix sooner, contact Microsoft Technical Support and ask for the fix described in Knowledge Base document 823343. An apparent incompatibility between Microsoft Word 2003 and Microsoft SharePoint Server may have its origin elsewhere. If you try to create a new Word 2003 document from the Windows SharePoint Server document library, Word 2003 may lock up. Microsoft says to look and see if you have a beta version of the Microsoft Internet Explorer Rights Management Add-on. If you do, get rid of the add-on from the Control Panel's Add/Remove Program applet.
11/6	There is a new version of Apple's AirPort. Airport 3.2 is for Mac OS X 10.3, and in addition to compatibility with the new OS, it also fixes problems with USB printing performance. If you've moved up to Panther (OS X 10.3), you can get the AirPort update at http://docs.info.apple.com/article.html?artnum=120267. Apple says that Shake Qmaster, and especially its Extended Node Cluster feature, is incompatible with the Mac OS X 10.3 upgrade. For now, there is no workaround. The Apache HTTP Server 2.0.48 fixes a bug which would trigger an infinite recursion if an included config file or a directory has a wildcard character. The Apache HTTP Server 2.0.48 fixes a buffer overflow in mod_alias and mod_rewrite. This overflow would happen if a regular expression is configured with more than 9 captures. The Apache HTTP Server 2.0.48 fixes a security flaw that caused mishandling of the AF_UNIX socket. This interfered with communications between the cgid daemon and CGI scripts. Palm has released an update for the Tungsten T3. It takes care of some incompatibility problems with SD cards. If you use SD cards, you can get the update plus installation instructions at http://www.palmone.com/us/support/downloads/tungstent3/t3_update.html. If you are running Microsoft Outlook 2002 on a Windows XP computer, you may have problems attaching a Microsoft Office document to an online meeting request. After attaching in Outlook and clicking Send, you may see this error message The document entered into the Office Document field is not associated with an Office application that supports collaboration. Please associate the document type with an Office application, enter a new document, or clear this field. Microsoft has a hotfix for this, which will be in a future service pack. If you need the fix right away, you can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 821291. Note that you may get charged for this call.
11/5	Microsoft says that if a computer's system time is not set correctly, or if the BIOS time is not set correctly, it may crash Windows Media Player running on Windows XP, with the detailed error message showing "error signature app name wmplayer.exe app ver 8.0.0.4477 mod name msvcrt.dll mode version 7.0.2600.0 offset 00034748" The workaround is to set the time correctly. Sun Microsystems says that some Palm Desktop users may have problems when syncing their data with the Sun ONE Synchronization 1.1 with Patch 2. During the sync, they may see this error message “ A specified module is not found” and when they look at the rsSync.log file, the missing file is rstPalmDT.dll. This normally happens when the Palm Desktop has been configured to use a folder other than the default installation folder. So Sun says to move the Palm Desktop data folder to the original default location. If you are upgrading from Apple Mac OS X 10.2.x to 10.3, the installation may stop during the second CD and you will see this error message in the installation log: "Can't open package /Mac OS X/Library/Receipts/iTunes.pkg (there was an error reading the file iTunes.bom)." This happens if iTunes 1.0 had already been installed on this Mac. The workaround is to get rid of iTunes 1.0. For steps on how to do that, see http://docs.info.apple.com/article.html?artnum=25630. If you have upgraded from Mac OS X 10.2.x to Mac OS X 10.3, and then you use the Disk Utilities Repair Permissions, and then you receive a fax, you may not be able to either print or fax. Instead, you will see an error message similar to " Can't open '/private/var/spool/cups/d00158-001'". There is a workaround that involves going behind the fancy Mac OS X interface and mucking around with the Unix underneath. For the details on what you need to do, see http://docs.info.apple.com/article.html?artnum=25623. If you do an upgrade installation from Apple Mac OS X 10.2.x to 10.3 and both printer sharing and the firewall were turned on in 10.2.x, the firewall may not be available after the upgrade. If you look in Sharing Preferences, you might see this error message "Other firewall software is running on your computer. To change the Apple firewall settings, turn off the other firewall software." To fix this, follow Apple's steps at http://docs.info.apple.com/article.html?artnum=107786. Microsoft has an Office 2003 Critical Update, released on 11/4/03. This fixes a problem in PowerPoint 2003, Word 2003, or Excel 2003, where you may not be able to save files from earlier versions of those programs. Instead, there may be error messages similar to PowerPoint can't read filename. You can get the update at http://support.microsoft.com/?kbid=828041.
11/4	IBM has a patch for Lotus 1-2-3 for Windows 9.8. It fixes the bug that was keeping a .DBF file from being imported if it had more than 40 characters in its path. You can get the patch at http://www-1.ibm.com/support/docview.wss?uid=swg24004364&rs=260. Novell has an updated iPrint Client for NetWare 5.1, Support Pack 6 (with NDPS 2.1.7) and NetWare 6 with Support Pack 3. It has a number of fixes, including for an ABEND caused by IPPSRVR.NLM, and for slow printing when too many printers are in an error condition. Get the update in ndp3sp3c.exe at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967243.htm. Red Hat has updated packages for both fileutils and coreutils for Red Hat Linux 7.x, 8.0, and 9. These patch a potential denial of service attack discovered by Georgi Guninski that may be remotely explotiable through wu-ftpd. There is also a non-exploitable integer overflow in ls that has been fixed. Get the updates at https://rhn.redhat.com/errata/RHSA-2003-309.html. Red Hat has patched the CUPS package in Red Hat Linux 8.0 and 9. This fixes a bug that may cause CUPS to hang. This is potentially exploitable from a remote attacker, if they can make a TCP connection to the Internet Printing Protocol (IPP) port. Get the update at https://rhn.redhat.com/errata/RHSA-2003-275.html In Sun ONE Synchronization 1.1, if you try to sync an all day event from the Calendar Server, the event will show up a day earlier. Sun has fixed this in the Sun ONE Synchronization 1.1 Patch 2. If you are running Sun Microsystems Sun ONE Synchronization 1.1, and have recurring tasks with both start dates and due dates in the future, they will not be synced correctly. This has been fixed in Sun ONE Synchronization 1.1 Patch 2. If you are running Sun Microsystem's Sun ONE Synchronization 1.1 with Patch 2, and you run the csvdmig Migration Utility, users may get this error message when they try to synchronize their data to the Calendar Server: Cannot access calendar data source. Check general troubleshooting under online help. The problem is that the migration utility revises the user names, and these revisions don't match up with the actual users. Sun has a workaround for this. The details are at http://docs.sun.com/source/817-4413-10/index.html#wp29140.
11/3	Microsoft says that if you have a header with a paragraph mark in Word 2002, and you delete everything in the header, you may not be able to get rid of the paragraph mark. They have a hotfix for this, which will be in a future Office 2002 service pack. If you delete a lot of headers, and run into this problem, you may want to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 813816, which is a post-Service Pack 2 hotfix. Note that you may be charged for this call. There is an incompatibility between Microsoft Visual InterDev and Microsoft FrontPage Server Extensions 2002. If you use the deploy option in the Visual InterDev client, you may see this error message: Failed to deploy a file File name. The FrontPage Server Extensions on the server returned the following error: The version of the FrontPage server extensions running on the server is more recent than the FrontPage you are using. You need a more recent version of FrontPage. (error 0x4000c). Microsoft says as a workaround, you can manually mgirate files that are going to be published on a Web server running Windows Server 2003. They have the details at http://support.microsoft.com/?kbid=816634. Microsoft says the Local Quorum Resource is available if you do a new install of Windows Server 2003. However, if you are upgrading from Windows 2000 Advanced Server, this resource won't be available. Microsoft says you will be able to get it if you manually register the Local Quorum resource type. See the detailed instructions at http://support.microsoft.com/?kbid=812544. If you install Symantec Norton AntiVirus 2004 or Norton AntiVirus 2000 Professional on Windows 2000 or Windows XP, you may get this error message whose words give no clue: " Norton AntiVirus has encountered an internal program error." However, if you see 4002,516 in the lower left corner of the window, it tells you the problem is with the NAV Auto-Protect service registry key, which doesn't have sufficient rights. There is a workaround for this detailed at http://service1.symantec.com/SUPPORT/nav.nsf/pfdocs/2003090915213306. Oracle says that a bug in Oracle Files Release 9.0.3.1.x, 9.0.3.2.0, and Release 9.0.3.3.x may allow unauthorized access to restricted content. However, to see this content, you must already be an Oracle Files authenticated user with a valid log-in, so the bug can't be exploited by an outsider. There are patches available for all three versions, available at http://metalink.oracle.com. Oracle says there is a buffer overflow in the Oracle 9i Database Release 2, Version 9.2.x, and also in Release 1, Version 9.0.x, on all UNIX and Linux platforms. The vulnerability is only there if someone has a valid account on the operating system that is hosting the Oracle Database server. Oracle has an interim fix for this in Oracle 9i Database Release 9.2.0.4 for Linux x86.