BugBlog Home
BJK Research Home
BJK Research Home

BugBlog Plus Archives
Current month
Nov 06 by company
Nov 06 by date
Oct 06 by company
Oct 06 by date
Sep 06 by company
Sep 06 by date
Aug 06 by company
Aug 06 by date
July 06 by date
June 06 by date
May 06 by date
Apr 06 by date
Mar 06 by date
Feb 06 by date
Jan 06 by date
Jan 06 by company
Dec 05 by date
Dec 05 by company
Nov 05 by date
Oct 05 by date
Sept 05 by date
Aug 05 by date
July 05 by date
June 05 by date
June 05 by company
May 05 by date
May 05 by company
Apr 05 by date
Apr 05 by company
Mar 05 by date
Mar 05 by company
Feb 05 by date
Feb 05 by company
Jan 05 by date
Jan 05 by company
Dec 04
Dec 04 by company
Nov 04
Oct 04
Sept 04 by date
XP SP 2
Aug 04 by company
Aug 04 by date
Jul 04 by company
Jul 04 by date
June 04 by company
June 04 by date
May 04 by company
May 04 by date
Apr 04 by company
Apr 04 by date
Mar 04 by company
Mar 04 by date
Feb 04 by company
Feb 04 by date
Jan 04 by company
Jan 04 by date
Dec 03 by company
Dec 03 by date
Nov 03 by date
Nov 03 by company

 

Jump to the BugBlog archives (October 03 and earlier are public archives)

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

 

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Blogcritics

BugBlog

Subscription portion of the BugBlog. The first bug of the day listed is always the free bug available to non-subscribers, followed by the subscription-only bugs

 

1/31/2006 Get the Bugs Out of Your iPod

Apple has a new iPod Updater available. The new versions are new iPod Software 1.1 for iPod nano, new iPod Software 1.2.1 for iPod with color display, new iPod Software 1.4.1 for iPod mini, and new iPod Software 3.1.1 for iPod with Click Wheel. This upgrade has a number of unspecified (by Apple) bug fixes, and it also supports the iPod Radio Remote for iPod with video and iPod nano. Get it at http://www.apple.com/support/downloads/ipodupdater20060110.html.

According to Adobe, Macromedia Dreamweaver 8 is compatible with these versions of ColdFusion: MX 7.0.1, 7.0 and 6.1. However, the newest features of Dreamweaver 8 may only work if you are on a ColdFusion 7 server. When it comes to PHP, Dreamweaver 8 will work with PHP 4.3.x and 5.0.x running on Apache on Windows, Macintosh and Linux. The only database that will work with the Dreamweaver PHP server model is MySQL.

According to Adobe, if you import some Microsoft Word documents into InDesign CS 2, and there document contain some Central European languages (they mention Slovenian, Estonian, Lithuanian and Latvian, but don't indicate if that is the complete list), the document may still get formatted as English, and English will get listed as the default language. Adobe is working on a fix. Keep an eye on http://www.adobe.com/support/techdocs/331796.html for news of an update.

Apple says that if you have a third-party Firewall, or the builtin Mac OS X Firewall, on a Mac that is using AirTunes to stream music out to multiple AirPort Express units, you need to make sure UDP traffic is not blocked. If UDP is not permitted, then you will have no music, and you will see this error message in iTunes An error occurred while connecting to the remote speaker 'speaker_name'. An unknown error occurred (-3256). See http://docs.info.apple.com/article.html?artnum=303157 for information on how to change the Mac Firewall configuration. You may have to read the manual for a third-party router.

Microsoft Office 2003 applications may have compatibility problems with multipage scanners. According to Microsoft, your Office document may not be able to acquire the scanned images. (In other words, never the twain shall meet.) Microsoft has an Office 2003 post-Service Pack 2 hotfix that will fix this. If you have such a scanner and are having this problem, see http://support.microsoft.com/kb/912819 for details on how to get the fix.

There is a critical bug in Nullsoft Winamp 5.12 and earlier that may allow remote attackers to run their own code on an affected computer. The bug happens in the way that Winamp deals with filenames that include a computer name. Exploits that can be used to attack this vulnerability are available. This has been fixed in Winamp 5.13. Get it at http://www.winamp.com/player/.

1/30/2006 Black and White Turns Gray in Office 2003

Printing out a black and white image from a Microsoft Office 2003 Service Pack 2 application may not work correctly. According to Microsoft, some printers may print the white color as a light gray. They don't list which printers are affected, but presumably you will know if you see it. Microsoft has a hotfix for this, which will be in a future service pack. If you are affected, see http://support.microsoft.com/kb/913164 for information on how to get it sooner.

Adobe has a list of those databases that have been tested to be compatible with Macromedia Dreamweaver 8. They are: Microsoft Access 2000, 2002 and 2003 on Windows; Microsoft SQL Server 2000 on Windows; MySQL 4.0 on Windows; MySQL 4.0.21 on RedHat Linux; MySQL 4.1.7 on Windows; Oracle 9i on Windows; Oracle 10g on Windows.

If you try to convert Microsoft Word, Excel, or Publisher files to an Adobe PDF document by right-clicking, you may see this error message: Missing PDFMaker files. According to Adobe, this usually happens after there has been an automatic check for updates to either Acrobat, Office, or Windows. To fix it, take Adobe PDF off the list of Disabled Items in the Office application. See the details at http://www.adobe.com/support/techdocs/329044.html.

When using Apple iDVD 6 to burn a DVD, make sure any buttons you use fall inside the standard TV viewing area, which is a 4:3 rectangle. Apple says to do this even if you are making a widescreen (16:9) project. Otherwise, you may see this error message
Errors were found during the burning process...The error #-34502 was reported.

If you use Microsoft Office 2003 or Office XP, an upgrade is in your future. It's not because of a bug or a security problem, but because of a patent dispute. Some of the code that governs how Microsoft Access works with Excel violates a third-party patent. Microsoft has to cough up some money to the inventor, and roll out patches for the existing products. There is no threat, like there is with Blackberries, that users will have to stop using the offending products. Read more at http://news.zdnet.com/2100-3513_22-6032870.html.

According to US-CERT, another vulnerability has been found in the ActiveX technology of Microsoft Internet Explorer. In this case, IE doesn't correctly check the kill bit for ActiveX controls. This may allow remote attackers to gain access to your system. The good news is that a previous security fix from Microsoft, MS05-054, also takes care of this problem. This bulletin is at http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx.

 

1/28/2006 Possible Bug Drains Some Laptop Batteries

An article at Tom's Hardware Guide says that their testing shows that a possible bug in the Microsoft's ACPI driver may lead to a power drain when plugging a USB 2.0 device into a laptop computer with Intel Core Duo mobile processor platform. These devices have not been getting the battery life that Intel originally touted. There's still lots of undisclosed information in the story at http://www.tgdaily.com/2006/01/28/toms_hardware_uncovers_power_drain_issue/, which says that a still private Microsoft Knowledge Base article KB899179 may have the information on this problem, which dates back to July, 2005.

When running Adobe Photoshop CS2 on an Apple Mac OS X 10.4.x computer where you are logged on as a Standard User, if you give the File, Browse command, you may see this error message
Error 2: Photoshop is undefined. Line:1 - photoshop.invokeBridge (false, false)".
Fix this by installing the Adobe Library 1 Update for Bridge Scripts and the Adobe Photoshop Services Update. See how at http://www.adobe.com/support/techdocs/332128.html.

The Federal Trade Commission has released their Top Ten list of consumer complaints for 2005. Complaints about identity theft got the top spot, with 37 percent of the complaints about that. Number 2 on the list are the foreigh money offers. (Really, now, has anyone really gone into business with those Nigerian widows, orphans or deposed bankers?) Read the whole list at http://www.ftc.gov/opa/2006/01/topten.htm.

Microsoft has updated their article that explains how to trouble-shoot a wireless network connection on a Windows XP Service Pack 2 computer. If you are having wireless problems, this article may be a good place to start when looking for a fix. See it at http://support.microsoft.com/kb/870702.

If you have more than one network adapter on a Windows XP Service Pack 2 computer (such as both a wired and wireless network adapter), the Windows Firewall may get somewhat confused and drop Internet Control Message Protocol (ICMP) packets. This only happens if an ICMP echo request comes in to one network adapter, and the IP address for this packet is the other adapter. If you use ICMP on a computer with two adapters, you may want to get the hotfix from Microsoft that takes care of this problem. See the details at http://support.microsoft.com/kb/907717.

In Windows XP, if you try to install an unsigned (untested) driver, the OS will complain, but you can override the complaint and install the driver anyway. According to reports, you won't have that option on the next version of Windows, Windows Vista. You won't be able to load kernel-mode software if it doesn't have a digital signature. This should help prevent the spread of rootkits -- on the other hand it will also prevent you from using some old legacy hardware with a new Windows Vista computer. There's more at http://www.eweek.com/article2/0,1895,1914966,00.asp.

 

1/25/2006 Intel Macs Won't Do the Classics

Wondering whether your Classic applications will work on the new Intel-based Apple Macs? The answer from Apple is no -- they won't be compatible. Their only advice is to to check with the manufacturer about updates of Classic apps to their Mac OS X versions. (Hey, if you can afford that new Mac, you can afford the software updates, I guess.)

If you have created a webpage with an absolute link to a graphics file, loading the file into Adobe Macromedia 8 may trigger a long pause before the page is rendered in the editing window. This is because of the new way that Dreamweaver treats absolute links. The best way to eliminate this pause, according to Adobe, is to upgrade to Dreamweaver 8.0.1.

Apparently either the editing or technical reviewing process is undergoing some stress at Adobe. (Maybe they are distracted laying off all the people who came over in the Macromedia merger.) They released the Adobe Acrobat 3D Toolkit Help Documentation, and then they had to release a compendium of all the errors in the documentation at http://www.adobe.com/support/techdocs/329947.html. Not only are there quite a few, many of them say "This feature is not available currently."

According to Apple, a Mac OS X Server 10.4.4 will be able to deal with Mac OS X clients that are running on new Intel-based Macs. However, Apple says the server itself must still be on a PowerPC -based computer. Keep an eye on http://docs.info.apple.com/article.html?artnum=303127 for updates.

If you have upgraded to the ATI Multimedia Center 9.13 on a Windows XP Media Center computer, you may get a burst of static if you switch from UTV to Component/S-Video and back again. Also, if you start a UTV session and then turn on Picture-In-Picture, you may not be able to change the main TV channel. ATI is working on fixes for these bugs.

A security problem at the LiveJournal Web log service left almost 900,000 LiveJournal blogs open to hackers. There have been almost 9 million registered accounts at LiveJournal, and about 2 million of those are active, so a significant percentage were compromised. LiveJournal has made configuration changes to counteract this. Read the details at http://www.computerworld.com/securitytopics/security/story/0,10801,107940,00.html

If you have a Windows XP Media Center Edition computer with an ATI graphics card running the ATI Multimedia Center, if you output device is an Apple Cinema Display, all you may get is a blank screen if you try to play a DVD using the ATI DVD player. According to ATI, this has been fixed in their Multimedia Center 9.13.

If you've wanted to use the Microsoft Windows User State Migration Tool but have felt left out because it didn't support x64-based Windows XP, you are in luck. The new version 2.6.1 does support 64-bit computers. Find out more about the updated tool at http://support.microsoft.com/?kbid=911814.

If you are using a Remote Desktop Connection to run a program on a another Windows XP computer, you may find that the wrong program runs. Microsoft says to avoid the error you should type the full path to the program in quotation marks.

According to PopTop Software, their patch 1.04 for RailRoad Tycoon III let in a bug that may cause the game to crash when played in multiuser mode. They have fixed that bug in the 1.05 update. It also fixes a bug that caused trains to run real slowly as they came near stations.

Red Hat has released a Critical Update for the kdelibs package for Red Hat Enterprise Linux 4. This update fixes a heap overflow bug that a remote attacker could use to run their code on your computer via a maliciously-designed website. Get the update at https://rhn.redhat.com/errata/RHSA-2006-0184.html.

1/24/2006 More Music CDs With Problems

Music CDs with DRM (digital rights management) software that opens up dangerous security holes on your computer are not llimited to those from Sony BMG. Sony actually used third-party software from two different companies, and one of the companies, SunComm, has released lists of affected CDs. There are a number of other labels and artists affected. The Electronic Frontier Foundation has links to the list, and will probably have further updates, at http://www.eff.org/deeplinks/archives/004339.php.

If your ISP is satellite-based, you may have some problems with an Apple Mac OS X 10.4 computer when it is time to use Software Update. The update may not work, and you may see this error message
bad server response -1011.
Apple says you will need to drage some Software Update Cache files to the Trash. See http://docs.info.apple.com/article.html?artnum=302017 for the details.

If you got an unsolicited email that promised you a look at the Kama Sutra, or some other sexual content, I'm sure you would delete it right away. You would do that even if you didn't know that one of the latest email worms, the W32/Nyxem-E, is using that as a lure to get you to open the malware. This worm even tries to disable antivirus and firewall software.

In IBM Lotus Notes 6.5.4 and 7.0.x, if you have a large Domino (names.nsf) directory, when you select a names to add to a TeamRoom Profile list, you may get an error message
The results of the computation cannot exceed 65535 bytes
or
Field is too large (32k) or view's column & selection formulas are too large.IBM says they have fixed this in Notes 6.5.5, and is being worked on in Notes 7.0.x.

The 1/14 BugBlog Plus reported that security researcher Steve Gibson claimed that the Microsoft WMF bug was really a back-door put deliberately in place by someone. These charges are examined in detail by Mark Russinovich at the Systernals blog, and he appears to have pretty conclusively debunked the claims. (Or as they say on a certain TV show -- this myth is busted.)

An email message that you forward in Microsoft Outlook 2003 may go out with multiple signatures. This may happen if you have one signature that you have created to use with new email messages, and another sig that you use for reply to or forwarded messages. Then if you use Rich Text formatting when you Compose a message, and you forward more than one email message at the same time, the extra signatures may get added. See how to avoid this at http://support.microsoft.com/kb/913269.

 

1/23/2006 Patience Needed When Accessing CD Drive

Microsoft points out that when you put a CD or a DVD into the drive of a Windows XP Media Center Edition computer, it may take at least ten seconds before you can do anything with the disk (view it in Windows Explorer or My Computer, or access its contents). That's because the disk first has to spin up to speed, then Windows has to figure out its contents, and determine what is there. Only then will you be able to use the CD. (Note that on the BugBlog's HP Media Center computer, it is often closer to 15 seconds.) See http://support.microsoft.com/kb/911815 for the details.

Adobe says that if you cancel the update of Adobe Macromedia Dreamweaver 8.0 to 8.01 during the part of the update process where the message says "transferring new files", you may get stuck at the old 8.0 version, but you won't be able to run the Updater again. The only workaround to that is to uninstall Dreamweaver 8.0, then re-install it and then run the update again.

When you update Adobe Macromedia Dreamweaver 8.0 to 8.01, Adobe says that you should take the precaution of backing up your site definitions. To see how, go to http://www.macromedia.com/devnet/dreamweaver/articles/site_definitions.html. On the other hand, Adobe says you don't have to worry about your actual website files. The update process doesn't have anything to do with them.

Security researchers at iDefense say that a bug in Computer Associates iTechnology iGateway Service may allow an opening for a remote attacker to sneak bad data onto a server and cause a buffer overflow. This will enable the attacker to run their own code at the system level. Computer Associates has a patch available at http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778. You can read the details from iDefense at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376.

If you are trying to run Microsoft Office Outlook 2003 on a computer running Microsoft Terminal Services, you may have problems when you start Outlook or when you try to open or import a personal folder (.pst). Outlook may crash, and in your Application log you will see an Event ID 1000 error. Microsoft says to avoid this, you may have to edit the Boot.ini file on the computer running Terminal Services. Go to http://support.microsoft.com/kb/912805 to see the details.

If you are an Oracle database administrator, here's something new to worry about. A security expert is claiming that it will be very easy to construct an Oracle database rootkit, and they may soon become as common as rootkit on Windows systems. Read more at http://www.eweek.com/article2/0,1895,1914465,00.asp.

 

1/21/2006 Power Icon May Be Missing in Windows XP

If Universal Plug and Play is enabled on a Windows XP computer, it may prevent the power icon from being displayed on the taskbar, even if you have configure the Always Show option in your Power Options. One way to get it to show up is to restart your computer. If that doesn't work, try the configuration steps at http://support.microsoft.com/kb/555555.

Apple says that after you upgrade your iDisk storage to greater than 3.5 GB on a Mac OS X 10.4.x computer, or 2 GB on OS X 10.3.x, you may not be able to synchronize iDisk content with .Mac. Instead you will see this error message
Creating the iDisk on your computer failed (Not enough free space)…
Apple has some workarounds for this at http://docs.info.apple.com/article.html?artnum=303104.

Security researchers at iDefense have found a bug in EMC Legato NetWorker that may allow remote attackers to run their on code on Windows computers running the software. This is due to a heap overflow in the way that bad RPC requests are handled. EMC has a fix for this at http://www.legato.com/support/websupport/product_alerts/011606_NW.htm.

Every once in a while, Microsoft Windows Media Player 10 may get stuck as a button on the taskbar, with the maximize or restore commands not working. One way to get it unstuck is to right-click the taskbar icon, and click Move. Press the left and up keyboard buttons until Windows Media Player breaks free and shows up in a window.

According to Microsoft, you won't be able to print an EMF file that is 2 GB in size (or larger) in either Windows XP or Windows Server 2003. For 99.9 percent of you, that's not a problem. If for some reason you do need to print out something so big, you are going to need a hotfix from Microsoft. They tell you how to get it at http://support.microsoft.com/kb/904563.

Red Hat has a kernel update for Red Hat Enterprise Linux 3. It fixes a number of security bugs, including a number that may let users on a network to launch denial of service attacks via network IGMP processing, remap_page_range(), procfs or other functions. Get the update at https://rhn.redhat.com/errata/RHSA-2006-0140.html.

1/20/2006 Bugs in F-Secure AV

A couple of bugs have been found in most versions of F-Secure's antivirus and Internet security product lines. One is a buffer overflow that may allow a remote attacker to run their code on your computer. The second may enable other hostile content to remain undetected. F-Secure has the complete list of affected products, and patch information, at http://www.f-secure.com/security/fsc-2006-1.shtml. F-Secure credits Thierry Zoller for finding the bugs.

1/19/2006 Cisco IOS Has Denial of Service Bug

Cisco says that any of their devices running IOS and with the Cisco IOS Stack Group Bidding Protocol (SGBP) feature turned on may be vulnerable to a remote denial of service attack. This feature is turned on via a global IOS command, which causes the hardware to listen on port 9900. Cisco has updates available for the different versions of IOS. Find out more at http://www.cisco.com/en/US/products/products_security_advisory09186a00805e8a63.shtml.

1/18/2006 AOL Picture Service Has Critical Bug

US-CERT says that the America Online You've Got Pictures service has a buffer overflow bug that may allow a remote attacker to take over your computer. The bug is actually in AOL YGP Picture Finder Tool ActiveX Control (a bad ActiveX control, that's a real surprise) that is in AOL 8.0, 8.0 Plus, and 9.0 Classic. It has been fixed in AOL 9.0 Optimized and AOL 9.0 Security Edition. There is also a hotfix available at http://download.newaol.com/security/YGPClean.exe.

In the Windows version of Adobe Macromedia 8, if a file has never been put on the remote server, then Dreamweaver will get confused and think that both the local and the testing server versions of this file have been changed. This has been fixed in the Dreamweaver 8.0.1 update.

In Adobe Macromedia Dreamweaver 8, when you save changes to a file on an offline mapped network drive, a bug may cause you to see the error message The parameter is incorrect. (Take it from the BugBlog -- lots of things generate this message in Dreamweaver, not just this bug.)

Apple has fixed a number of bugs in the Mail Services in the upgrade of Mac OS X Server to 10.4.4. Before, a bug was preventing delivery of some email to virtual domains where users had dotted short names. Apple has also fixed some problems with ClamAV, so there is better virus filtering.

Microsoft has reacted to reports of a WiFi security bug in Windows XP by saying that you shouldn't expect a fix until the next Service Pack is released, which probably won't be till 2007. However, it appears that a firewall will counteract any loss of security by this bug. Read more at http://news.com.com/2100-1002_3-6028275.html.

Try to print out a shared user's calendar in Microsoft Outlook 2003, using the Daily Style, and you may see this error message The messaging interface has returned an unknown error. If the problem persists, restart Outlook. Microsoft has two workarounds for this. The first is to disable the TaskPad option. The second is to update the user permissions. Details on both are at http://support.microsoft.com/kb/912803.

There is an incompatibility between Microsoft Internet Explorer 6 and Citrix SpeedScreen, when viewing an image through a Citrix ICA connection. The problem happens when the HTML image tag is nested in an anchor tag, and the anchor tag is nested within an IFRAME tag. Microsoft has a hotfix and a Registry edit to take care of this. Details on both are at http://support.microsoft.com/kb/910561.

Security researchers at iDefense says that there is a heap overflow bug in the Novell Open Enterprise Server Remote Manager. This may allow remote attackers to run their own code on the server. Novell has updates for this. See the details at http://www.novell.com/linux/security/advisories/2006_02_novellnrm.html.

1/17/2006 Thunderbird Attachments Can Be Spoofed

Earlier versions of Mozilla Thunderbird have a bug in the way they handle mail attachments. File extensions could be spoofed, leading a user to inadvertently saving and/or opening a malicious file. Testing at Secunia Research says that versions 1.0.2, 1.0.6, and 1.0.7 are vulnerable. It has been fixed in the new version 1.5.

The Apple Mac OS X 10.4.4 update fixes some incompatibility problems between Apple Safari and some websites. Apple mentions cbsnews.com and Telia Webmail as two of them. It also says a problem that would cause Safari to crash while filling out forms has been fixed.

In Apple Safari, if you click text that is within a nested HTML table cell, the text may disappear. That has been fixed in Safari in the updated Mac OS X 10.4.4.

According to the Microsoft Lifecycle Web site, it doesn't look like Windows XP Service Pack 3 will be released until the second half of 2007. That would put it approximately three years after Windows XP SP2 was released, which is about two years too long. Oh well, we'll just keep applying security patch and hotfix band-aids till then.

Saved files in Microsoft Word 2003 may end up with strange names, if you (or your network) has used Group Policy to redirect where your Application Data folder and My Documents folder are located. If you have selected the Word option to make a local copy of files on network or removable drives, and Save AutoRecover info every: N minutes, you will see a number of files with the name ~XXXX.temp.doc, with the XXXX replaced by letters and numbers generated by Word. If you don't want this to happen, you will need to change your Auto Recovery folder. See how to do that at http://support.microsoft.com/kb/912257.

If there is a lot of traffic on a USB 2.0 hub on a Windows XP computer, and then you try to transfer a large file to a low-speed device that is connected to the hub, you may cause things to screech to a halt. The transfer may fail with an error message, and the other devices hooked up the hub may stop working. Microsoft says the problem is with the data transfer rates. They have a hotfix for this. If you are running into this problem, see how to get the fix at http://support.microsoft.com/kb/908673.

Oracle has released their Critical Patch Update for January, 2006. People who have tried to count what's in here say there are more than 100 separate bug fixes, for most of Oracle's products, including Oracle Database 8,9, and 10, the Enterprise Manager, Application Server, and Collaboration Suite. See what's covered at http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html.

The Internet Storm Center has been notified by FrSIRT that there is an active exploit circulating on the Web that targets a Symantec Veritas NetBackup 5.x bug that was patched in November, 2005. If you haven't patched yet, you should. The exploit may be able to both cause a catastrophic crash to your computer, plus screw up your backup. The original patch is at http://seer.support.veritas.com/docs/279553.htm.

1/16/2006 Standby Button Ignored in Windows Media Center Edition

Once you add the Update Rollup 1 for eHome Infrared Receiver for Windows XP Media Center Edition 2005, you may have a problem with the Media Center Remote control. Pressing the STANDBY button on the remote may not put the computer into standby. Microsoft says that all you need to do is press the STANDBY button one more time - then it should go in to standby. There is a bug in the Hibernation Driver for the Windows XP Media Center that y causes the first button press to be ignored. By the way, Microsoft says that on some remotes, the STANDBY button may be labeled as POWER.

If you are using Apple GarageBand 3 on a Mac OS X 10.3 to 10.3.9 computer, the application may crash if you play a long Apple Lossless file. Apple says this doesn't happen when using Mac OS X 10.4. The message, then, is if you are working on a long rock opera, it may be time to upgrade the OS.

Apple says that sometimes when viewing a PDF file on a Mac OS X 10.4.3 or earlier computer, the colors may be inverted when looked at in Preview. They say they have fixed this bug in Mac OS X 10.4.4.

When opening up a EPS formatted file in a Mac OS X 10.4.3 or earlier application, you may be able to open the file, but soon afterward the application may crash. This bug is fixed in Mac OS X 10.4.4.

When working in Microsoft's WebDAV collaborative environment in a folder on a Windows Server 2003 or Windows XP computer, the current time and date for a file may be shown instead of the last-modified time and date. Microsoft has a hotfix for this. Details on how to ge the fix are at http://support.microsoft.com/kb/909423.

After installing the Microsoft Office Word 2003 post-Service Pack 1 hotfix package released on 4/4/05, you may have problems with tables imported from Windows 2000. If the tables have decimal tab stops that align numbers in a column against the right side, the last digit may get chopped off. Microsoft has a new hotfix to take care of this bug which crept in with the last hotfix. Details on how to get the hotfix, plus a Registry edit that you will also need to do, are at http://support.microsoft.com/kb/911659.

Mozilla says that spell-checking is not working with Cyrillic-based dictionaries in Thunderbird 1.5. This will get fixed in a future release. In the meantime, expect some misspellings in your Russian spam.

Sun Microsystems says there is a bug in Solaris 8,9, and 10, in the lpsched(1M) function, that may let a local unprivileged user delete any file or disable the LP service. Sun has a fix for this at http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102033-1. They credit Hiroshi Nakano for finding this bug.

1/14/2006 Problems with the QuickTime Update

Many people who have installed the Apple QuickTime 7.0.4 update are complaining about the problems they are having with it. You can see two extended discussions of this at http://discussions.apple.com/thread.jspa?threadID=310936&tstart=0 and at http://discussions.apple.com/thread.jspa?threadID=309078&tstart=0. Apple has posted a QuickTime 7.0.1 reinstaller if you want to remove the update. It is at http://www.apple.com/support/downloads/quicktime701reinstallerforquicktime704.html. The reason for the update in the first place was to patch numerous security bugs that may allow hostile content to come in via graphics files. There seem to be more complaints about QuickTime for Mac than QuickTime for Windows -- but that may be because Mac users are more likely to go to the Apple Forums. The update originally appeared in the 1/11 BugBlog.

There is considerable debate over whether and how much personal information Apple's new iTunes 6.02 sends back to Apple. It's supposed to be so that Apple can recommend songs based on what you've been playing, but it appears there is personally identifying information being sent back, too. The fear, of course, is that eventually this can be used in a Digital Rights Management scheme. Apple originally didn't disclose anything about this new information transmission. There is some discussion at http://www.boingboing.net/2006/01/11/steve_jobs_apple_dis.html that is ongoing, so check for updates.

Steve Gibson is a security researcher who's done a lot of useful work (such as the Shields Up test). He also has a reputation for being just a bit paranoid. In a podcast at his Security Now! Site, that he does with computer host Leo Laporte, he claims that his research shows that the WMF vulnerability in Windows XP was not just a bug, but a back door that was deliberately put in. You can read his take at http://www.grc.com/sn/SN-022.htm. A response to this claim is on the Microsoft Security Response Center blog at http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx. If you are not sure who to believe, there's a extended discussion of this on Slashdot at http://it.slashdot.org/article.pl?sid=06/01/13/1519204.

Microsoft has quietly announced that they will be extending mainstream support for all versions of Windows XP for two years after the next version of Windows, which is now called Vista, is released. The new version of Windows was originally scheduled to come out quite some time ago, but it now looks like it will be released in 2006. That means XP will be supported (service packs, security releases, bug fixes) through 2008.

After you upgrade to Mozilla Thunderbird 1.5, the Extension Compatibility and Update wizard should appear and check out whatever extensions you may have installed. If it doesn't appear, you should go to Tools, Extension and have the Extension Manager do a manual check. It should also be able to check for updates.

The latest version of PHP has been released. Version 5.1.2 includes a number of security bug fixes, including some fixes for possible cross-site scripting problems and format string vulnerabilities. Get the update at http://www.php.net/.

1/13/2006 Expert Calls Symantec and Kaspersky Flaws Rootkits

Techniques used by Symantec Norton SystemWorks and Kaspersky Anti-Virus to cloak certain files on your computer are really another version of a rootkit, according to Mark Russinovich, the software expert who unveiled the Sony rootkit problem in 2005. The Symantec cloaking technique, covered in the 1/11 BugBlog Plus, protects certain folders from deletion by hiding them. Kaspersky hides some checksum information. Read both sides of the story at http://www.pcworld.com/resource/article/0,aid,124365,pg,1,RSS,RSS,00.asp.

1/12/2006 Thunderbird 1.5 is Flying

Mozilla has released Thunderbird 1.5, the latest update to their email client. As in earlier versions of Thunderbird, they say to make sure to install it into a clean folder, one where an earlier version hasn't been installed. User data (saved emails, passwords, etc) from earlier versions are stored in a separate user profile, so the new installation folder should not be affected. A very extensive bugfix list is at http://weblogs.mozillazine.org/rumblingedge/archives/2006/01/1-5.html.

 

1/11/2006 QuickTime Bug Affects Mac and Windows

A bug in Apple QuickTime for both Mac OS X 10.3.9 or later, and Windows 2000/XP, may allow an attacker to run hostile code on your computer. They can do this via a QTIF image with hidden hostile content that can generate a heap buffer overflow. This has been patched in QuickTime 7.0.4, which you can get via Apple's Software Update or from http://www.apple.com/support/downloads/. Apple credits Varun Uppal for finding this bug.

A bug in Apple QuickTime for both Mac OS X 10.3.9 or later, and Windows 2000/XP, may allow an attacker to run hostile code on your computer. They can do this via a TGA image or a TIFF image with hidden hostile content that can generate a heap buffer overflow. This has been patched in QuickTime 7.0.4, which you can get via Apple's Software Update or from http://www.apple.com/support/downloads/. Apple credits Dejun Meng for finding these bugs

A bug in Apple QuickTime for both Mac OS X 10.3.9 or later, and Windows 2000/XP, may allow an attacker to run hostile code on your computer. They can do this via a GIF image with hidden hostile content that can generate a heap buffer overflow. This has been patched in QuickTime 7.0.4, which you can get via Apple's Software Update or from http://www.apple.com/support/downloads/. Apple credits Karl Lynn of eEye Digital Security for finding this bug..

Apple has released an update for Mac OS X Server 10.4.3. Before you upgrade by installing the new 10.4.4 version, Apple warns that your administrator account password can't have any spaces or option-key combination characters, nor a blank password. If it does, change your password first.

US-CERT has a preliminary report that the Cisco IP Phone 7940 is vulnerable to a denial of service attack, if someone sends a "large amount" of TCP SYN packets to port 80. There is no report from Cisco yet. See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0179 for updates.

A story on ZDNet shows that attacks over instant messaging networks had fast growth in 2005. The MSN IM network had the most attacks, while Yahoo had the fastest growth. Read the whole thing at http://news.zdnet.com/2100-1009_22-6025226.html. Make sure that your AV, firewall, and spyware strategy extends to your IM usage.

Microsoft says the new bugs in their WMF (Windows Metafile) graphics format are not as serious as the bug they patched in MS06-001. These new ones, according to Microsoft, are only "performance issues". In Microsoft-speak, I think that means these new bugs can crash your computer, but won't let an outsider take it over.

A security alert at Secunia says there is a bug in Microsoft Visual Studio. Because of the way that it is designed, program code attached to a user-defined control may get automatically executed when a form is opened. This may be exploited by attackers as a way to get hostile code on to a system. Secunia's advisory at http://secunia.com/advisories/18409/ gives credit to priestmaster for finding this. As a workaround, be suspicious of code that comes from unknown or dubious sources.

There is a bug in the way that Symantec Norton SystemWorks and SystemWorks Premiere treat the Norton Protected Recycle Bin, which is a feature that Symantec adds to the standard Windows Recycle Bin. Files in this folder may not get scanned during antivirus scans. Bad guys may know this, so they may try to hide their malware in this location as a way to remain undetected. Symantec says their latest product update will now display this folder, so that it can be scanned.

 

1/10/2006 Critical Bug in Microsoft's Web Font Handling

Microsoft says all versions of Windows have a bug in the way they handle embedded Web fonts on a webpage or in an email. An attacker could construct a Web font that has malicious content that, when viewed, may allow an attacker to take complete control of the victim's computer. Microsoft classifies this as a Critical bug, and has fixes available for Windows 2000, XP, and Server 2003 at http://www.microsoft.com/technet/security/bulletin/ms06-002.mspx. It appears that they will be providing fixes for Windows 98 and ME at a later time. Microsoft credits eEye Digitial Security for finding this. (Note that this is labeled a Windows problem, and not an Internet Explorer problem. The effect on third-party browsers is not spelled out by their bulletin.)

Apple says that after installing the Aperture 1.0.1 update via their Software Update, you may still get reminders telling you this update is available. This was due to a bug in Apple's Software Update, which has been fixed. However, you will still get the reminders until you install that software one more time. That should then shut up the nagging. See http://docs.info.apple.com/article.html?artnum=303063 for more.

There is a bug in Eudora Internet Mail Server (EIMS), in versions before 3.2.8, that may let remote attackers crash the server via an NTLM authentication request. US-CERT points to an update available at http://www.eudora.co.nz/updates.html. You can find out more at http://secunia.com/advisories/18356.

A security bulletin at iDefense points out that the third-party PostgresSQL database, which is shipped with many Linux server distributions, has a number of bugs that may allow remote attackers to run their own code on the server. A fix is available at http://www.giuseppetanzilli.it/mod_auth_pgsql2/dist/; there may also be fixes provided by the various Linux companies (for instance, Red Hat has one available.) See the details at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367.

Most users of Microsoft Outlook, Microsoft Exchange Server and the Microsoft Office MultiLanguage Pack may be vulnerable to a bug in the way this software handles Transport Neutral Encapsulation Format (TNEF) MIME attachments. A remote attacker may be able to use this to take complete control of a client or server running this software. See the full list of vulnerable software at http://www.microsoft.com/technet/security/bulletin/ms06-003.mspx, with links to patches. Microsoft credits John Heasman and Mark Litchfield of NGS Software for finding this bug.

There are numerous reports from security researchers that there are still more bugs in Microsoft WMF files, that will open up possibilities for even more attacks. These bugs were not fixed by the Microsoft Security Bulletin MS06-001, which only took care of one particular bug. Read more at
http://news.com.com/2100-1002_3-6024931.html. (Just thinking out loud here - but is there any reason we REALLY need WMF files?)

Microsoft says there is a "timing issue" on some Windows XP Service Pack 2 computers that may cause this Blue Screen of Death when you first start up the computer STOP 0x0000007e (parameter1, parameter2, parameter3, parameter4) aec.sys with some hex numbers for the parameters. They have a download that will fix this. Get it at
http://www.microsoft.com/downloads/details.aspx?FamilyId=404280BF-B240-4A34-AE0E-798CDED8CBAF.

Microsoft says that their Office applications are not able to save a file to a CD-RW or DVD/CD-RW drive. Try it, and you may see this error message Incorrect function While most versions of Microsoft Windows have functions that allow writing to a CD-RW, Office doesn't know how to use them. Microsoft instead says to get a third-party CD-ROM recording program.

If you are running a program using a non-interactive account, and that program automatically starts an Office 2003 program, the Office 2003 program may crash. If you need to do this, you may want to contact Microsoft Technical Support to get the Office 2003 post-Service Pack 2 hotfix package released on 12/16/2005. Read more at http://support.microsoft.com/kb/912022.

Red Hat has an updated mod_auth_pgsql package for Red Hat Enterprise Linux 3 and 4. This fixes the critical security bugs in the PostgresSQL database program, that may allow remote attackers to run their own code on the server. Get the Red Hat update at https://rhn.redhat.com/errata/RHSA-2006-0164.html.

There is a bug in the uucp and uustat functions of Sun Microsystems Solaris 8 and 9, on both the SPARC and Intel platforms. This bug may let local users to run commands with the privileges of the uucp user. See http://sunsolve.sun.com/search/document.do?assetkey=1-26-101933-1 for patch information. Sun credits iDefense and Angelo Rosiello for finding this bug.

1/9/2006 Microsoft WMF Bug Wins the Bug of the Month

The bug in Microsoft's graphics file, and the way it played out over a week, wins the uncoveted award for Microsoft yet again.

1/9/2006 Apple Fixes a Hole in AirPort

Apple says that a bug in the firmware for their AirPort Extreme 5.7 and 6.3 base stations may allow for denial of service attacks. Because the attack is mounted by an attacker sending malformed packets, the update makes sure these packets get thrown out, rather than bogging down the network. Get the update at http://docs.info.apple.com/article.html?artnum=303072.

There was supposed to be a big attack of the Sober worm on January 5 or 6, released to coincide, according to reports, with Hitler's birthday. However, security has been tightened up on both servers and clients that the attack seemed to have fizzled. See http://www.computerworld.com/securitytopics/security/story/0,10801,107544,00.html for more.

US-CERT reports that there are multiple memory leaks in versions of IBM Lotus Notes and Domino Server earlier than 6.5.5, These can be exploited by attacers to trigger denial of service attacks against the server. Upgrading to Notes/Domino 6.5.5 will fix this problem.

IBM says there is an incompatibility between Lotus Notes 7.0 and ActivCard Gold 2.2 Smartcard software. If you use the smartcards for user identification, Notes may crash. IBM says this isn't their problem, so any fix will have to come from ActivCard.

If you insert a .CGM graphics file into a Microsoft Office 2003 program, and then switch to another program with an ALT-TAB, the Office program may crash. The error message may look similar to this Powerpnt.exe 11.0.6509.0 Gdiplus.dll 6.0.3272.0 00061988. Microsoft has a hotfix for this, which will be in a future Office service pack. If you need this fix right away, see http://support.microsoft.com/kb/912004 for details on how to get it.

Because of the WMF bug, Microsoft says that they will be examining all their programs, "old and new", to look for similar bugs. This comes about two years after Bill Gates called a temporary halt to all software production until the company could refocus on security. See more Microsoft comments at http://news.zdnet.com/2100-1009_22-6024778.html. [Editorial comment -- The WMF bug also illustrates a problem with lots of Microsoft software -- it's loaded up with so many bells and whistles that even Microsoft isn't sure how everything is going to interact. It's why Outlook has had so many bad problems over the years.]

Microsoft says that Windows 98, Windows 98 SE, and Windows ME are all vulnerable to the WMF bug. However, Microsoft also says that it is not a "Critical" problem for these versions of Windows. Since they are outside their support period, Microsoft isn't going to be releasing fixes for them. But in reality, unless you are facing some real financial constraints, you want to ditch those versions of Windows anyway.

Microsoft will still be delivering two additional patches on 1/10, their traditional "Patch Tuesday", over and beyond the WMF patch they released early. These are also critical updates, one for Microsoft Office and one for Microsoft Exchange. The BugBlog will have coverage Tuesday afternoon.

Novell says that if you are using their DirXML 1.1a, you may have problems with driver startup if you are using OID servers. They have a new DirXML driver for use with LDAP that is supposed to fix this. Get the update at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971058.htm.

A story in eWeek says that exploit code that can target Oracle databases is now circulating around the hacker underground. This may mean upcoming attacks against the database giant's products. See http://www.eweek.com/article2/0,1895,1908751,00.asp for details.

Red Hat has an updated Apache httpd package that fixes a number of security bugs in the web server that is distributed with Red Hat Enterprise Linux 3 and 4. Bugs in mod_ssl and in worker MPM may lead to denial of service attacks, while a bug in mod_imap may allow cross-site scripting attacks. Get the update at https://rhn.redhat.com/errata/RHSA-2006-0159.html.

1/6/2006 Microsoft Releases WMF Bug Patch

If enough people complain, I guess that Microsoft will change its mind. The patch for the very dangerous WMF (Windows Metafile) bug was released early, on 1/5/2006. The patch, for Windows 2000, Windows XP, and Windows Server 2003, is a Critical Update that will prevent remote attackers from possibly taking over your computer after you view a WMF graphics file on your computer, in an email, or on a webpage. Get the update at http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx. Now that the "official" patch is out, you will not need the unofficial patch available from the Internet Storm Center. [Edit 1/10: Microsoft credits Dan Hubbard of WebSense for finding this bug.]

1/5/2006 AV Software Working Against WMF Bug

Most anti-virus programs are catching malicious content trying to sneak in through Microsoft's unpatched WMF (Windows Metafile) bug. Microsoft still insists on waiting till January 10 to patch this dangerous bug, while an unofficial but safe patch is available from the Internet Storm Center at http://isc.sans.org/diary.php?storyid=1010. In the meantime, independent testing shows that Symantec and McAfee were able to catch all 206 of the test files; most other AV vendors, with the exception of Trend Micro, also did well. Read these results at
http://news.zdnet.com/2100-1009_22-6018696.html

1/4/2006 Microsoft Fixes Word 2003 Converter

Microsoft has a new Word 2003 post-Service Pack 2 hotfix package that fixes a bug in the WordPerfect 5.x for Windows filter. These bugs may prevent WordPerfect 5.x file options from showing up when you try to save a document. Microsoft says the problems may show up if you installed the Office Converter Pack for Microsoft Office 2003. See http://support.microsoft.com/kb/912338 for details on how to get the fix.

There are a number of different situations that may trigger the error message
No Valid Acrobat Serial Number Found. Acrobat will now quit
when you try to start Adobe Acrobat 6.x or 7.x for Windows. Adobe lists the possible reasons for this error at http://www.adobe.com/support/techdocs/326005.html, along with the workarounds for each situation.

The Apple iPod Cmera Connector doesn't work with all digital cameras, nor with all iPods. You need a fifth generation iPod, the iPod photo. A full list of supported cameras and media readers are at http://www.apple.com/ipod/compatibility/cameraconnector.html.

If you have address information in a .txt or .cvs file and try to import it into the Apple Mac OS X 10.4.2 Address Book, the import may fail if there is a line break in the file. However, this will be a silent failure that won't generate an error message. For now, the only workaround from Apple is to make sure there are no line breaks. Use a text-editor in the file to search for and delete them before doing the import.

IBM says that in Lotus Notes/Domino 6.x and 7.x, printing a calendar entry along with agenda and description of the meeting may not work correctly. Instead, information in the right-hand column may get chopped off. This may include the meeting information and the Categorize information. IBM says this has been fixed in Notes/Domino 6.5.5, and is being worked on in Notes/Domino 7.x.

January 3 saw two updates in one day to Microsoft's Security Advisory 912840, which deals with the WMF (Windows Metafile) bug. It still appears that Microsoft is waiting stubbornly for January 10 before releasing the patch. Keep up-to-date on the updates at http://www.microsoft.com/technet/security/advisory/912840.mspx. Needless to say, this is a time to be especially careful about visiting dubious websites or opening suspicous email attachments.

At least 70 different IM (Instant Messaging) attacks have been catalogued that attempt to exploit the bug in Microsoft Windows WMF (Windows Metafile) format. Sending an infected file via IM, or sending a link to a website with an infected file, are how IM is used for the attack. Email and websites will be the other common ways to exploit this. Read more at http://www.computerworld.com/securitytopics/security/holes/story/0,10801,107455,00.html.

In Microsoft Outlook 2003 if you go to the Sent Items folder and click Reply to All to a message, the reply will only go to the original sender. Microsoft has fixed this in an Outlook 2003 post Service Pack 1 hotfix with an 11/29/2005 release date. See http://support.microsoft.com/kb/909617 for details if you need to get this hotfix.

If a meeting is scheduled in Microsoft Office Outlook 2003, and then cancelled, the meeting may appear yet again in the same time slot. According to Microsoft, this may happen if both the meeting recipient and the recipient's delegate process the cancellation -- in other words, two cancellations turn a meeting back on. Microsoft shows two ways to take care of this at http://support.microsoft.com/kb/912215.

There is an incompatibility between the ActiveSync process in Windows Mobile 5.0 software, and computers running Windows XP with Service Pack 2 installed. The Windows Firewall will interfere with the syncing operation. See http://support.microsoft.com/kb/911423 for information on a workaround.

The Security Update 12 for Symantec Norton Internet Security, released on 12/29/2005, has added coverage for the Microsoft WMF (Windows Metafile) threat, as well as the latest Microsoft Internet Explorer JavaScript problem and the Snort BackOrifice Preprocessor BO. Users of the product can use LiveUpdate to get the latest protection.

1/3/2006 Many Exploits for Microsoft WMF Bug

The Microsoft WMF bug, from the 12/31 BugBlog, is being taken advantage of by adware vendors and others who don't have your best interests at heart. A round-up story in eWeek at http://www.eweek.com/article2/0,1895,1907102,00.asp shows that anti-virus vendors are catching up, but don't offer blanket immunity. Disabling the buggy DLL from Microsoft offers a temporary patch, by preventing Windows Picture and Fax Viewer from opening. It may be possible for this security breach to be exploited by third-party programs that open WMF files. See details, and limitations, of this workaround in the eWeek story.

Microsoft says they will not be releasing their fix for the WMF (Windows Metafile) bug until their regular Patch Tuesday release of January 10. I guess they aren't worried that it’s a very serious security bug that is very easy to exploit. There is an unofficial patch from the Internet Storm Center at SANS. While the patch was developed by a volunteer, it has been tested at SANS, and the source code is available. Get it at http://isc.sans.org/diary.php?storyid=1010. Keep on reading the coverage by the Internet Storm Center for a very good FAQ on the problem. The information they give is much more detailed than what you are getting from Microsoft.

Microsoft says that if you right-click and then open a file in the Start Menu's My Documents or My Recent Documents listing, you may cause tooltips from taskbar icons to appear behind the taskbar, making them invisible. For now, there is no easy fix to see the tooltips, other than restarting your computer, or logging off and then back on.

Novell re-released the ZENworks Asset Management 7 Patch 4 on 1/3/2006. It is the same patch that was released 12/2/2005, except for changes in the Readme. The patch fixes bugs: that may crash the Task Server when doing an Active Directory Import; that blanks out Web Console report folders; and that may cause hardware details to be missing. Get the patch at
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972745.htm.

There is a bug in the Research in Motion (RIM) BlackBerry Attachment Service. Attackers may be able to send an email with a TIFF file attached that could execute the attacker's code on the Blackberry, access account information, and cause a denial of service. RIM says that they are working on a fix, but don't know when it will be ready.

Sony may be reaching a settlement for some of the lawsuits being filed against it for the spyware that their music CDs secretly installed on computers. It still needs to be approved by the court -- but it appears you will be able to exchange your spyware-infected CDs for clean versions. Read more at http://www.computerworld.com/securitytopics/security/story/0,10801,107418,00.html.