The BugBlog Plus -February 2004

BugBlog

Subscription portion of the BugBlog. The first bug of the day listed is always the free bug available to non-subscribers, followed by the subscription-only bugs.

2/26	Apple released a security update for the Mac OS X 10.3.1 client on 2/23/04. It includes security fixes for DiskArbitration, IPSec, Point-to-Point Protocol and tcpdump. Get the 1.6 MB download at http://www.apple.com/support/downloads/. Apple has a security update for the Mac OS X 10.3 server. This includes an update for the Quicktime Streaming Server, as well as fixes for DiskArbitration, IPSec, Point-to-Point Protocol and tcpdump. The 1.8 MB download is at http://www.apple.com/support/downloads/. Apple has a security update for the Mac OS X 10.2.8 client released on 2/23/04. It includes fixes for DiskArbitration, IPSec, Point-to-Point-Protocol. And the Safari web browser. Apple says they have also added all the fixes from the 11/19/03 security update, too. This 5.6 MB download is at http://www.apple.com/support/downloads/. Apple has a security update for the Mac OS X 10.2.8 server released on 2/23/04. It includes fixes for DiskArbitration, IPSec, Point-to-Point-Protocol. And the Safari web browser. Apple says they have also added all the fixes from the 11/19/03 security update, too. This 5.8 MB download is at http://www.apple.com/support/downloads/. Microsoft blames other software if you try to play an audio CD in Windows Media Player 9, and you get this error Windows Media Player cannot find the specified file. Error code 0xC00D1197. If the CD is playable in other multimedia software (showing that the CD is not damaged), then the problem might be that other media software installed on the computer may have changed the Registry so that Windows Media Player 9 can't handle the audio CD. To fix this, you need to edit the Registry to get rid of the change. For detailed instructions, and important safeguards when editing the Registry, see http://support.microsoft.com/?kbid=834483. In Microsoft PowerPoint 2000 and later, you can prepare a presentation to be viewed in a web page, and the presentation can include narration. However, if Microsoft Windows Media Player 9 Series is installed on a Windows XP computer, it may interfere with the narration. The slide show will play, but without the narration. To fix this, go to PowerPoint's Tools, Options dialog, and go to the General tab. Click Web Options, and on that General tab select the Show slide animation while browsing option. The W3C (the World Wide Web Consortium) has released Jigsaw 2.2.4, the latest version of their open source web server. It includes SSL patches from Thomas Kopp, and a bug fix in the client stack persistent connection handler. You can get the update at http://www.w3.org/Jigsaw/#Getting-2-2-4.
2/25	The latest virus/worm threat to pop up attacks via instant messaging. The W32.Bizex.Worm comes in via an ICQ message that will have a link to all contacts in a user's ICQ contact list. This worm will affect all Windows systems from Win 95 on up, but will not affect Linux/Mac/Unix systems. Most AV vendors have updated their signatures by 2/25/04. If you are vulnerable, make sure you get the update. Apple says that if you are making a connect between Bluetooth devices, and one of those devices is a Bluetooth headset, this may slow down your connections. One example they cite is a wireless (Bluetooth) mouse. So if you are trying to re-establish your mouse connection, turn off a headset to speed up the process. Apple says that if you hook up some USB hubs to a Mac OS X 10.2.5 computer, they may set off a kernel panic after a few minutes. This has been fixed in Mac OS X 10.2.6. Ipswitch has a new hotfix for their IMail Server Professional or Small Business 8.05. Hotfix 2 guards against a possible Denial of Service attack that may come through LDAP. It also fixes a bug in the way long host names are handled in the Queue Manager, and also takes care of a peering problem. You can get the fix at ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/im805HF2.exe. Microsoft says that if you are viewing a web page in Internet Explorer 6 that generates a dialog box, pressing the F1 key for help while viewing the dialog box may cause IE to crash. The only error message is the vague " Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." This happens if the dialog box is generated by HTML code that uses window.alert as the method of generating the dialog box. Microsoft has a fix, which will be in a future service pack. If you need this fix right away (you can't fight the urge to press the Help key when the dialog box shows) then cotact Microsoft Tech Support and ask for the fix discussed in Knowledge Base article 830511. Note that you may get charged for this call. Microsoft says that playing around with some of the setting in your Display Properties dialog may lead to distortion in the Taskbar's Notification area (the right hand side that we used to call the Systray) of Windows 2000 and XP. If you make multiple changes to the Active Title Bar component or the Caption Button component, the icons in the Notification area may appear blurry or distorted. Microsoft says not to fret -- restarting your computer will get rid of the distortion. If you are using Windows XP Service Pack 1, along with East Asian languague support, or the East Asian version of XP SP 1, you may have a minor problem with Telnet sessions. The Enter key on the numeric keyboard will not work. This does not affect the Enter key on the main keyboard however. If you really, really need that extra Enter key, Microsoft has a hotfix for you. Contact MS Technical Support and ask for the hotfix described in Knowledge Base article 833515. Note that you might get charged for this call. There is a feature in Windows XP Media Center Edition 2004 that lets you fix the "red eye" that sometimes shows up in photographs taken with a flash. Unfortunately, Microsoft says that sometimes only one of the eyes gets fixed. If this happens, as a workaround they say you can rotate the picture and then do the red eye fix again. Novell has an upgrade for eDirectory 8.7.1. This version, eDirectory 8.7.1.2, fixes bugs in DRL processing, problems with Compaq 4-way servers, and problems with SAP. Novell warns that this patch is not for NetWare 6.5. You can get it at http://support.novell.com/servlet/tidfinder/2967645. Oracle says that their Oracle9i Database Server Release 1, 9.0.1.4 and Oracle9i Database Server Release 2, 9.2.0.4 and 9.2.0.3, are all vulnerable to a security problem. Authenticated users with SQL access may be able to set off a Denial of Service attack. However there does not seem to be a way for this to be triggered by outside attackers. Patch information is at http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument? p_database_id=NOT&p_id=258254.1. Oracle credits David Litchfield of Next Generation Security Software Ltd., for finding this flaw. Oracle says that their Oracle9i Database Server Release 1 and 2, and Application Server Release 1 and 2, are vulnerable to a denial of service attack. The attack comes via a bug in the way that SOAP (simple object access protocol) messages handle certain XML Data Type Definitions (DTDs). Patch information is at http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument? p_database_id=NOT&p_id=259556.1.
2/24	If you are using H & R Block Tax Cut 2003 (all versions) make sure you have used the program update feature to upgrade to at least version 7601. That is the first 2003 version that had all the final forms for the year. The IRS probably won't like it if you use the beta versions of their forms. Apple says that if you are using GarageBand in Mac OS X 10.2 through 10.28, and see this error message Error code 727 was returned by the CoreAudio driver don't worry. That message commonly occurs when you wake up the computer from sleep mode. Apple says to just ignore it. Creative has a firmware update for the Creative Rhomba. The new version 1.05.01 fixes a bug in the file system that sometimes cause a file system failure. If this happens you might not be able to turn on the Rhomba, or it turns on but erases all the memory. MandrakeSoft has a new mkinitrd-net package for Mandrake Linux 9.2. This fixes a bug that was preventing some NICs from getting an IP address when booting ehterboot images. You can get the package automatically through Mandrake Update. Microsoft says that their Office 2003 applications may crash if they are running at the same time as other graphics-intensive programs. This may be especially true if these other programs use DCI or DirectX, and compete for computer resources with Office. (Apparently these Microsoft apps get offended if they learn you are giving some of your affections to some other program.) There are two possible workarounds, according to Microsoft. The first is not to use the other programs at the same time (No playing Doom while running Excel!). Alternatively, turn off graphics hardware acceleration on the computer. For more details on this problem, see http://support.microsoft.com/?kbid=835262. If you are using the Database Interface Wizard in Microsoft Office FrontPage 2003 to make changes to an Active Server Page, you may see this error message Database Results Wizard Error Your page contains a query with user input parameters that could not be resolved. This could happen if your DatabaseRegionStart webbot has an empty or missing s-columnnames or s-columntypes attributes. Microsoft says that you may need to change to ASP.NET, rather than plain-old ASP, to solve this. To see how, go to http://support.microsoft.com/?kbid=817029. While you can use the Rendom.exe utility to rename a domain on a Microsoft Windows Server 2003 system, you don't want to do it if you are running Microsoft Exchange 2000 or 2003 servers on the system too. According to Microsoft, domain rename operations aren't supported on Exchange, and the Exchange servers won't start after renaming your domain. If this happens to you, Microsoft says to use Rendom.exe to go back to the original name.
2/23	Intuit says that in some of the earlier versions of TurboTax 2003, when downloading the TurboTax State program from within the federal program it may appear that the progress bar stops at 25 percent or 37 percent. They say that the program is still downloading, the problem is that the progress bar is not updating properly. This may be a problem if you are downloading with a slow dialup connection. They advocate patience in waiting for the download to finish. The latest update to TurboTax replaces the non-progressing Progress bar with a message "Note: download may take up to 1 hour on dial-up connections." Apple says that if your Mac OS X 10.3 computer is connected to a remote server volume, you may run into problems if you install software that uses the VISE installer. Your Mac may slow down or eventually crash. Apple says you can avoid this by disconnect from all remote volumes, such as an iDisk, SMB, or NFS volumes, before starting the software installation. Macromedia says that if you are using Dreamweaver MX on a Windows 2000 system, and you want to see a Live Data view where your backend database is Microsoft Access, you may get this error message: Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC Microsoft Access 97 Driver] Couldn't use '(unknown)'; file already in use. There are two possible causes for this, according to Macromedia. It may be a permissions problem in Windows 2000, where the account that is trying to access the page doesn't have permission to lock the database. Another possible cause is the time-out value for the Access database DSN is too short. For details on how to fix this, see http://www.macromedia.com/support/dreamweaver/ts/documents/80004005_win2k_error.htm. Macromedia says that if you are using Dreamweaver MX on a Windows 98 SE computer, new files that you create with dynamic content, such as .ASP or .CFM files created with the File, New command, may still get saved with an .HTM extension rather than what's appropriate. Macromedia says that when you type in the file name in the File, Save as dialog, type out the whole name, including extension. Microsoft says that if you open an XML spreadsheet in Excel 2003, and that worksheet has a noncontiguous selection in a Pivot Table, AutoFilter, or Conditional Formatting, Excel may crash. This has been fixed in the 1/12/04 hotfix for Microsoft Excel 2003. Microsoft says that Excel 2003 may run into problems with random numbers. If you have many RAND functions in a spreadsheet, and you update the spreadsheet many times (something you might do in a simulation), Excel may start generating negative random numbers, something its not supposed to do. This has been fixed in the 1/12/04 hotfix for Microsoft Excel 2003.
2/21	Zone Labs has released an upgrade for all their ZoneAlarm 4.x products and Integrity 4.x clients. This fixes a potential buffer overflow in their Simple Mail Transfer Protocol (SMTP) processing that may give an attacker access to your computer. Use ZoneAlarm's update feature on the Overview tab to get the fix. Zone Labs credits eEye Digital Security for finding this bug.
2/20	Red Hat has an updated kernel for Red Hat Linux. This fixes some bugs discovered by Paul Starzetz that may allow a local user to get root privileges. This bug apparently does not allow remote attacks, however. Get the updated kernel package at https://rhn.redhat.com/errata/RHSA-2004-065.html for Red Hat Linux 9, and at https://rhn.redhat.com/errata/RHSA-2004-066.html for the various flavors of Red Hat Enterprise Linux. If you use other distributions of Linux, check for updates for those, too. Apple says that if you have blank gaps in the video in Final Cut Express 2, while the audio keeps playing correctly, you will need to correct this with a slug. Before you head out to your garden and dig one up, you may want to read http://docs.info.apple.com/article.html?artnum=93677 and find out that in this situation a slug is a video clip of a black image with an empty audio track. Cisco says that their Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform are all susceptible to denial of service attacks and/or the possibility of unauthorized access. There are both workarounds to temporarily guard these devices, and software fixes at http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml. If Windows Movie Maker 2 crashes right after adding a title, a video transition, or effect, there may be two possible causes. According to Microsoft, look to see if the DivX Antifreeze filter (Divxaf.ax) is on your system. Look for it via a File Search, and if you find it, rename the file. If that's not it, the problem may be your hardware acceleration setting is too high. You do this on the Advanced tab of the Display Properties dialog. See http://support.microsoft.com/?kbid=836021 for details on how to change it. Microsoft says that if you have scheduled a recording from a TV channel on Windows XP Media Center, the wrong channel may be displayed on the front panel, although you will be recording the correct channel. This may happen if you are watching Live TV when the recording starts, and the channel switches. Microsoft says the front panel display doesn't get updated. This isn't a bug, it's just an example of stupid user behavior. However, because Microsoft wrote it up in their Knowledge Base, somebody apparently did this. Anyway, if you are going to add RAM to your computer, completely power down the computer -- don't just put it into hibernation. Because after the computer wakes up, and finds itself with more RAM, it's probably going to throw a fit, and have some sort of Blue Screen of Death with an error message something like Stop 0x000000A5 the ACPI BIOS in the system is not fully compliant with the ACPI specification Novell says that their ConsoleOne 1.3.5 will be compatible with the newly released Novell ZENworks for Desktops Support Pack 3. However, they say users should upgrade to ConsoleOne 1.3.6 if they need to administer ZENworks for Desktop objects in Novell eDirectory.
2/19	If you are using your iPod with Mac OS X 10.3, make sure your iPod Software Updater is at least version 1.3.1 or 2.1. Older versions of the updater will crash when used with OS X 10.3. The newest versions are available at http://www.apple.com/ipod/download/. Another mass-mailing worm is making the rounds. This one is called W32.Netsky.B@mm, and installs its own email program to send out messages to email addresses it finds on your hard drive. Symantec AV signatures were updated on 2/18/04 to catch it -- check with your AV vendor to make sure.
2/18	According to Microsoft if you are using a third-party file system filter driver, such as the VERITAS Backup Exec Advanced Open File Option (Vsp.sys filter driver), in conjunction with an antivirus filter driver such as Symantec AntiVirus Corporate Edition's Symevent.sys, you may be causing problems saving files on your Windows system. When you try to save Excel, Word, or Outlook files, you may get error messages resembling this Disk is Full - not enough resources If you think the VERITAS filter is the problem, see information about their update at http://seer.support.veritas.com/docs/264490.htm. For more detailed information from Microsoft, see http://support.microsoft.com/?kbid=830265. Adobe Photoshop CS Camera Raw 2.1 fixes some problems with green pixel balancing, crosshatching, and noise reduction. The Windows version of this update is at http://www.adobe.com/support/downloads/detail.jsp?ftpID=2433, and the Mac version is at http://www.adobe.com/support/downloads/detail.jsp?ftpID=2434. Adobe has an update for Photoshop CS's Camera Raw. The new version 2.1 extends compatibility to these cameras: Fujifilm FinePix F700, FinePix S5000 Z, FinePix S7000 Z; Kodak DCS720x, DCS760, DCS 14n; Leaf Valeo 22; Leica Digilux 2; Nikon D2H; Olympus C-5060 Zoom, E-1; Panasonic DMC-LC1; Pentax *ist D; SonyDSC-F828. If you install Windows 2000 Service Pack 4 on a W2K Server or Advanced Server computer, you may spring a memory leak in MOM, the Microsoft Operations Manager. If your server is running programs that generate remote procedure calls (RPC), this will drain system resources, and eventually cause your computer to lock up. You may see event ID 2020 messages in the system event log, too. Microsoft has a fix, which will be in a future service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 835517. Note that you may get charged for this call. If Microsoft BizTalk Server 2004 is running on a Windows 2000 Server or Windows Server 2003, you may see one of these Blue Screen of Death messages 0x50 (PAGE_FAULT_IN_NONPAGED_AREA) KERNEL_MODE_EXCEPTION_NOT_HANDLED KMODE_EXCEPTION_NOT_HANDLED Microsoft has a hotfix for this, which will be in a future service pack for Windows 2000 or Server 2003. If you need it fixed immediately contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 833414. Note that you might get charged for this call. The latest mutation on emailed worms has been called W32.Beagle.B@mm by Symantec. If infected, it will open a backdoor on your computer and use it to send out email. It will come from a spoofed address, and will generally have a random subject line. Symantec products from 2/17/04 on should take care of it. Check with your AV vendor for their updates. If you think you may have this worm, you can see details at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html.
2/17	The first security threat due to the leaked Windows 2000 source code was documented on SecurityTracker.com's BugTraq mailing list. It affects Internet Explorer 5 but not IE 6. The bulletin, and the anonymous posting by the person who posted this exploit, doesn't make it clear whether it is actually Internet Explorer 5.x, which would include IE 5.01 and 5.5, or just IE 5.0 that is affected. (Microsoft no longer supports IE 5.0- they want users to upgrade.) Apparently because of sloppy coding practices, viewing a specially crafted bitmap file may allow an attacker to run their code on your computer. There is no word yet from Microsoft on whether there will be a fix. Apple has an updated AFP Client. This update will both help improve the reliability of the connection to an AFP Server, and it fixes a bug that was causing some AppleWorks files, stored on the server, from being corrupted if they were open when you logged out. Get the update at http://docs.info.apple.com/article.html?artnum=120314. If you are using the Microsoft Encrypting File System (EFS) on the Windows\Temp folder of a Windows 2000 computer, your system may lock up once you install the DirectX security update that came with Microsoft Security Bulletin MS03-030. You may also get a blue screen of death with the error message STOP: c000026c {Unable to Load Device Driver} \SystemRoot\system32\drivers\portcls.sys device driver could not be loaded. As a fix, you need to take the encryption off the Windows\Temp folder. Novell has patched ZENworks for Servers 3 to fix a bug that was causing high utilization rates for NetWare 6.5 subscribers. You can get the update in ZFS3SP2patch13.exe available at http://support.novell.com/servlet/tidfinder/10086960. Novell has released their Native File Access Support Pack 4. If you are using it with a Windows 2000 Primary Domain Controller, they say that Windows workstations may not be able to access the CIFS server. To fix this, edit the YS:\ETC\CIFS.CFG: file with a line similar to this -PDC <PDC_Name> <IP_Address> with the appropriate values filled in. Novell Native File Access Support Pack 4 does not support the legacy AppleTalk protocol stack. If you have an older Macintosh application, you'll need to figure out how to get it to work with TCP/IP if you want it to work with Novell. Red Hat has an updated PWLib package for Red Hat Linux 9. This fixes some bugs in the H.225 protocol (used in teleconferencing packages) that are part of a wider range of problems in H.323 that have affected other software companies. Get the updated package at https://rhn.redhat.com/errata/RHSA-2004-048.html.
2/16	If you use Mac OS X 10.2.8, and have problems with the DVD player, then you need to get the updated graphics drivers at http://docs.info.apple.com/article.html?artnum=120319. The only reason given by Apple for this driver update was "to restore DVD Player functionality." If you are trying to play Digital Reality's Hegemonia on a Windows XP computer with an ATI RADEON 8500 series graphics card, and the ATI CATALYST 4.2 Driver Suite, you may not be able to see the main menu when you start the game. If you can get past that problem, all background 3D textures are missing too. As of now, ATI has no fix. If you are playing Fishtank Interactive's Aquanox 2 on a Windows XP computer with an ATI RADEON 9100 IGP series graphics card and the ATI CATALYST 4.2 driver suite, a particular viewing configuration in Aquanox will trigger texture corruption after you play the game for a few minutes. According to ATI, here is the problem configuration: Resolution: 1024x768x32; Object Detail Texture: On; Landscape Light: On; Landscape Detail Texture: On; Light Rays: On; Dynamic Lights: On; Dynamic Shadows: On; Texture Filter: Bilinear; FSAA: 4. As of now, there is no fix, so stay away from this particular configuration. While playing EA Games Medal of Honor Spearhead on a Windows XP computer with an ATI RADEON series graphics card, and the ATI CATALYST 4.2 driver software, if you turn on anti-aliasing and have a screen resolution abouve 1280 by 1024, the main menu will be very dark. As a workaround, ATI says to turn off anti-aliasing. When playing Sierra Games Nascar 2003 on a Windows XP compute with an ATI RADEON 9800 Series graphics card and the ATI CATALYST 4.2 software, ground textures may show up with a rainbow effect. This will be fixed in a future CATALYST release. Microsoft says that the master document feature of Word 2003 does not work with a Microsoft SharePoint Services web site. If you try to combine the two, you may have a number of problems. Subdocuments may get deleted or lost, changes may not get saved, or Word may crash. Microsoft says that in this situation, convert the master document to a regular Word document. Red Hat has an updated XFree86 package for Red Hat Enterprise Linux AS 3, ES 3, and WS 3. This fixes two buffer overflows in the font.alias file that may allow a local user to gain root privileges. You can get the update at https://rhn.redhat.com/errata/RHSA-2004-061.html.
2/14	The Microsoft Office 2003 applications Access, Excel, Word, PowerPoint, Publisher, Project and Visio all have an option on the File menu that allows you to send the document you are working on to an email recipient. This will only work if you have Microsoft Outlook set as your default email application. If you want to use some other email application as your default, you are going to have to edit your Registry if you want this option to work. See the details, and important safeguards on what to do, at http://support.microsoft.com/?kbid=834008.
2/13	ATI has released their Catalyst 4.2 driver for Windows XP. It fixes the incompatibility that caused display corruption in WinDVD 4 or 5, when you originally logged on to Windows XP as an administrator, and then did fast user switching to a limited user account. If you are playing Activision's Wolfenstein:Enemy Territory on a Windows XP computer with an ATI graphics card using an ATI Catalyst 4.1 driver, you may notice a drag in performance. If you don't want to give the bad guys and advantage, upgrade to Catalyst 4.2, where this has been fixed. If you are running the space simulation software Celestia on a Windows XP computer with an ATI RADEON 8500 or 9100 series graphics card and the ATI Catalyst 4.1 software, you may see very slow performance. This has been fixed in the Catalyst 4.2 software. The updated ATI Catalyst 4.2 driver fixes a problem that caused Disney Interactive's Tron 2.0 to crash right after the game introduction. If you play Atari Line of Sight: Vietnam on a Windows XP computer with an ATI graphics card using ATI Catalyst 4.1, the game may crash when it is run at a setting of 800x600 16bpp. This has been fixed in the updated driver ATI Catalyst 4.2. Mandrake has an update for the netpbm package for Mandrake Linux 9.1, 9.2, Corporate Server 2.1, and Multi Network Firewall 8.2. This fixes a number of bugs that may allow local users to overwrite or create files in a different user account. Mandrake has an update for the nautilus package for Mandrake Linux 9.2. This fixes a bug that crashed Nautilus if the last file in a list view is deleted, but the file was clicked to open.
2/12	If you are doing a mail merge in Microsoft Word 2002, and the mail merge main document is on a Windows Server 2003 computer, you may be prompted more than once to find the data source. To make sure that you only have to find the data source once, Microsoft has three suggested workarounds: either move the documents to the local computer; make the location of the data source a trusted location in Microsoft Internet Explorer; or do the mail merge on a different version of Microsoft Windows. (This last one was Microsoft's actual suggestion.) See http://support.microsoft.com/?kbid=834699. If you have iTunes 4.2 (or later) running on a Mac OS X 10.3.2 or later computer, and you have the option set to "Require password to wake this computer from sleep or screen saver" option, you may have problems if the computer wakes up and the iTunes full-screen visualizer is running. It will obscure the log-in. Apple says you need to press the Escape key to get rid of the visualizer, then you should be able to log-in. Microsoft Outlook 2000, Outlook Express (OE) 6 for Windows ME, and OE 6 for Windows 98 may all have compatibility problems with some old versions of the SBC Prodigy software. Even if you upgrade to the newer SBC Yahoo! software, Microsoft says that Outlook and Outlook Express may still use the old dialer, which may cause Outlook to crash with an error message such as Outlook caused an Invalid Page Fault in module kernel32.dll. To fix this, you will need to remove your old SBC Prodigy and SBC Yahoo! email account information, and then set up a new account. For the details, see http://support.microsoft.com/?kbid=810939. If you are using Microsoft Word 2000 with the Office 2000 Service Pack installed, you may have problems with text in a table. If the table text is in a paragraph formatted as Page break, it may show up correctly in Print Preview, but it will not print correctly. This has been fixed in the 1/13/2004 Post-Service Pack 3 hotifix for Word. If you can't wait for a future service pack to get this fix, then contact Microsoft Tech Support and ask for the hotfix described in Knowledge Base article 834003. Note that you may get charged for this call. Novell has updated exteNd Composer Enterprise 4.2. Patch E will fix problems that the Composer server had in picking up encoded information from xsl files. The Windows version is at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966216.htm, and there's also a Unix version. Red Hat has a new mutt package for Red Hat Linux 9. Mutt is a mail user agent that runs in text mode, and it has a bug that may let an attacker send a specially designed email message that will crash Mutt and let the attacker run their own code on the target computer. If you use Mutt, get the new one at https://rhn.redhat.com/errata/RHSA-2004-051.html.
2/11	Microsoft released a patch for a Windows component, the ASN.1 Library, that has far-reaching consequences for Windows systems. It affects all versions of Windows NT 4.0, Windows 2000 SP3 and earlier, and all versions of Windows XP. This component is used in Windows security functions, so it affects Microsoft Internet Explorer, Outlook, Outlook Express, third-party applications that use certificates, Kerberos (UDP/88), Microsoft Internet Information Server using SSL, and NTLMv2 authentication. This flaw was discovered by Derek Soeder and Yuji Ukai of eEye Digital Security on7/25/03. Microsoft released the patch on 2/10/04. eEye's report says that "The MSASN1 library is fraught with integer overflows" that give attackers, through multiple ways, the ability to run their own code on the attacked system. This is a critical update -- you will need to get your systems patched right away from http://www.microsoft.com/technet/security/bulletin/ms04-007.asp. The best technical details are in eEye's bulletin at http://www.eeye.com/html/Research/Advisories/AD20040210.html. Apple says that if you are playing a Smart Album slideshow in iPhoto 4, and you change the ratings of some photos, those changes won't be visible until you stop the slideshow and then start it up again. Microsoft says that if the Recordings folder in Windows XP Media Center is encrypted, you may have problems when you try to record a TV show. The audio and video may stop, although when you close the Media Center you see a message that the show is being recorded. If you start up the Media Center again, you may see this error message: Video Error: Some of the files needed to display… Microsoft says to go to the Recordings (it should be \Documents and Settings\All Users\Documents\Recorded TV) folder using Windows Explorer. Right click the folder, and click Properties. Turn off the Encrypt contents option. Microsoft Windows XP 64-Bit Edition Version 2003 does not support ccelerated Graphics Port (AGP) version 3.5 video adapters. However, they've come up with a hotfix that adds support. If you have one of the adapters, contact Microsoft Technical Support and ask for this hotfix, which is described in Knowledge Base article 833811. Note that you may get charged for this call. Novell has an updated DirXML 1.1 a driver for LDAP. If fixes a problem that kept a connection to an LDAP server from being re-connected if it had been lost due to a time-out or some other problem. Get the update in drldappt3.exe at http://support.novell.com/servlet/tidfinder/2968121. Symantec has updated a number of their products so that they can watch for problems due to the Microsoft Windows ASN.1 parsing library security bug. This includes Symantec Vulnerability Assessment 1.0, Symantec Enterprise Firewall 7.0.x, Symantec VelociRaptor 1.5, and Symantec Enterprise Security Manager. Also, Symantec Norton AntiVirus now looks for possible exploits of this vulnerability.
2/10	Even a virus can have bugs. Some of the inner defects in MyDoom.A and MyDoom.B have been fixed, and there is a new version of the virus, MyDoom.C that is out there. Make sure to keep your AV signatures up-to-date, and don't open strange email attachments. A story in ZDNet UK says that Nokia 6310, 6310i, 8910 and 8910i phones with Bluetooth functionality switched on may be susceptible to "bluesnarfing". That's where an attacker may read, modify, or copy a phone's address book and calendar. Accoding to Nokia, these attacks can be prevented if the phone is kept out of "visible mode" while actively searching for other Bluetooth devices. Cell phones from other manufacturers may also be vulnerable. Apple says that if you have a dual-processor Power Mac G5, you might not be able to burn a disk in iDVD 4 if you have selected Best Performance in iDVDs Preferences, General dialog. The alternative would be to select Best Quality instead. If you upgrade to Mac OS X 10.3, and you have an AirPort or AirPort Extreme Base Station, you may not be able to get wireless access via an AOL dial-up or DSL account. According to Apple, you need to contact AOL customer service to get updated AOL software, if you want the wireless connection. Microsoft says a bug in their Virtual PC for the Macintosh 6.0, 6.01, 6.02, and 6.1 have a bug that may cause a security problem. The way that Virtual PC creates temporary files allows an opening for an attacker to run their own code with system privileges. One good thing -- this cannot be done remotely. The attacker needs a valid logon account on the local system. There are updates available at http://www.microsoft.com/technet/security/bulletin/ms04-005.asp. Microsoft credits George Gal of @stake for finding this bug. Microsoft says there is a bug in the Windows Internet Naming Service, or WINS, on Windows NT® Server 4.0 Service Pack 6a, Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6, Windows 2000 Server Service Pack 2, Windows 2000 Server Service Pack 3, Windows 2000 Server Service Pack 4, Windows Server 2003, and Windows Server 2003 64-Bit Edition. While the exact vulnerability differs slightly on each version of Windows, there may be denial of service attacks or the possibility of attackers running their own code. Note that WINS is not running by default on these systems. If you do have it running, get the update for your version at http://www.microsoft.com/technet/security/bulletin/ms04-006.asp. Since its release on 2/9/04, Microsoft has updated Security Bulletin MS04-004 four times as of 2/9/04. However, all of the updates are in the documentation, except that they also Switched file version and name columns for pngfilt.dll in Internet Explorer 5.01 SP2 section of Security Update Information. If you installed the patch, you won't have to do it again because of these four updates.
2/9	Iomega has an update for any of their products that use Active Disk, IomegaWare, Iomega HotBurn or HotBurn Pro. Their Iomega App Services patch will fix a memory allocation bug that was causing Blue Screen of Death errors that referred to iomdisk.sys. Get the update at http://www.iomega.com/software/appservices.html. Apple has updated their Bluetooth Software. The new version 1.5 will allow you to print to supported Bluetooth-enabled printers. It should also work to link Bluetooth-enabled headsets with iChat AV 2.1. Get it at links http://docs.info.apple.com/article.html?artnum=120276. Iomega released a firmware update for their Super DVD 4x, for use on Wndows 98/ME/2000/XP. They say this update will improve compatibility between the drive and industry media. Get it at http://www.iomega.com/software/superdvdfirmware.html. Microsoft says the default setting for the Remote Procedure Call (RPC) timeout for Active Directory replication is five minutes in Windows Server 2003. In many cases, this will be too short (in Windows 2000 Server, the default is 45 minutes) and the replication won't complete. Instead, you may see this error message in the log: Event Category: DS RPC Client Event ID: 1232 Computer: Inbound_Domain_Controller Description: Active Directory attempted to perform a remote procedure call (RPC) to the following server. The call timed out and was canceled. There are two workaround. Either increase your bandwidth so that the replication finishes in five minutes, or edit your Registry to increase the time limit. Instructions on the Registry edit are at http://support.microsoft.com/?kbid=830746. Microsoft says that after 12/16/2003, the size of the Office XP Service Pack 2 that's available on the Office Update web site grew much larger in size. That's because they turned it into a full-file version that's much bigger. If you want the earlier, smaller download, go to http://www.microsoft.com/downloads/details.aspx?FamilyID=1a8ce553-ab76-4a63-99da-b4ed914c1514&displaylang=en. There's a chance that you will have errors after installing this. Microsoft says if that's the case, you'll need the full-file version. Microsoft says you won't be able to install their Office XP Web Services Toolkit 2.0 on a Windows 2000 computer that has Service Pack 4. The toolkit came before the service pack, and Microsoft says it doesn't recognize Windows 2000 SP-4 as a valid operating system. As of now, there is no workaround. Microsoft says that Outlook 2000 won't import data directly from Best Software Act! 2000, since it doesn't recognize the Act database. If you want to import, you must first export your data from Act into a supported database format, and then import the intermediate product into Outlook. See http://support.microsoft.com/?kbid=832567 for details.
2/8	Apple has released Safari 1.2. According to Apple, they have increased Safari's support for web standards, which should mean the browser has greater compatibility with web sites and web applications. It also supports Java 1.4.2 so that websites that use LiveConnect should work. There is also full keyboard access for navigation. Get the update at http://docs.info.apple.com/article.html?artnum=120311. Apple says that after you have installed the Java 1.4.2 Update, neither Jboss or Tomcat may start. They also say that the Server Manager application nor Console will give you any clue why. The reason is that the JBoss server's run script is hardcoded for Java 1.4.1. Apple now has an update that will allow these two to work with Java 1.4.2. Get it at http://docs.info.apple.com/article.html?artnum=120310. Cisco says that a problem in how layer 2 frames are handled in layer 3 packets may give the opportunity for denial of service attacks against the following Cisco products: Cisco 6000/6500/7600 series systems with MSFC2 and a FlexWAN or OSM module; Cisco 6000/6500/7600 series systems with MSFC2 that are running 12.1(8b)E14. There is no workaround. You need a software upgrade instead. See http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml for your upgrade status. Microsoft says that if you try to play MechWarrior 4: Mercenaries with the retail drivers for the ASUS V2740 video adapter, you may not see the correct textues during game play. Microsoft says to fix this by getting the latest driver at http://www.intel.com/. Microsoft says that if you have a video card with a 3DLabs Permedia 2 Chipset, you may have problems playing MechWarrior 4:Mercenaries. You may end up with some "graphic irregularities." Cure these by going to 3Dlabs at http://www.3dlabs.com/ to get the latest drivers. Symantec says they have upgraded their Symantec Vulnerability Assessment 1.0 tool so that it now checks for three additional vulnerabilities. These are the: Microsoft Internet Explorer Window.MoveBy/Method Caching Mouse Click Event Hijacking Vulnerability; Microsoft Internet Explorer BackToFramedJPU Cross-Domain Policy Vulnerability; and the Multiple Browser URI Display Obfuscation Weakness. You can upgrade via LiveUpdate.
2/7	According to Microsoft, Windows Media Player 9 for Windows 2000/XP/Server 2003 uses lots of CPU resources when it manages script commands. If you are playing back content in Media Player that uses lots of script commands, which Microsoft defines as two or more per second, Media Player may end up using up 100 percent of the available CPU time. You can fix this by getting the Windows Media Player update at http://support.microsoft.com/?kbid=832732. Apple says that iMovie 3 will not be able to import or play clips from a DV camera to a Power Mac G4 Cube, if there aren't any speakers connected to the computer. It doesn't matter if they are the original speakers that came with the computer, or some other USB speakers. You need to hook some up for iMovie. Apple says that the first time you open iPhoto 4 on a Mac OS X 10.2.6 or 10.2.8 computer, it will update your library. During the update, iPhoto may crash. If you open iPhoto again, it may crash again. Apple says this can be fixed either by restarting the computer, or by the more roundabout fix of updating the iPhoto library, quitting and reopening iPhoto an additional time before logging in as another user. (The restart seems faster.) Check Point says that there is a bug in their VPN-1/FireWall-1 NG and above FireWall-1 HTTP Security Servers that may cause the server to crash. After the crash, they say there is the potential for a security breach. A configuration change will solve this problem. See the details at http://www.checkpoint.com/techsupport/alerts/security_server.html. If you install Microsoft Windows Media Player 9 on a Windows 2000 computer, you may have problems running any third-party CD burning software. That's because Windows Media Player installs the Roxio CD Burning Plug-In, which may interfere with the other software. If you haven't yet installed Media Player, you can block the installation of the plug-in. If it is already there, then you will need to remove the plug-in. Details for doing both are at http://support.microsoft.com/?kbid=831158. Once you install an expansion pack for Microsoft Zoo Tycoon, such as the Zoo Tycoon: Complete Collection, Zoo Tycoon: Dinosaur Digs Expansion Pack, or the Zoo Tycoon: Marine Mania Expansion Pack, you won't be able to start the game using the original Zoo Tycoon CD. Instead, you will see an error message saying to install the expansion CD. Microsoft says that’s the way they designed it, so switch to the expansion pack for game start-up. If you are playing Microsoft Halo: Combat Evolved, and game performance seems slow, the first thing to do is check to make sure your computer meets Halo's minimum system requirements. If those are OK, then download the Halo update, which may give you a performance boost. The update is at http://www.microsoft.com/games/halo/downloads.asp. Netgear says that because of some configuration changes, their customers who use BellSouth as their ISP have had connection problems with the MR814 802.11b Cable/DSL Wireless Router, the DG814 DSL Modem Internet Gateway, and the RP614 4-Port Cable/DSL Router with 10/100 Mbps Switch. They have a beta version of a fix for the last product available at http://www.netgear.com/support/support_details.asp?dnldID=556, and hope to have the others patched soon.
2/6	RealNetworks says that three separate bugs open up security holes in a number of their products, including RealOne Player, RealOne Player v2 (all languages), RealPlayer 8 (all language versions), RealPlayer 10 Beta (English only), and RealOne Enterprise Desktop or RealPlayer Enterprise. Many of these bugs cut across platforms, too. To get the exact picture of which ones are affected, and to download fixes, see http://www.service.real.com/help/faq/security/040123_player/EN/. RealNetworks credits security researchers Jouko Pynnönen and Mark Litchfield for finding these problems.
2/5	If you are running Microsoft Word 2002 on a Windows XP computer, be careful of documents that have attached templates. What you need to be careful about is to make sure the template doesn't get deleted, moved or renamed. If you do, any of the associated Word docs may take a long time to open. How long? Microsoft says it could be up to five minutes. It all depends on how big of a drive (or network) Word has to search. If something happens to the template, Microsoft has a number of different workarounds that you can try. See the details of each at http://support.microsoft.com/?kbid=830561.
2/4	If you have an Apple PowerBook G4 computer running Mac OS X 10.3, after you (or an application) changes the display resolution there may be display problems. According to Apple, the screen may turn a solid blue color (Apple's own Blue Screen of Death!) or the computer may crash when looking at full screen Visuals in iTunes. You also may not be able to advance a slideshow in Keynote. For now, Apple has no fixes or workarounds, although they note that this problem won't affect a connected external display. ATI says that if you are using a Windows XP computer with one of their video cards using their CATALYST 4.1 software, and you play Sierra's NASCAR 2003 at a display resolution of 1280x1024 32bpp, you may have display corruption. ATI says this will be fixed in a future CATALYST update. ATI says that if you are using a Windows XP computer with one of their video cards using their CATALYST 4.1 software, you may have problems with Buena Vista Interactive's Tron 2.0. The game may lock up after the introduction. ATI says this will be fixed in a future CATALYST update. Microsoft says that if Office Outlook 2003 and Outlook 2000 try to share a mailbox, it may cause problems with Outlook 2000. For instance, if you use Outlook 2003 to open the mailbox or view a shared calendar, and then later use Outlook 2000 for that mailbox, you may not be able to quit Outlook 2000. Instead, you will get stuck on the error message: Please wait while Microsoft Outlook exits. Microsoft has a hotfix for Outlook 2000, that can be applied if you have already installed Office 2000 Service Pack 3. To get the hotfix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 834005. Note that you might get charged for this call. Microsoft says that after upgrading from Windows 2000 Advanced Server to Windows Server 2003, you will have problems running Microsoft Visual J# .NET applications. You may see the error message 'VJ#' is not a supported language. Microsoft says this is because Microsoft .NET Framework version 1.1 is installed during the upgrade, and it doesn't have entries for Visual J# .NET. Microsoft has two alternative fixes for this. See http://support.microsoft.com/?kbid=811123for the details. Microsoft says that after you install the hotfix for the Windows Media Player that is described in Knowledge Base article 828026, you may experience other problems in the Media Player. Some URL script commands will no longer work correctly, and there may be a few instances where the installer can grab 100 percent of the CPU time. Microsoft has a new fix to take care of the problems of the previous fix. You can find this new fix at http://support.microsoft.com/?kbid=832353. NVIDIA says users of their NVDVD 2.55 on a Windows XP Media Center Edition 2004 need a registry fix. Without the fix, the DVD video may not display correctly. Get the fix at http://download.nvidia.com/downloads/NVDVD/2.55/mce2004patch.reg. Red Hat says that the NetPBM package for Red Hat Enterprise Linux 2.1 and 3 has a number of temporary file vulnerabilities. Because of these bugs, one local user may be able to overwrite or create files as a different user. Go to https://rhn.redhat.com/errata/RHSA-2004-031.html for information on the fixed package.
2/3	Microsoft released a cumulative security update for Internet Explorer 5.01, 5.5, and 6.0. This was released earlier than in Microsoft's new, once-a-month security release schedule, and was marked as a critical update. It includes all the previous fixes for IE, and also takes care of three new ones: a cross-domain security risk that would pass data between different web sites; a bug that may allow a file to be saved on your computer without your knowledge, just by clicking a link; and a bug in the way that special characters are parsed in a URL. This fix helps counteract some of the doom voiced in the 1/30/2004 BugBlog, in InfoWorld, and other places. You can get the update at http://www.microsoft.com/technet/security/bulletin/ms04-004.asp. Apple says that when using the Activity Monitor, you may see that an application's name may appear twice, and it may also have the wrong process identification number, or PID. If this happens, Apple just says to chill out (hey, you are an Apple user, so you are cool already) because this doesn't affect your system's performance or behavior. Just ignore it. Cisco says that the buffer overrun documented by Microsoft in their security bulletin MS03-049, will affect the following Cisco products that are using Windows 2000: Cisco CallManager; Cisco Building Broadband Service Manager (BBSM) Version 5.2; HotSpot 1.0; Cisco Customer Response Application Server (CRA); Cisco Personal Assistant (PA); Cisco Conference Connection (CCC); Cisco Emergency Responder (CER); Cisco IP Call Center Express (IPCC Express); Cisco Internet Service Node (ISN). Because of the bug, these products are vulnerable to denial of service attacks. They will get fixed by applying Microsoft's patch to Windows 2000. Get the patch at http://www.microsoft.com/technet/security/bulletin/MS03-049.asp. Microsoft's security bulletin MS04-003, about buffer overruns in MDAC, has been updated. The update makes some changes into the suggested workaround for the vulnerability, and some changes in the command line switches during installation. Novell says that users of the Novell Client 4.83 on Windows 2000 were having problems if they had Terminal Server installed, as well as Citrix MetaFrame XPe with FR2 installed. If they were running a published app from Citrix, while configured for an Anonymous Terminal Server login, they would be getting error messages about not having access to a mapped drive. This has been fixed in the Novell Client 4.83 Support Pack 3. Novell says that users of the Novell Client 4.83 for Windows NT/2000/XP, who are also running Symantec pcAnywhere, may see this error message: "The Logon User Interface DLL NWGINA.DLL failed to load" Although sometimes this problem is caused when pcAnywhere is not configured correctly to chain to NWGINA.DLL, the error was still happening even with the correct configuration. Novell says this has been fixed in the Client 4.83 Support Pack 3, and also in the Novell Client 4.90. Red Hat has an update for the Red Hat Cluster Manager for their Enterprise Linux 3. The update fixes some internationalization bugs, some problems with split-brain behavior, and fixes a bug where services were not failing over when the lock master (lowest-ordered member) reboots in the middle of a lock write. You can get the update details at https://rhn.redhat.com/errata/RHBA-2003-331.html.
2/2	Microsoft says that cumulative patch MS03-015 for Internet Explorer 6.01 SP1 may break the automatic image resizing feature in IE. This means that oversized JPEG images might appear distorted. Microsoft has a hotfix to fix this patch. You can either wait for the next service pack or cumulative patch that might hold this fix, or you can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 828682. Note that you might get charged for this call. You can also just turn off this feature. In IE, click Tools, Internet Options. Go to the Advanced tab. In the Multimedia area, turn off the Enable Automatic Image Resizing check box. Apple has updated the AirPort Extreme Firmware. The new version 5.3 is now compatible with the Wi-Fi Protected Access (WPA) specification for the AirPort Extreme base station. It also includes better USB printing performance, and better performance between wired and wireless clients. You can get the update at http://docs.info.apple.com/article.html?artnum=120305. However, note that it is not for the original (Graphite) or the Dual Ethernet (Snow) base stations. Macromedia has a patch for the ColdFusion MX 6.1 Enterprise Edition and the ColdFusion MX 6.1 J2EE. They say that Java sandbox security can be compromised by Java objects constructed in certain ways. They also say that there is no external threat from this bug, but that programmers in a shared, hosted environment may be at risk. The patch is at http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html. Mandrake has an update for the gaim instant messenger program for Mandrake Linux 9.1 and 9.2. This update fixes multiple buffer overflows in gaim 0.75 and earlier. The first version of this patch had a bug that may cause an infinite loop when used with the Yahoo IM protocol. The information on the revised patch is at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:006-1 Microsoft says that if you have an HP Itanium II computer running Windows Server 2003 64-bit DataCenter or Enterprise Edition, you might find that you can't get your computer to start. Microsoft has a hotfix for this, so if you find yourself with a dead Itanium, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 833272. If a user tries to change their Windows password in Microsoft Outlook on a Windows Server 2003 based network, they will not be able to change their domain passwords if they are not logged on to the domain. Microsoft has a hotfix, which is for domain controllers only. If you need this fix right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 822986. Otherwise, wait for a future Windows Server 2003 Service Pack. PalmOne has an update for the Windows version of the Palm Desktop. The HotSync Manager Update 4.1 is for Zire 21, Tungsten E, and Tungsten T3 models. It fixes a problem with some third-party conduit developers that may lead to a notice in the HotSync log that one of the conduits may have failed. Get the update at http://www.palmone.com/us/support/downloads/HSMUpdate41.html.
2/1	Macromedia says that a denial of service attack can be mounted against a ColdFusion MX 6.1 or MX 6.1 J2EE server, if the attacker creates a request that has a large number of form fields in it. Macromedia has a patch for this. Get the patch and installation instructions at http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html.
1/30	An article in InfoWorld, at http://www.infoworld.com/article/04/01/28/HNiehole_1.html, theorizes how you can link some previously announced vulnerabilities in Microsoft Internet Explorer, and create a worm or virus with a "devastating" impact. One workaround you might consider -- start using Mozilla as your browser. If you have an Apple iBook with a serial number between UV220XXXXXX to UV318XXXXXX, and it was manufactured between May 2002 and April 2003, you may have a fix coming. Problems with a logic board may cause video problems that would include scrambled, distorted, or frozen video, or lines on the screen. You will need to consult with either Apple technical support or an authorized Apple service provider if you are having problems. ATI says that if you have one of the video cards with their CATALYST 4.1 software on a Windows XP computer, and you log on as an administrator and then do a fast user switch to a non-administrator user, you may get display corruption when using WinDVD 4 or 5 to view a DVD. ATI says this will get fixed in a future version of CATALYST. Microsoft says that some media formats, like AVI or MPEG, may have some problems performing optimally in Microsoft Windows Media Player 9 Series on Windows ME/2000/XP/Server 2003. Specifically, every other item in a playlist might have bad performance, because every second item uses the hardware buffer to render video. These problems do not affect Windows Media video files. (Is it because only Microsoft knows the secret way to get the files to play correctly on their player? The job's not done till QuickTime won't run.) Microsoft says that some third-party download managers (they cite Download Express and GetRight) may interfere when you try to use the Microsoft Baseline Security Analyzer to download the Mssecure.cab Security Update. Instead, you may get this error message: "No such interface supported. (0x80004002)" Microsoft says you will need to get rid of the download managers before doing the download. The Baseline Security Analyzer is used with Windows 2000/XP/Server 2003. When you are using Microsoft Project Professional 2003 with the Microsoft Project Server set with the Locked down actuals option turned on, you may not be able to save a milestone as 100 percent completed. Instead, you may see this error message: Your action may result in actuals in this project becoming out of synch with the actuals updated from timesheets. This has been fixed in the 12/17/2003 hotfix for Microsoft Project. Get the fix at http://support.microsoft.com/?kbid=832887. Novell has fixed a bug in the Novell Account Management 3.0 Manager. Without this fix, sometimes an invalid search object may exist that will cause some users or groups to be dropped from the census. Fix this with the patch in nam30cm1.exe found at http://support.novell.com/servlet/tidfinder/2967982.