BugBlog Plus Archives
Current month
Nov 06 by company
Nov 06 by date
Oct 06 by company
Oct 06 by date
Sep 06 by company
Sep 06 by date
Aug 06 by company
Aug 06 by date
July 06 by date
June 06 by date
May 06 by date
Apr 06 by date
Mar 06 by date
Feb 06 by date
Jan 06 by date
Jan 06 by company
Dec 05 by date
Dec 05 by company
Nov 05 by date
Oct 05 by date
Sept 05 by date
Aug 05 by date
July 05 by date
June 05 by date
June 05 by company
May 05 by date
May 05 by company
Apr 05 by date
Apr 05 by company
Mar 05 by date
Mar 05 by company
Feb 05 by date
Feb 05 by company
Jan 05 by date
Jan 05 by company
Dec 04
Dec 04 by company
Nov 04
Oct 04
Sept 04 by date
XP SP 2
Aug 04 by company
Aug 04 by date
Jul 04 by company
Jul 04 by date
June 04 by company
June 04 by date
May 04 by company
May 04 by date
Apr 04 by company
Apr 04 by date
Mar 04 by company
Mar 04 by date
Feb 04 by company
Feb 04 by date
Jan 04 by company
Jan 04 by date
Dec 03 by company
Dec 03 by date
Nov 03 by date
Nov 03 by company

Jump to the BugBlog archives (October 03 and earlier are public archives)

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Subscription portion of the BugBlog. The first bug of the day listed is always the free bug available to non-subscribers, followed by the subscription-only bugs.

10/31/2006 Xbox 360 May Not Like Windows Media Player 11

If you first install Microsoft Windows Media Player 11 on a Windows XP computer, and then you try to authorize your Microsoft Xbox 360 to use it with Windows Media Connect, you may get an error message and the authorization won't take place. Microsoft has a workaround for this listed at
http://www.microsoft.com/windows/windowsmedia/player/11/readme.aspx#ErrorwhensettingupXbox360softwareafter
WindowsMedi

If you open iTunes 7 for Windows, and you see a -200 error message, that probably means that QuickTime may need to be reinstalled. See http://docs.info.apple.com/article.html?artnum=304424 for the details.

While another Daylight Savings/Standard Time switchover has come and gone, it's time to start planning for next year. That's because Congress has changed the week of the switchover, and some computer programs that have change functionality built-in may need upgraded. IBM has informaiton on how this affects Lotus Notes at http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21232652.

There may be problems synchronizing files between Microsoft Windows Media Player 11 and iRiver H10 devices. Microsoft says that if there are problems, make sure to get the latest firmware from iRiver at http://go.microsoft.com/fwlink/?LinkId=65294.

If you are unsure whether your portable media device is compatible with Microsoft Windows Media Player 11, you should check out the http://www.playsforsure.com/ site. Microsoft says that if you upgrade, and then run into problems, you can roll back to the earlier version of Windows Media Player that worked.

There are already quite a bit of complaints over what will be the licensing restrictions in Windows Vista, and whether you will run into problems or not if you upgrade the hardware on a Vista computer. Ars Technica talks directly to a Microsoft "spokesman" who says that "the hardware tolerance of product activation for Windows Vista has been improved and is more flexible than that for Windows XP." Read the whole article at http://arstechnica.com/news.ars/post/20061030-8104.html, and decide if it makes you more confident about upgrading to Vista.

If you upgrade to Mozilla Firefox 2.0 on a Mac OS X computer, and then install a new plug-in, you may still see the details for the older version of the plug-in when you go to about:plugins. Mozilla says you can refresh things by quitting Firefox, going to your profile folder and deleting pluginreg.dat. Once you restart Firefox, you should have the data updated.

You won't be able to install Mozilla Firefox 2.0 on a Microsoft Windows NT 4.0 computer unless you have Comctl32.dll 5.80 installed. Mozilla says you can get this for free from Microsoft at http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=6F94D31A-D1E0-4658-A566-93AF0D8D4A1E.

There is a bug in Sophos Anti-Virus 4.x through 6.x that can trigger a denial of service attack to the anti-virus engine. It happens when the Petite plugin checks a Petite archive with lots of sectors. Sophos has fix information at http://www.sophos.com/support/knowledgebase/article/7609.html. They have fixes ready for all versions except the Mac version, which won't come till December.

10/30/2006 Resetting an Unresponsive iPod Shuffle

If you have a First Generation 512MB or 1GB iPod shuffle, when you turn it on you may see amber and green LEDs flashing for a few seconds, but you won't be able to get the iPod to play music. You also won't be able to get it to play music. To fix this on a Windows computer, get the iPod shuffle Reset Utility 1.0 for Windows at http://www.apple.com/support/downloads/ipodshuffleresetutility10forwindows.html. If you've got a Mac, get your download at http://www.apple.com/support/downloads/ipodshuffleresetutility10formac.html. Note that the utility will erase all the music on the iPod and reinstall the iPod 1.1.4 software.

Apple says that the MagSafe Airline Power Adapter for their laptop comptuers is not compatible with a car's cigarette lighter or power ports. It's only good on airplane power sockets. They say it won't provide power or charge the battery.

Once you upgrade to Microsoft Windows Media Player 11, you might not be able to play music files in your library over a digital media receiver unless your music files are in a monitored folder. Microsoft spells out how to share your media files at http://www.microsoft.com/windows/windowsmedia/player/11/readme.aspx#1828178.

If you have Microsoft Windows Media Player 11 installed on a computer, don't try to take a step back on install Windows Media Player 10, too. If you do, you may not be able to play any of your protected content -- presumably because Microsoft's digital rights management (DRM) schemes in the two versions will start squabbling with each other. Microsoft has some steps to resolve the conflict at http://www.microsoft.com/windows/windowsmedia/player/11/readme.aspx#1792680.

If you are using Mozilla 1.5.x and are waiting for an automatic update prompt for Firefox 2.0, you may have to wait a little longer. The auto update won't be activated for a couple of weeks, says Mozilla. If you want the new version before that, you'll need to do a manual update. The delay is probably to ease the traffic on their servers.

Red Hat has an updated kdelibs package for Red Hat Enterprise Linux 2, 3, and 4. This fixes a critical integer overflow bug in the Qt program within the K Desktop Environment (KDE). A remote attacker may have been able to construct a malicious webpage that could crash a KDE user, or possibly run hostile code on the system. Get the fix at https://rhn.redhat.com/errata/RHSA-2006-0720.html.

10/27/2006 Anti-Phishing Features in the New Browsers

Adam Smith's "invisible hand" of competition has brought real benefits to the world of browsing. The new Mozilla Firefox 2 and the new Microsoft Internet Explorer 7 both have anti-phishing filters built in. They should help in keeping you from being tricked into giving information to fraudulent sites. The explanation of how Mozilla does this is at http://www.mozilla.com/en-US/firefox/phishing-protection/. The Microsoft explanation is at http://blogs.msdn.com/ie/archive/2005/09/09/463204.aspx.

This report comes from a non-typical source: The Valleywag gossip site, part of the Gawker Media empire, reports on a problem that occurs with Adobe Creative Suite 2 running on Intel-based Macs. Some of the dialog boxes end up with long, repeating decimal values in the selections, as illustrated by a screen shot shown at the site. ValleyWag reports his end of a non-helpful conversation with Adobe Tech Support at http://www.valleywag.com/tech/adobe/adobe-indenial-210500.php

The Apple Migration Assistant or the Setup Assistant may not do a perfect job of migrating all your applications from a PowerPC Mac to an Intel Mac. Some of the applications won't start on the new computer. Apple has some troubleshooting information starting at http://docs.info.apple.com/article.html?artnum=304302.

Microsoft has posted on their Product Lifecycle page at http://www.microsoft.com/windows/lifecycle/servicepacks.mspx that the next service pack for Windows XP isn't planned till the first half of 2008. That will almost be four years after the last service pack, which was in August 2004. If you are going to wait four years, why even bother?

Various reports had surfaced in the media that the first two bugs had been found in Firefox 2.0. According to Mozilla, one of the bugs had been fixed in an earlier version, and they so far have not been able to get the second one to do anything more than crash the browser. For now, the latest word is at http://www.networkworld.com/news/2006/102606-mozilla-team-downplays-first-firefox.html?nlhtbug=1023bug2.

So far, this is just my own experience, and not verified elsewhere in media reports or in Bugzilla - but in the three days of using Mozilla Firefox 2.0 I've twice had it lock up completely while at different Google Blogger blog pages. The first time, I used Session Restore to go back to the page, where it locked up again. The second time, I did not go right back to the blog -- which is a well-known political/legal blog. Later, I did go back to the second page, and had no problems.

10/26/2006 Address Bar Spoofing in IE 7

Secunia has a report of a bug in Microsoft Internet Explorer 7. It may be possible for attackers to create a pop-up window that will have a spoofed and misleading address bar, with only part of the address displayed. This could be used as part of a phishing scheme to trick users into disclosing information to a malicious website. You can see the details at http://secunia.com/advisories/22542/, including a proof of concept.

10/25/2006 Firefox 2 Can Restore Your Session (Even If You Don't Want To)

The newly-released Mozilla Firefox 2 includes a Session Restore feature. This means that connections to some sites that log you in via cookies, like Gmail, will automatically be restored after a browser crash. You may not want that to happen if you share a computer. If so, you will need to turn off this feature via the browser.sessionstore.resume_from_crash setting. If you are not familiar with changing your Mozilla settings, see http://kb.mozillazine.org/About:config.

There is a buffer overflow in the AOL WinAmp media player. The bug is in the way that WinAmp handles the Ultravox protocol. An attacker may be able to configure a malicious server that could run code on the vulnerable computer running WinAmp. The bug was discovered by iDefense, with the details at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431. This has been fixed in WinAmp 5.31.

I know that BugBlog readers won't try to do anything that circumvents the DMCA, so they won't be interested in a story at the BBS where an inventor has claimed to crack the Apple iTunes copy protection. Since you aren't interested, you won't be reading the BBC story at http://news.bbc.co.uk/1/hi/technology/6083110.stm.

There is a bug in the Cisco Security Agent (CSA) for Linux. This may allow a remote attacker to lock up a system by running a port scan against it. Vulnerable models include CSA version 4.5 and 5.0 for Linux, the Cisco Unified CallManager (CUCM) 5.0 versions including 5.0(4), and Cisco Unified Presence Server (CUPS) 1.0 versions including 1.0(2). See http://www.cisco.com/en/US/products/products_security_advisory09186a00807693c7.shtml for fix information.

The release notes for Microsoft Internet Explorer 7 point out that support for both the Gopher and Telnet Internet protocols has been dropped in this version of the browser. For you young'uns, those were two of the Internet tools we used to keep ourselves occupied while waiting for the World Wide Web to be invented.

When upgrading from Microsoft Internet Explorer 6 to IE 7 on a Windows Server 2003 computer with SP 1 and Enhanced Security Configuration turned on, the correct security defaults may not be set once the upgrade is completed. If an Administrator turns off the Enhanced Security Configuration, and then turns it back on, the correct defaults should be set.

Autodesk is working on a patch that will fix a compatibility problem between their Autodesk Design Review 2007 and Autodesk DWF Viewer 7.0 and Microsoft Internet Explorer 7. The problem is with websites that include DWF files. The DWF viewer isn't working with IE 7. One of the Autodesk blogs has links to a beta version of the patch. Look for it at http://dwf.blogs.com/beyond_the_paper/.

When installing Mozilla Firefox 2 on a Linux or Unix computer, avoid a path that has spaces in it. Firefox may not be able to set itself as the default browser from this location, and it may keep bugging you about this at startup. You'll need to re-install it in a spaceless path.

If you are running Mozilla Firefox 2 on a Mac OS X computer, note that you won't be able to get Java to run if you have Intel Core processors under Rosetta. Rosetta will also interfere with Talkback on Intel-based Macs. Instead, you'll get the Apple Crash program.

Some financial institutions, when doing Internet banking, use port 563 for their customers to do secure log-ins. That port is closed by default in Mozilla Firefox 2. If you need to open it, go to About:Config and make sure that port 563 is listed in network.security.ports.banned.override.

Some older versions of the Adobe Acrobat Reader plug-in may hang when used with Mozilla Firefox 2.0. Mozilla says that if you run into problems with PDFs, go to http://www.adobe.com/products/acrobat/readstep2.html to get the latest version.

iDefense reports a number of bugs in Novell eDirectory 8.8, 8.8.1, and possibly earlier versions too. The bugs include buffer overflows and integer overflows that may allow attackers to run their own code on the affected system. Novell has a fix for eDirectory 8.8.1. The NetWare and Windows version is at http://support.novell.com/servlet/filedownload/sec/pub/edir881ftf_1.exe/ and the Linux and Unix version is at http://support.novell.com/servlet/filedownload/sec/pub/edir881ftf_1.tgz/.

10/24/2006 False Positive from Symantec AntiVirus Causes a Problem

Anti-virus signatures for Symantec AntiVirus were shipped that apparently triggered a false positive alert that the sfc.dll file in Windows XP and 2000 (which powers Windows File Protection) was the Infostealer.Banpaes virus. Symantec then disabled sfc.dll, and prompts you to reboot the computer. When you try to reboot, a Windows XP computer may reboot continuously, and Windows 2000 may blue screen. Symantec has posted a Knowledge Base article at http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006102011570548 to help anyone whose computer they wrecked. The Internet Storm Center also has information at http://isc.sans.org/diary.php?storyid=1799.

10/23/2006 Microsoft Re-Releases XML Security Bulletin

Microsoft has re-released their MS06-061 Security Bulletin, which fixed a bug in Microsoft XML Core Services. The first version of their patch did not correctly kill off the flawed version of the Microsoft XML Parser 2.6 if you are running Windows 2000 Service Pack 4. This is a critical security update that helps prevent remote attackers from running their code on your computer. If you haven't gotten the fix yet, or are affected by the re-release, get it at http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx.

According to Apple, if you do a NetInstall of Mac OS X 10.4, or you restore it from a disk image, you may see files in your root folder that are supposed to be invisible. These may include etc and var files. Apple shows how to keep this from happening at http://docs.info.apple.com/article.html?artnum=301677. They also tell you how to hide the files again.

Microsoft reminds everyone, via their IE Blog, that they will start to push out Internet Explorer 7 via Automatic Updates on November 1. (They announced they would do this back in July.) They do have a Blocker toolkit that you can use to keep this from happening. Find out more at http://blogs.msdn.com/ie/archive/2006/10/19/be-ready-for-automatic-update-distribution-of-ie7-by-november-1.aspx.

When its time to install Microsoft Internet Explorer 7, you will be asked to run Windows Genuine Advantage. (That's something that I had avoided up till now.) One enterprising installer used some tools to try to track what WGA and the IE 7 installation process actually does. Read the results at http://www.dailycupoftech.com/is-internet-explorer-7-spying-on-me/.

These toolbars have compatibility issues with Microsoft Internet Explorer 7: RoboForm Toolbar version 6.3.96; Cooxie Toolbar version 1.1.05; Diodia Toolbar version 2.4.01; Ask Toolbar by AskJeeves version 4.0.1.1; Mojicon Dispenser; these toolbars may all cause IE 7 to lock up. Two other toolbars, the Logos Word Toolbar and the Adelphia Toolbar version 1.2, may cause problems if you open more than one tab.

There is a bug in Symantec Mail Security for Domino's Premium Antispam feature. According to Symantec, the software may not reject certain SMTP addresses that it is supposed to reject. This will let in spam that shouldn't be allowed. Symantec has fixed this in version 5.1.2.28. Find out how to get it at http://securityresponse.symantec.com/avcenter/security/Content/2006.10.19.html.

10/20/2006 First IE 7 Bug is a Leftover

The first bug in Microsoft Internet Explorer 7 is being discussed. It is a problem in redirection handling with the "mhtml:" URI handler. However, according to the Internet Storm Center, this bug is actually something left over from IE 6. It appears that for compatibility reasons, Microsoft included an older MSXML ActiveX component that had this bug, which they say was announced at http://secunia.com/advisories/19738. You can read the full analysis at http://isc.sans.org/diary.php?storyid=1797.

If you try to install Microsoft Internet Explorer 7 and the installation fails, Microsoft says to restart your computer afterwards. That ensures that any half-steps made towards installation are undone. You can also look in the installation log file to find out more about what caused the errors. Look in your Windows directory for these files: ie7_main.log, ie7.log, ie7Uninst.log.

If you are trying to run the CITRIX ICA Client on a Windows Vista computer running Internet Explorer 7, you will have problems if you are running in IE 7 Protected Mode. The remote desktop won't be visible. Microsoft says you will need to run as an Administrator.

The Dolphin Hal Screen Reader and Supernova Reader Magnifier are incompatible with Internet Explorer 7. Microsoft says the problem actually lies with an older version of psapi.dll that ships with those products. Fix this by going to the installation folder for the products. Find psapi.dll and rename it to psapiold.dll. (Make sure you do not rename the version of psapildll in the \\Windows\System32 directory.) Restart your computer, and the products will now use the new version of the DLL.

Some websites are coded so that you can only use Microsoft Internet Explorer 6, and they will reject Microsoft Internet Explorer 7. Microsoft's fix is to get the User Agent String Utility version 2 at http://go.microsoft.com/fwlink/?LinkId=71879. This will make IE 7 look like IE 6 to these websites. A better solution may be to complain to these websites until they conform to standards so that you can access them with Firefox, Opera, or Safari, too.

The RSS Feed icon in Microsoft Internet Explorer 7 is supposed to light up automatically when you come to a webpage that has an RSS feed. However, it doesn't do this by noticing an RSS feed icon -- they way a human would. Instead, it looks for a particular link in the header of the webpage. See http://blogs.msdn.com/rssteam/articles/PublishersGuide.aspx for you need to construct that link. (Which the BugBlog will do very soon.)

There's an incompatibility between Microsoft Internet Explorer 7 and Windows SharePoint Services. According to Microsoft, you won't be able to import spreadsheets into SharePoint while IE 7 is running.

Installing Microsoft Internet Explorer 7 may cause Microsoft Flight Simulator 2004 to lock up and stop responding. Microsoft says you need to go into the Flight Simulator folder, look for oleacc.dll and rename it oleacc.old.

Microsoft says that the graphical user interface (GUI) for SAP is not compatible with Internet Explorer 7. This is supposed to be fixed in SAP GUI for Windows 6.40 patch level 20, and inSAP GUI for Windows 6.20 patch level 64.

Microsoft says that third-party toolbars or other add-ons may be incompatible with Internet Explorer 7. If you are getting crashes or other problems, and you have add-ons, Microsoft says try runnin with these turned off. Go To Start, All Programs, Accessories, System Tools, and then choose Internet Explorer (No add-ons).

Microsoft says that the MSN Toolbar 1.02 is incompatible with Internet Explorer 7. Get the latest, compatible version of the toolbar at http://go.microsoft.com/fwlink/?LinkId=71880.

10/19/2006 IE 7 Cracks Down on ActiveX Controls

Microsoft Internet Explorer 7 can no longer be considered beta software - so it's time for the BugBlog to start taking a look. The good news is that IE 7 imposes a lot more security on ActiveX controls. That's good -- although it was Microsoft who foisted ActiveX on us in the first place. This review of IE 7 at eWeek talks about the increased security, which is a definite bug fix. Read the whole thing at http://www.eweek.com/article2/0,1895,2033704,00.asp.

10/18/2006 Flawed Opera Causes some Dissonance

Opera 9 has a heap overflow bug that may cause the browser to crash when it tries to handle a very large link. Opera says they have fixed this in Opera 9.02, and that the impact of the bug is a denial of service attack. They also credit iDefense for finding this bug. According to iDefense, the size of the link only has to top 256 characters, and it can be hidden in an iframe. They also say that attackers can use the bug to run their own code on your computer. See their explanation at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424.

If you have Apple QuickTime Pro 7.1.3 and you have some DV formatted movies, there is a simple menu command that will export those movies to your iPod. If you have an older version of QuickTime (7.0.2 to 7.1.2) you have some extra steps to make those movies compatible. See how at http://docs.info.apple.com/article.html?artnum=302955.

Just a personal observation -- Best Buy gets a lot of flack and criticism for the way that they push their product protection plans. However, they quickly and easily exchanged a shiny new iPod nano for my daughter's three-month old stone cold dead iPod nano.

IBM says that on Portal Portal Version(s): 5.1.0.x and Portal 6.0.0.0, there are some things that users can do that may cause a thread to fall into an endless loop, freezing up any database traffic. IBM has a fix for this at http://www-1.ibm.com/support/docview.wss?uid=swg24013516.

Secunia reports on a bug in the McAfee Network Agent (McNASvc.exe) that is in a number of McAfee products, including McAfee Internet Security Suite 2006. An attacker can send a maliciously designed message to the service, which will crash it. As of yet, there is no fix. Secunia credits JAAScois for finding this bug.

Installing the MS06-061 security patch from Microsoft might mess up their Commerce Server 2002 Business Desk applications. That's because they rely on MSXML 2.6, which is killed off by this update. Microsoft has a lengthy procedure to get your Commerce Server back - see http://support.microsoft.com/kb/926509 for the details.

Microsoft says that some computers may have multiple versions of the Microsoft XML Parser installed, and this may make it difficult to install the MS06-061 Security patch. According to Microsoft, you may have to install multiple packages for the update. There may also be programs that you install in the future that will put the old defective parser back on your system, so you may need to install the security patch again. See http://support.microsoft.com/kb/924191 for more.

Microsoft says when a user logs off a Windows XP system, sometimes all the system processes aren't terminated, leaving some trace of the user in the Registry. This can cause later problems if the user comes back and tries to use a Roaming User profile. Microsoft has a tool called the User Profile Hive Cleanup service that can go in and do the cleanup. You can get it at http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582.

There is a bug in the NVIDIA Graphics Drivers for Linux 1.x. A local user may be able to gain escalated privileges on a system by exploiting the bug, a boundary error when rendering glyphs. This is reported as fixed in the 1.0-9625 beta driver. Rapid7 gets credit for finding this bug.

Oracle has released their quarterly bundle of security patches. This time, they bundled 101 of them together. (Things tend to pile up if you only patch four times a year.) See http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html for the details.

Sun Microsystems says that there are three bugs in the version of the Apache 2.0 HTTP server that they ship along with Solaris 10. These bugs may allow remote users to run their own code on the server. See http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 for the patch details.

10/17/2006 Netflix Fixes a Cross-Site Hijacking Bug

Netflix has fixed a bug on their site that may allow an attack called Cross Site Request Forgery. This type of attack may allow an outsider to change your address, add movies to your queue, and otherwise manipulate your account. An attack like this works if you normally stay logged in to a site, and you visit another hostile website that includes code to take advantage of the weakness. Other Web 2.0 sites may also be at risk for this attack, according to the story on ZD Net at http://news.zdnet.com/2100-1009_22-6126438.html.

US-CERT has a preliminary report of a bug in the Adobe Flash Player plugin 9.0.16 for Windows, and version 7.0.63 for Linux. The bug is a CRLF injection vulnerability that may allow remote attackers to modify HTTP headers and interfere with ActionScript functions. Watch for updates on this at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5330.

When you make a change to an Adobe Macromedia Dreamweaver template, and try to update the pages based on the template, you may get this error message:
Error Accessing File: "\\servername\wwwroot\templates\\\servername\wwwroot\templates\main2.dwt": bad file path (error code 3).
According to Adobe, the problem often comes from putting the site's local root folder on a shared network folder with a UNC path. Check out any possible workarounds at http://www.adobe.com/go/19208ee.

It appears that some Apple video iPods, manufactured after 9/12/06, shipped with a version of the RavMonE virus. Apparently, the virus was on a Windows machine at the factory, and made it on to the assembly line. The virus will only affect Windows computers, so if you attach an infected iPod to a Mac, there is no problem. Read more at http://news.zdnet.com/2100-1009_22-6126804.html.

There is a bug in Apple Xcode 2.x, which snuck in because Xcode uses a known buggy version of OpenBase SQL. You can fix this by getting the latest J2SE 5.0-compliant OpenBase JDBC drivers from http://www.openbase.com. See the details at http://secunia.com/advisories/22474/.

Microsoft says the the Word 2003 feature that lets you "Detect language automatically" may actually cause your computer to hang. The effort to detect the language may cause Word.exe to soak up 100 percent of CPU time. This has been fixed in the 10/2/06 hotfix package for Word 2003. See how to get the hotfix at http://support.microsoft.com/kb/924782/.

10/16/2006 Excel 2003 May Yield the Wrong YIELD

One of the Microsoft Excel 2003 financial functions will give you the wrong answer under a particular set of inputs. If you are using the YIELD function, and the security settlement date is the 30th or 31st of the month, the maturity date is the 30th or the 31st of the same month, and the Basis parameter is 4. Microsoft has a hotfix at http://support.microsoft.com/kb/925797, which must be applied on top of some previously released hotfix packages, described on that page.

Apple points out that some keypress combinations that may work on a regular keyboard will not work on laptop computer keyboards. This includes any four-key combinations, or some combinations that use three keys across as asdfjkl; row. Apple says this is intentional, to avoid a problem called "phantom keys." If you really need one of these combinations, Apple suggests attaching an external keyboard.

Clam AntiVirus is reporting a bug that may allow remote attackers to trigger a denial of service attack via chmunpack.c. This bug is in the Linux version of ClamAV. It has been fixed in version 0.88.5.

If you had problems reaching one of your favorite Google Blogger blogs over the weekend ( such as the Backup BugBlog at http://backup-bugblog.blogspot.com/) it's because first a hacker broke into the main official blog for Google, and then later there was what Google called a "network malfunction." However, no data was lost.

After you install or repair Microsoft Office 2003, or install an Office 2003 hotfix or update, the file association for .TIF files might get screwed up. When you double-click on one of those files, instead of opening up in Microsoft Paint (the default program) they will open up in Microsoft Office Document Imaging instead. Microsoft has a workaround for this, that involves a Registry edit. To see the details, and important safeguards for editing the Registry, see http://support.microsoft.com/kb/923508.

When using Microsoft Office Outlook 2003, you may turn on the EmptyTrash policy. When you shut down Outlook, you should then be prompted whether you want the trash emptied or not. If you say No, then the next time you start Outlook the trash should still be there -- as it should. But then, when you click to Send/Receive mail, the trash gets emptied. Microsoft has a hotfix for this, so that you can retain your trash. Either wait for the next Service Pack, or go to http://support.microsoft.com/kb/920916 to see how to get the patch right away.

10/13/2006 Lower Your Defenses When You Install IE 7

With the official release of Microsoft Internet Explorer 7 soon upon us, you may want to know that Microsoft's IEBlog is reminding everyone that they recommend that you temporarily turn off all you anti-virus and and anti-spyware applications before you install IE7. They say that the installation makes so many Registry changes that it may look suspicious to your AV software, which may interfere with the installation. (If you are paranoid, you could probably come up with some other reasons for this.) If you want to be an early adopter, read the blog post and comments at http://blogs.msdn.com/ie/archive/2006/10/11/IE7-Installation-and-Anti_2D00_Malware-Applications.aspx.

Adobe says that there is a bug in the Adobe Breeze 5.0 Licensed Server and Breeze 5.1 Licensed Server. Because of this bug, a user may be able to retrieve the contents of any file that is on the same drive where Breeze is installed. If you maintain your own Breeze server, get the patch at http://www.adobe.com/support/security/bulletins/apsb06-16.html.

Try to install Adobe Acrobat 6,7 or Acrobat 3D on a Windows XP 64-bit operating system, and you will probably get an error message similar to: Warning 20225. Adobe Acrobat 7.0.5 set up was unable to create a new item Adobe PDF Port & Printer. The Adobe Printer may be unavailable. GetLastError: The data area passed to a system call is too small. The problem is simple -- Adobe says Acrobat is incompatible and unsupported on a 64-bit operating system. So move on to Plan B.

There is a report in Computerworld that hackers have broken into a mailing list maintained by the Congressional Budget Office. They are using the addresses in a phishing attack to try to steal personal information. If you receive an email with a subject line of "'The Budget and Economic Outlook Fiscal Years 2007 to 2016", don't click on any links in the message. The full story is at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004108.

Two days after the latest Critical security patch for Microsoft PowerPoint, the Microsoft Security blog reports that they are looking at proof-of-concept code for another attack on PowerPoint 2003. No fix and no details yet for the post at http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx.

Microsoft is re-arranging some deck chairs (not to imply that they are the Titanic or anything). Their Security team, Trustworthy Computing team, and Engineering Excellence teams are all going to be combined into one group. That group is going to be called the Trustworthy Computing Team. That team will then be one of five teams in the Windows group, along with the Windows Core System team, the Windows Engineering System and Services team, the PC Hardware team, and the Windows Core Architecture team. (That group in turn reports to the Global Domination Team, which in turn is part of the Galactic Empire, reporting directly to Darth Vader.) All but the last parenthetical addition comes via the Microsoft Watch blog.

Sun Microsystems says that there are two security bugs in the Apache 1.3 web server that ships with Sun Solaris 8, 9, and 10. These bugs may allow both local and remote users to trigger denial of service attacks and run their own code with the same privileges as the Apache HTTP process. Get the patch at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1.

10/12/2006 Bug in AOL Control

When you install America Online 9.0 Security Edition, it installs an ActiveX control, AOL.PicDownloadCtrl.1t, that is marked as being safe for scripting. Security researchers at iDefense discovered a buffer overflow in this control, which means it is not safe for scripting. A malicious website could take advantage of this to run code on your computer. If you use AOL 9.0 or AOL 9.0 Security Edition, log in to the AOL service and you will be automatically updated. See the details at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420.

10/11/2006 Bugs in Microsoft Server Services

There are two bugs in Microsoft Windows Server Services, that affect Windows 2000, Windows XP, and Windows Server 2003. According to Microsoft, these bugs may allow a remote attacker to trigger a denial of service attack via a network message. According to eEye Digital Security, there is also a risk of the attacker running their code on your computer. By default, most firewalls are configured to block the ports through which these attacks are launched, thus Microsoft considers this only an Important security patch. Get the update at http://www.microsoft.com/technet/security/bulletin/ms06-063.mspx. Microsoft credits Gerardo Richarte of Core Security Technologies, NS Focus, Fortinent, and Matthew Amdur of VMWare for finding these bugs.

Adobe says there is a bug in the Verity library that ships with ColdFusion MX 7, ColdFusion MX 7.0.1, and ColdFusion MX 7.0.2. This bug may allow local users to run their own code at the level of the local SYSTEM, as long as they have privileges to run code on the local system to begin with. There is a patch from Adobe at http://www.adobe.com/support/security/bulletins/apsb06-17.html, along with a workaround that disables the Verity library.

When you install the Adobe Contribute Publishing Server, the administrator password that is set up during installation may be available to local users. If you have local users who can't be trusted with the admin password, then Adobe says to change it. They won't have access to the new one. See how to do this at http://www.adobe.com/support/security/bulletins/apsb06-15.html.

Apple has a System Management Controller (SMC) firmware update available for their Intel-based computers. This update should help the computer do a better job of controlling the fans, power and thermal management, the battery, and all that other inside-the-box stuff. Get the update, and detailed installation instructions, at http://docs.info.apple.com/article.html?artnum=303725.

There is a bug in the Windows Object Packager that may allow hostile websites to run code on Windows XP and Windows Server 2003 systems. To be infected, you will need to not only visit the website, but click on a number of buttons or objects before the trap is sprung. Therefore, Microsoft only considers this a Moderate patch. Get it at http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx. Microsoft credits Andreas Sandblad of Secunia Research for reporting this bug.

Microsoft's version of IPv6 has three bugs that may allow attackers to launch a denial of service attack against Windows XP and Windows Server 2003 computers that use the protocol. The protocol is not installed by default, and most standard firewalls will protect against it. While the bugs are minor, the CVE (common vulnerability) number indicates that Microsoft has known about two of them since 2004. Get the patch for it at http://www.microsoft.com/technet/security/bulletin/MS06-064.mspx.

There is a bug in Microsoft's ASP.NET that could enable cross-site scripting attacks against Windows XP and Windows Server 2003 computers. It could be used in phishing schemes that attempt to steal information like usernames and passwords. Microsoft gives this a Moderate security rating. Get the patch for it at http://www.microsoft.com/technet/security/bulletin/MS06-056.mspx. Microsoft credits Jaswinder Hayre for finding this bug.

This week marks the official end of support for Windows XP Service Pack 1. This service pack shipped in September, 2002, so I guess it lived a full, productive life. Windows XP users who want security updates in the future should install Service Pack 2. Really, you should have done that a while ago -- there are lots and lots of security fixes in SP2 that you should be taking advantage of.

When using NetStorage in Novell NetWare 6.5 or Novell Small Business Suite 6.5, you may be getting an abend in XDAV.NLM when you try to display directory listings that have over a thousand files. Novell says that NetStorage runs out of stack space while trying to sort the files alphabetically. Novell has a fix for this at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974569.htm.

10/10/2006 Another Critical ActiveX Bug for Microsoft

Another bug in an ActiveX control puts users of Windows 2000, Windows XP, and Windows Server 2003 in jeopardy. The bug is in the WebViewFolderIcon ActiveX control, and if you visit a malicious website (using Microsoft Internet Explorer) that tries to exploit this bug, the bad guys may take complete control of your system. This is rated a Critical bug for Windows 2000 and Windows XP by Microsoft, and a moderate bug for Windows Server 2003. Get your patch at http://www.microsoft.com/technet/security/bulletin/ms06-057.mspx, (although there may be some problems with patch availability on 10/10).

According to the Microsoft Security Blog, there may be some delays in getting the Patch Tuesday updates via Microsoft Update, Automatic Update, or Windows Update. The problem isn't with their patches -- they say it is because of "network issues." You can get the patches by going to the security bulletins and downloading each manually.

Microsoft has patched four bugs in PowerPoint. These are Critical bugs for PowerPoint 2000, and Important bugs for PowerPoint XP and PowerPoint 2003. In all the bugs, an attacker could construct a PowerPoint file with some sort of malformed data. When the victim opens the file, the bad code could totally take over the computer. These attacks can't take place via email, you either need to open a file or visit a malicious website. Get the patches at http://www.microsoft.com/technet/security/Bulletin/MS06-058.mspx. Microsoft credits Arnaud Dovi working with Zero Day Initiative (ZDI) and TippingPoint, Dejun Meng of Fortinet Inc., and Chris Ries of VigilantMinds Inc for finding these bugs.

There is a bug in the way that Microsoft Excel processes DATETIME records. An attacker may be able to design a spreadsheet with a maliciously designed DATETIME reocrd. When the spreadsheet is opened by the victim and parsed, the attacker may be able to take complete control of the system. This is considered a Critical vulnerability in Excel 2000, and an Important vulnerability in Excel XP and Excel 2003. Microsoft has a patch for this at http://www.microsoft.com/technet/security/Bulletin/MS06-059.mspx.

There is a bug in the way that Microsoft Word deals with Mail Merge files. An attacker may be able to construct one of these files to trigger the bug, and could use it to take complete control of the victim's computer. To do so, you would need to get them to open the file. This is labeled a Critical update for Word 2000, and an Important update for Word XP and Word 2003. Get the patch at http://www.microsoft.com/technet/security/Bulletin/MS06-060.mspx. Microsoft credits Cu Fang for finding this vulnerability.

There is a bug in the Microsoft XML Parser 2.6 and Microsoft XML Core Services 3.0, that is in Windows 2000, Windows XP, and Windows Server 2003, that may allow an attacker to gain access to data they shouldn't have, via a HTTP server-side redirect. This is considered an Important update. Get it from Microsoft at http://www.microsoft.com/technet/security/Bulletin/ms06-061.mspx.

There is a bug in the Microsoft XSLT Buffer, that is in Windows 2000, Windows XP, and Windows Server 2003. An attacker may be able to construct a malicious web page to take advantage of this bug to take complete control of a computer that visits the site. This is considered a Critical update. Get it from Microsoft at http://www.microsoft.com/technet/security/Bulletin/ms06-061.mspx.

An attacker may be able to construct a Microsoft Office file with a malformed string. When a victim opens the file and parses it with one of the Office applications (Access, Excel, Powerpoint, Word, Outlook) the attacker may be able to take complete control of the computer. Microsoft has a patch for this at http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx. It is considered a Critical Security bug for Office 2000, and an Important bug for Office XP, Office 2003, and Office 2004 for Mac or Microsoft Office v. X for Mac. Microsoft credits Dejun Meng of Fortinet Inc. for finding this bug.

10/10/2006 Waiting for Microsoft

The BugBlog will be updated later this afternoon, after the Patch Tuesday Security Bulletins have been released.

10/9/2006 Mac OS X 10.4.8 RAID Update May Cause a Panic

If you are updating to Mac OS X 10.4.8 or OS X 10.4.8 Server on a Mac Pro with a software RAID boot volume, Apple says you need to take special precautions. Don't update if the machine has been booted from the RAID volume. If you do, you may end up with a kernel panic. Boot the Mac Pro from some other volume, and then do the update. See http://docs.info.apple.com/article.html?artnum=304511 for the details.

Try to print from a Mac OS X 10.4.x computer to a printer that's being shared with a Microsoft Windows computer, and you may have problems if the printer's name has a space or special character. If it does, you may get one of these messages:
Connection failed with error NT_STATUS_BAD_NETWORK_NAME
Connection failed with error NT_STATUS_LOGON_TYPE_NOT_GRANTED
Connection failed with error NT_STATUS_LOGON_FAILURE
Connection failed with error NT_STATUS_UNSUCCESSFUL
Apple says the printer will need to be renamed. See http://docs.info.apple.com/article.html?artnum=301768 for what characters are allowed.

EA Sports notes that Madden NFL 2007 comes on a DVD disk, not a CD, and you need a full DVD drive on your computer to be able to read, and install, the game. Some DVD-R or DVD-RW drives may not be compatible, they say.

Been wondering whether all lithium-ion batteries are dangerous, or only those made by Sony? eWeek has a round-up story that looks at the current state of battery safety, and what new technologies may be coming to replace them. Read it at http://www.eweek.com/article2/0,1895,2025628,00.asp.

If Universal Plug and Play is enabled on a computer that also has a Linksys WRT54GXv2 wireless router, the combination may allow UPnP commands to be accepted over the wireless interface. That means that a war-driver (or even your neighbor) may be able to send commands that open ports on your computer, and can weaken security. According to Secunia, this bug is in firmware 2.00.05 and earlier; they also report that its been fixed in firmware 2.00.08. (You can also turn off the UPnP service.)

Symantec says that their Support Tool ActiveX control has a bug that may allow hostile code to be run on your computer. This control is only in Symantec Norton AntiVirus 2005-2006, Symantec Norton Internet Security 2005-2006, and Symantec Norton System Works 2005-2006. For the exploit to work, Symantec says that interactive user intervention is needed (you have to click on something) and that the attacker must be able to spoof a trusted domain. Symantec is rolling out fixes. They credit Next Generation Security Research (NGSS) for finding this bug.

10/7/2006 A Big Patch Tuesday

October 10 is Patch Tuesday, and it will be an extra special one. Microsoft has announced that there will be six security bulletins for Windows, and at least one of them is rated Critical. There will be four security bulletins for Microsoft Office, and at least one will be Critical. There will also be one security bulletin for the Microsoft .NET Framework. That one is only rated Moderate. Look for full coverage in the BugBlog Plus on Tuesday.

When using Apple iTunes 7, you may see this error message on a Windows PC: iTunes has detected an iPod in recovery mode - Use iTunes to restore. Apple says that most of the time, that error message is correct and you need to restore the iPod. See how to do that at http://docs.info.apple.com/article.html?artnum=60983. Sometimes, however, you may need to go a step further and change your drive letter. See how to do that at http://docs.info.apple.com/article.html?artnum=93499#changedrive

In EA Sports Madden NFL 2007 you may get a transfer error or an error message that says patch failed during installation. As a workaround, make sure all background tasks are turned off. You may also want to empty your Temp folder before trying the installation. If that doesn't work, and you have another CD or DVD drive, try that.

If you have an external TV Tuner connected via USB to a Windows XP Media Center Edition computer, you may get a blue screen of death if you disconnect the TV tuner while watching live TV. The fix is simple -- Microsoft says to stop watching live TV before you disconnect.

Red Hat has an updated kernel for Red Hat Enterprise Linux 4. This update fixes a bug in the ATM subsytem that may allow remote users to trigger a denial of service attack against systems with ATM hardware. Get the update at https://rhn.redhat.com/errata/RHSA-2006-0689.html.

Security researchers at iDefense have found a bug in Symantec Antivirus. A local attacker may be able to get elevated privileges that will allow them total control of a computer. Symantec is rolling out patches for their affected products via LiveUpdate. Read the details from iDefense at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417.

10/6/2006 Buffer Overflow Bugs in CA BrightStor

Security researchers at Tipping Point found a number of buffer overflow bugs in CA BrightStor ARCserve Backup R11.5, BrightStor Enterprise Backup 10.5, BrightStor ARCserve Backup v9.01, and CA Server Protection Suite r2. The bugs may let remote attackers run code against the various CA products. Fix information is at http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp

10/5/2006 Microsoft VML Bug Earns the Bug of the Month Award

If it's worth an early patch, it's worth the Bug of the Month

10/5/2006 ATI TV Guide May Lose Its Listings

When using the ATI Multimedia Center 9.15 software with an ATI multimedia card, you may sometimes get a corrupted database for the TV listings. This may prevent the TV Guide software from starting. Fix this by going to the Windows XP Control Panel Add/Remove Programs applet. Select the Gemstar GUIDE Plus+ program, and then select Repair. After repairing, when you run the GUIDE again you will need to enter your name, ZIP Code, and email address again.

10/4/2006 Mozilla Bug Report Was a Hoax

The 10/2 Mozilla JavaScript bug report was a hoax. While there is a bug that may be used to crash your browser, attackers can't use it to run hostile code on your computer. Any other claims by the two researchers, who probably won't be invited back to make any more presentations, should also be considered fraudulent. While the BugBlog often reports on what independent researchers say (and these reports also included quotes from Mozilla's security spokesman that lent some credence to their claims) rest assured that these two will no longer be considered valid sources.

Adobe says that if you try to install Macromedia Dreamweaver 8 on a Macintosh OS X computer, the installation sometimes stalls when the indicator says there are 190 items left to install. Adobe thinks the problem has to do with the Extension Manager, but they aren't sure. See http://www.adobe.com/go/dd0a85af for details.

A bug in the way that Mac OS X 10.4.x WebCore handles some memory management tasks may allow a hostile website to run code on the Mac. Apple says they have fixed this in the Mac OS X 20.4.8 update and in the Apple Security Update 2006-006. Apple credits Jens Kutilek of Netzallee for finding this bug.

Apple says that on Mac OS X 10.3.9 and 10.4.x computer, the Safari browser and other CFNetwork clients may show a site as being encrypted even if the site actually doesn't have the SSL (Secure Socket Layer) enabled. Apple has fixed this in the Security Update 2006-006 and have also patched it in Mac OS X 10.4.8. They credit Adam Bryzak of Queensland University for finding this bug.

Apple says that network accounts may be able to avoid loginwindow service access controls in Mac OS X 10.4.x. This only happens on systems that have been configured to allow network accounts to authenticate a user without a GUID. This has been fixed in the Mac OS X v10.4.8 update and in Security Update 2006-006.

There is a bug in the way that Cyrus SASL deals with MIGEST-MD5 negotiation on a Mac OS X 10.4.x computer, that may allow remote attackers to crash an IMAP server, resulting in a denial of service. Apple says they have fixed this in the Mac OS X 20.4.8 update and in the Apple Security Update 2006-006.

A bug in the way that Mac OS X 10.4.x computers deal with PICT images may allow an attacker to sneak hostile code into the Mac, hidden within the image. This could either cause the application viewing the PICT image to crash, and it may possibly allow hostile code to run. Apple says they have fixed this in the Mac OS X 20.4.8 update and in the Apple Security Update 2006-006.

Last week the BugBlog Plus reported on a hard-coded DOCSIS Read-Write Community String in some Cisco devices. Cisco has a document up that tells how to identify and guard against exploitation of this bug. Read it all at http://www.cisco.com/en/US/products/hw/gatecont/ps2250/tsd_products_security
_response09186a0080740975.html.

IBM has an update for their WebSphere Portal 5.1 that fixes a number of bugs, including problems in WMM MemberService and WMM User Registry; wildcards in SQL statements, and problems with whitespace in an attribute name. Get the update at http://www-1.ibm.com/support/docview.wss?uid=swg24009153.

This week McAfee went to the somewhat expensive step of running a full-page ad in the Financial Times, the British version of the Wall Street Journal, to bitch about the way that Microsoft is dealing with security in the upcoming Windows Vista. Of course, the ad wasn't to get the attention of Microsoft -- they would have used the Seattle Times for that. The ad was meant to be see by European regulators. In any event, it sure seems to signal that there will be incompatibility problems between Vista and the established security companies. Read more about this at http://news.com.com/2100-7355_3-6121799.html. (The BugBlog is going to start focusing on Vista compatibility issues, as we get closer to the promised launch of the new version of Windows.)

If a Windows XP service loads and unloads Wininet.dll many times, then you may get a crash in the Svchost.exe process that uses the file. Microsoft says this loading and unloading behavior may occer when Wininet.dll file ha trouble opening the cached index file. Microsoft has a hotfix for this, which will be in a future service pack. If you need the fix right away, see http://support.microsoft.com/?kbid=899342.

There may be a problem with Microsoft Visual Basic 6.0 Service Pack 5 running on a Windows XP computer, if you are set up for a right to left language like Hebrew in a form with a RichTextBox. If you enter two numbers in a form, separated by a hyphen, the numbers may be displayed in reverse order. Microsoft has a hotfix for this, which will be in a future service pack. If you need this fix earlier, see http://support.microsoft.com/?kbid=894087.

If you have Microsoft Outlook and at least one other mail client running on your computer, and they try to check for email at the same time when there are garbled email messages in the inbox, you may see this error message: Task 'Server_Name - Receiving' reported error (0x8004210E) : 'Your mailbox is temporarily unavailable because another e-mail message is being delivered to it or another mail application is accessing it. The server responded: -ERR box locked.
Microsoft says you need to turn off at least one of the email clients. They also say that to get this resolved, you may have to temporarily turn off your antivirus software. (I wouldn't do that unless absolutely neccesary.) See more at http://support.microsoft.com/kb/924789.

There is a bug in Skype for Mac 1.x. A remote user may be able to take advantage of a format string error in URI arguments to run their own code on a vulnerable system. Skype has a fix for this. Get the details at http://www.skype.com/security/skype-sb-2006-002.html.

It looks like Sony will be recalling all its laptop batteries directly, including the ones made for other manufacturers. There have already been partial recalls of Dell, Apple, Toshiba, and Fujitsu laptop batteries. About the only major laptop manufacturer who isn't saying their Sony batteries need recalled is HP. Of course, they have other things to worry about at the moment. Keep up on the battery recall at http://news.zdnet.com/2100-9584_22-6122234.html.

While Sun Microsystems doesn't have a fix in place yet, they say they and some of their third-party products may ve vulnerable to a bug in the RSA(1) Signature Verification. Find out more about this at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1.

10/3/2006 McAfee Protection Had a Hole

There is a bug in McAfee ProtectionPilot 1.1.0 and McAfee ePolicy Orchestrator 3.5.0 that may allow remote attackers to run their own code on the "protected" computer. This happens via a boundary error when dealing with long source errors. You can find links to the patches at http://secunia.com/advisories/22222/. According to at least one news story, McAfee was alerted to the bug in July, but the patch was very complex, so that it took till October to fix. Read more at http://www.crn.com/showArticle.jhtml?articleID=193101216.

10/2/2006 JavaScript Bug in Mozilla- Not?

10/3 There appears to be a major retraction in the claims about this JavaScript bug in Mozilla. It appears that all the bug will do is crash the browser -- so far, no one has gotten it to run malicious code. See http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/. Mozilla will continue to investigate.
Yesterday's bug --There is a bug in Mozilla Firefox's implementation of JavaScript, The bug was found by Mischa Spiegelmock, of SixApart, and Andrew Wbeelsoi. A spokesperson for Mozilla said that the issue looks genuine.

When using Adobe Macromedia Dreamweaver 8 on a Macintosh, you may have problems rendering a very large file in Design view. The size constraint is in the number of pixels in the display, and not in the number of bytes in the file. The view of the large files may be truncated. One possible workaround, suggested by Adobe, is to use the Set Magnification menu (in the bottom right of the display window) to 99 percent, or 101 percent. They also suggest breaking up the big page into smaller files.

The Apple Mac OS X 10.4.8 update clears up a number of networking compatibility problems. Mac OS X should now work better when you connect to a Comcast network; there should be less problems with Express Cards installed in Intel-based Macs or with external Apple USB Modems. You should also have less problmes using external Apple USB modems with connections made in Ireland.

According to Apple, when using Mac OS X Server 10.4.x, it may appear that Workgroup Manager lets you switch between crypt and ShadowHash passwords. In reality, you can't. The Mac OS X v10.4.8 update and Security Update 2006-006 changes the behavior. Administrators won't be allowed to select ShadowHash passwords if an account has a NetInfo parent. That avoids the confusion. Apple credits Chris Pepper of The Rockefeller University for finding this bug.

When using Microsoft Office 2003 Service Pack 2, you may not be able to insert an Excel worksheet object into another Office document, if that document is HTML-formatted. Instead, you will see this error message: Can't open the object. The server threw an exception. Microsoft has a hotfix for this, which will be in a future Office 2003 service pack. See http://support.microsoft.com/kb/925152 if you can't wait for the fix.

Even more Sony laptop batteries are being recalled. Rather than list each individually in the BugBlog, lets just summarize: the latest are from Toshiba, Fujitus, IBM, and Lenovo. A while back, it was Apple and Dell. At this point, if you have a laptop, you may want to check with the manufacturer to see who is their battery supplier. Read more at http://www.forbes.com/business/commerce/feeds/ap/2006/09/29/ap3056305.html.

10/1/2006 JPEG Image Bug in Mac OS X

There is a bug in the way that Mac OS X 10.4.x computers view JPEG2000 images. An attacker may be able to construct one of these images that can either crash the application viewing it, or run hostile code on your machine. Apple has fixed this in the Security Update 2006-006 and have also patched it in Mac OS X 10.4.8. They credit Tom Saxton of Idle Loop Software Design for finding this bug.

Apple has added the latest Flash Player to their Mac OS X 10.4.8 and to their Security Update 2006-006. The Flash Player version 9.0.16.0 fixes a number of bugs that may allow attackers to put hostile code into a Flash file that could then execute when running the file on your Mac.

There is a bug in the Mac OS X 10.4.x kernel. The problem is in the Mach exception ports, an error handling mechanism. Local users may be able to exploit this to run their own code within privileged programs, after triggering an error. This has been fixed in Mac OS X v10.4.8 and in the Security Update 2006-006. Apple credits Dino Dai Zovi of Matasano Security for finding this bug.

Apple says there is a bug in their LoginWindow for Mac OS X 10.4.x. After an unsuccessful attempt to log in to a network, there may be Kerberos tickets that were not destroyed. Instead, they may be available to later users who could use then for unauthorized access. This has been fixed in the Mac OS X v10.4.8 update and in Security Update 2006-006. Apple credits Patrick Gallagher of Digital Peaks Corporation for finding this bug.

Apple says that if Fast User Switching is turned on in a Mac OS X 10.4.x network, local users may be able to gain access to Kerberos tickets of other local users. They could then exploit this to gain unauthorized access to a network. This has been fixed in the Mac OS X v10.4.8 update and in Security Update 2006-006. Apple credits Ragnar Sundblad of the Royal Institute of Technology in Stockholm for finding this bug.

Apple says that in Mac OS X 10.4.x, even after Admin privileges have been removed from an account, that user may still be able to manage WebObjects. In most cases, that's an action to should only be available to administrators. This has been fixed in the Mac OS X v10.4.8 update and in Security Update 2006-006. Apple credits Phillip Tejada of Fruit Bat Software for finding this bug.

9/29/2006 Dreamweaver Says Your Parameter Is Incorrect

Adobe says that you may get an error message in Macromedia Dreamweaver that says:
Parameter is incorrect.
(That happens to be an error message that I run into a lot in Dreamweaver.) Adobe says this may happen when you try to save a file to an offline mapped networked drive, when you do a File>New>Templates tab command, or when you Put, Get or Synchronize files to or from a remote server. (Alas, none of those situations cover my experience.) The first two can be fixed by installing the Dreamweaver 8.0.2 update. The third comes about by a corrupt time stamp. Adobe has some workaround information at http://www.adobe.com/go/fbfd45c3.

9/28/2006 Another ActiveX Problem for Microsoft

At the risk of turning the BugBlog into "All Microsoft, All of the Time" -- US-CERT reports on another bug in an ActiveX control, which will cause a security problem for Microsoft Internet Explorer. This time it is the Microsoft Windows WebViewFolderIcon ActiveX control, and because of an integer overflow a remote attacker may be able to run their code on your computer. There is no fix for Microsoft yet, but US-CERT says you can disable this ActiveX control by setting its kill bit. See more at http://www.kb.cert.org/vuls/id/753044.

9/27/2006 Microsoft Issues Early Patch for VML Bug

Microsoft has issued an out-of-cycle security bulletin (meaning they didn't wait for Patch Tuesday) for the VML Buffer Overrun bug in Microsoft Internet Explorer. This bug was being actively exploited by hostile web sites, and could completely take over your computer, as shown in the 9/26 and 9/20 BugBlogs. Get the patch at http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx.

Apple has already issued an update for iTunes 7. The new iTunes 7.0.1 fixes some bugs in Cover Flow, CD importing, syncing with an iPod, and other bugs. Get the update at http://www.apple.com/support/downloads/itunes701.html.

According to a report at ZD Net, some banks do a better job than others at guarding against identity theft for their depositors. Bank of America, JP Morgan Chase and Washington Mutual get the top grades, followed by KeyBank and Marshall & Ilsley Bank. Read the whole thing at http://news.zdnet.com/2100-1009_22-6119424.html.

Every month I give my dog a heartworm pill. Now it looks like users of Microsoft Windows Live Messenger may have to do the same to their IM client. A worm called W32.heartworm.a may be the actual payload if you get a message with a link to a website that says you have a virtual greeting card. The card, which has a picture of a heart, and a poem in Portuguese, will then deliver a payload that will try to steal personal and financial information. See more at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003623.

If you have an HD DVD-Video disc drive in a Windows XP computer, your Autoplay window may not pop up when you put an HD DVD-Video disc into the drive. Microsoft has a hotfix , as well as a Registry edit, to fix this. The fix will be in a future service pack, but if you can't wait for that, see http://support.microsoft.com/?kbid=918649.

If you have a USB hub connected to a Windows XP computer, and a USB device plugged into the hub, your computer may no longer recognize the device if you unplug it from the hub, and then plug it back in. The device may not work, and if you look in Device Manager, it will be listed as an unknown device. Microsoft has a hotfix for this. The fix will be in a future service pack, but if you can't wait for that, see http://support.microsoft.com/?kbid=920875.

Microsoft has re-released Security Bulletin MS06-049. This fixes a bug on Windows 2000 computers that, when mixed with NTFS file compression, may corrupt your data files. Get the update at http://support.microsoft.com/kb/920958

US-CERT has a report of a new, unspecified bug in Microsoft PowerPoint which may affect Office 2000, Office XP, and Office 2003. A malicious PPT file may be designed to run malware such as Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. There's no word from Microsoft yet, but you can check out what the Feds have to say at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4694.

While Microsoft has said that attacks via the VML bug (patched on 9/27 in a special security bulletin) were "limited", security researchers at iDefense calculate that at least 2000 domains were hijacked and/or modified so that visitors were sent to domains that exploited the VML bug. At least one ISP says their servers were compromised via an unrelated bug which then planted the VML exploit. Read more at http://www.eweek.com/article2/0,1895,2020889,00.asp.

Red Hat has an updated squirrelmail package for Red Hat Enterprise Linux 3 and 4. This fixes a number of bugs in SquirrelMail that may let one user read another user's mail or attachments. Get the fix at http://rhn.redhat.com/errata/RHSA-2006-0668.html.

Sun Microsystems says that there is a bug in the Solaris 10 kernel SSL (Secure Socket Layer), if a Kernel SSL Proxy service instance is turned on, that may allow a remote user to trigger a panic and cause a denial of service. Sun has details and links to a patch at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102563-1.

9/26/2006 Internet Explorer VML Attacks Increasing

The Internet Storm Center reports that there is much more hostile activity targeting the VML security bug in Microsoft Internet Explorer. They say "The exploit is widely known, easy to recreate, and used in more and more mainstream websites." Actions you can take include using some browser other than IE, or deregistering the problem DLL file, Vgx.dll. They show how to do that at http://isc.sans.org/diary.php?storyid=1727, and have a further series of reports.

Apple says that if you are using iChat AV for video or audio conferencing, and you are using a router with Network Address Translation (NAT) and/or firewalls, you may need to open a few more ports. However, Apple does say that in some cases iChat AV works with the router's default settings. See http://docs.info.apple.com/article.html?artnum=93208 for details on how to set up your router, and to see a list of compatible routers.

iDefense notes a bug in the wasy that FreeBSD 5.4 deals with signed integers. Local users could exploit this bug to cause a denial of service attack. iDefense quotes the FreeBSD team (it's an open source project) "The policy of the FreeBSD Security Team is to not issue security advisories for local denial of service attacks; since we have not been able to demonstrate that this bug can result in anything more severe than a denial of service, we will not be issuing a security advisory relating to this problem."

Microsoft has issued an out-of-cycle security bulletin (meaning they didn't wait for Patch Tuesday) for the VML Buffer Overrun bug in Microsoft Internet Explorer. This bug was being actively exploited by hostile web sites, and could completely take over your computer. Get the patch at http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx. (This will be Wednesday's free Bug of the Day -- subscribers get it early.)

An investigation by ZD Net of problems with the Microsoft Windows Genuine Advantage program shows that over the period studied by ZD Net, 42 percent of the people who had problems with WGA actually had valid copies of Windows XP. It appears that at least some people at Microsoft are admitting they have a problem (that's the first step, right?). Read the whole thing at http://blogs.zdnet.com/Bott/?p=142 to find out more.

Some more information from Symantec's study of Internet security. PC World cites the study to say that while Mozilla had more overall bugs, they were fixed much faster, on average within one day of public disclosure. Microsoft took nine days, on average, to patch theirs, while Opera took two days, and Safari five. See the details at http://www.pcworld.com/article/id,127245-pg,1-RSS,RSS/article.html.

9/25/2006 The Big Picture: Symantec's Internet Security Report

Symantec has released the latest version of their semi-annual Internet Security Threat Report. Targeted attacks, especially phishing attacks, are becoming more popular than broad-based attacks such as the Blaster worm. Microsoft Internet Explorer is the most targeted browser, although they say Mozilla has more bugs. Get the report at http://www.symantec.com/enterprise/threatreport/index.jsp/ (although Symantec's web servers are very busy this morning.)

9/23/2006 Red Hat Has PHP Patch

Red Hat has an updated PHP package for Red Hat Enterprise Linux 3 and 4. This fixes a number of bugs in PHP that may allow cross-site scripting attacks, or may allow remote attackers to run their own code on the server by taking advantage of buffer or integer overflows. Get the updated package at https://rhn.redhat.com/errata/RHSA-2006-0669.html.

Adobe has a patch for older versions of Macromedia ColdFusion (5.x and earlier as well as 6.x) to fix a bug the may allow cross-site scripting attacks via the ColdFusionMX Site-Wide Error Handler page. This is classified as an Important update, and you can get it at http://www.adobe.com/devnet/security/security_zone/mpsb03-06.html.

Cisco says that a hard-coded DOCSIS Read-Write Community String has been included in some Cisco IOS software release trains running on the Cisco IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Since knowledge of this string may be floating around the Internet, it is possible for some attackers to be able to gain access to the device. See http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml for patch information, and to see if your device is vulnerable.

There are a series of articles at the Symantec Security Response blog talking about security issues that must be considered in any municipally-run Wi-Fi networks. The last part of the series is http://www.symantec.com/enterprise/security_response/weblog/2006/09/muni_wifi_security_part_iv.html, and it includes links back to the earlier articles. (Of course, this may be FUD on the part of cable and telco companies worried about competition.)

Microsoft says that having a Windows XP Media Center Edition computer that goes into hibernation, wakes up to record a show via the DVR, and then go back into hibernation, may miss its opportunity to synchronize with an Internet time server. This means that future scheduled activity may not happen when its supposed to. There will also be no error message telling you that the time hasn't been synchronized. Microsoft has a hotfix for this. See http://support.microsoft.com/kb/909279 for details on how to get it.

Microsoft has an entry on their Security Blog talking about the VML bug in Internet Explorer. They say the bug isn't being exploited as much as other people say, and they are also worried about third-party patches. Of course, one of the reason people turn to third-party patches is because they don't want to wait for October's Patch Tuesday. The blog post, at http://blogs.technet.com/msrc/archive/2006/09/22/458266.aspx, at least hints that a patch may be released sooner.

9/22/2006 Buggy AirPorts on Power-PC Based Macs

Apple has found a couple of buffer overflow bugs in their AirPort wireless drivers. Attackers on a wireless network may be able to exploit the bugs to run their own code on your computer. According to Apple, affected products include Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless, but not the Intel-based Mac mini, MacBook or MacBook Pro. This has been fixed in the AirPort Update 2006-001 and Security Update 2006-005.

Apple says that the AirPort API for third-party wireless software has bugs that may allow attackers within wireless range to run hostile code on Intel-based Mac mini, MacBook, and MacBook Pro computers. Note that this confirms a controversial report in the Washington Post this summer that Apple laptop computers were susceptible to this sort of attack. (A report disbelieved by many.) This has also been fixed in the AirPort Update 2006-001 and Security Update 2006-005.

There are bugs in the CA eTrust Security Command Center 1.x. Attackers may be able to exploit these bugs to either disclose information, delete arbitrary files, or trigger false-positive alerts. See http://supportconnectw.ca.com/public/etrust/etrust_scc/downloads/etrustscc_updates.asp for patch information.

Cisco says that a bug in their Cisco Guard Appliance 3.x and 5 or Blade 4.x may allow a cross-site scripting attack to be mounted, even if the Guard is supposed to be performing anti-spoofing service. Go to http://www.cisco.com/warp/public/707/cisco-sa-20060920-guardxss.shtml to find information on available fixes.

A bug in the Cisco Intrusion Prevention System (IPS) 4.1(x), 5.0(x), and 5.1(x) may allow attackers to trigger a denial of service attack via SSL (Secure Socket Layer) packets. The denial of service attack will turn off these functions: Reporting alerts to remote monitoring systems; Automated modification of access control lists (ACLs) on remote firewall systems (PIX and IOS); Sending SNMP traps. This may open the door to other attacks. See http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml for patch information.

Insert a new footnote between existing footnotes in either Microsoft Word 2002 or 2003, and the footnote's number may have a 1 inserted in front of it. Also, the footnote formatting may not conform to your other footnotes. Microsoft offers up some macro code that is supposed to fix this. Get it at http://support.microsoft.com/kb/924943.

9/21/2006 iTunes Update Breaks QuickTime

Once you upgrade to iTunes 7 or later on your Mac OS X computer, problems with QuickTime may occur. Try to play a movie, and you may get this error message: "You need to authorize this movie to play it on this machine" Apple says that upgrading to the latest version of QuickTime should fix this. You can use Apple's Software Update for this, or go to the Apple QuickTime page at http://www.apple.com/quicktime/. This error won't affect iTunes for Windows, because that version automatically updates QuickTime.

9/20/2006 Buffer Overflow Being Exploited in Microsoft Internet Explorer

There is another buffer overflow in Microsoft Internet Explorer 6. This one occurs in the way that IE handles Vector Markup Language (VML), and will let attackers run their own code on your computer. Fully-patched versions of IE are affected, and it is reported that this bug is being used on Russian porn sites, and will probably spread. If Microsoft Outlook or Outlook Express are configured to automatically open HTML messages, they are also vulnerable. It looks like Microsoft is aiming for October's Patch Tuesday for issuing a fix. In the meantime, you can either switch to an alternative browser like Mozilla Firefox (which isn't affected), turn off JavaScript, or unregister vgx.dll. Computerworld shows how to do this at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003468

There is a new bot program that can attack via the AOL IM network. This worm is called the AIM Pipeline worm, and connects together a number of modular executable files that will infect the machine once they are connected. See http://www.securityfocus.com/brief/305 for more.

Apple says that Intel-based Macs may not be "morning people". If you put one to sleep, and then wake it up just before a scheduled backup, the backup may not run on time. Instead, it will be delayed by the amount of time that your Mac was asleep. Apple says that if you don't want to wait, do a manual backup.

If you update to Apple iTunes 7 for the Mac, you may find that you won't be able to connect to remote speakers via your Airport Express base station. According to Apple, you will need to turn on the IPv6 protocol on your network interface. See how at http://docs.info.apple.com/article.html?artnum=304371.

After installing Apple iTunes 7 for Windows, you may get this error message when you try to start iTunes: The iTunes application could not be opened. An unknown error occurred (0x666D743F). Apple has two different fixes you can try for this error. See the details at http://docs.info.apple.com/article.html?artnum=304318.

Microsoft says that ICQ Express may interfere with Microsoft Office Outlook 2003. If you try to send a message, but it stays in your Outbox without being sent, try removing ICQ Express from the COM Add-ins in Outlook. Microsoft shows you how to do this at http://support.microsoft.com/kb/924788.

The SANS Internet Storm Center doesn't want to wait for Microsoft to fix the the Microsoft Multimedia Controls ActiveX control bug, detailed in the 9/15 BugBlog Plus. A patch probably won't be coming till the second Tuesday in October. Therefore, they have developed a small patch to block hostile content from exploiting this bug. See the details at http://isc.sans.org/diary.php?storyid=1706.

Red Hat has an updated gzip package for Red Hat Enterprise Linux 2.1, 3, and 4. It fixes two bugs that could cause a denial of service attack when gzip opens archived files. Red Hat credits Tavis Ormandy of the Google Security Team for finding these bugs. Get the fix at https://rhn.redhat.com/errata/RHSA-2006-0667.html.

The Electronic Frontier Foundation passes along word from investigators in the Texas Attorney General's office have found other ways that the Sony BMG digital rights management (DRM) rootkit may foul up your computer. If it is installed on a computer that is either using the AOL Safety and Security Center or the CA PestPatrol, these two will try to eliminate the Sony DRM as spyware (which it is), which will incapacitate your CD-ROM drive. See more at http://www.eff.org/deeplinks/archives/004917.php.

Symantec has discovered a bug that affects most of the consumer and enterprise security products, including Norton Internet Security, Norton AntiVirus, and Norton SystemWorks, as well as Symantec AntiVirus Corporate Edition. Local authenticated users may be able to exploit this bug to trigger a denial of service attack. An affected system would need to be rebooted to recover. Symantec says they are rolling out fixes via LiveUpdate. See the details at http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html.

Toshiba is recalling 340,000 laptop batteries for their Dynabook and Dynabook Satellite models. The manufacturer of the batteries is, you guessed it, Sony. Toshiba says there is not a fire risk, but a risk of the batteries dying. See if your battery is affected at
http://www.csd.toshiba.com/cgi-bin/tais/su/su_sc_dtlView.jsp?soid=1482878.

9/19/2006 Microsoft Patch May Destroy Data

Microsoft says that their MS06-049 security patch for Windows 2000 may possibly corrupt some of your data in certain circumstances. The dangerous situation is when you install MS06-049 on an NTFS formatted drive and you have NTFS compression being used on some folders. If the compressed files are bigger than 4 K, they may become corrupted and unreadable. While Microsoft is working on a re-release of the patch, Windows 2000 users should turn off data compression if they install the patch, which was originally released in August, and fixes a kernel bug. See more at http://blogs.technet.com/msrc/archive/2006/09/15/456646.aspx.

9/18/2006 Internet Explorer GETs Busy

If you have the Microsoft Internet Explorer 6 Content Advisor turned on, and you visit a website with scripts, IE may send a stream of GET requests to the Web site, which will tend to bog things down. Microsoft says this happens if the scripts on the website aren't associated with any Content Advisor rules. Microsoft's only workaround is to turn off the Content Advisor. See how to do this at http://support.microsoft.com/kb/924456.

Apple says that after you update to Xsan 1.4, you should run the cvfsck command on each of your volumes. If you don't do that after the MDCs have been updated, you may end up with an inconsistent volume state.

IBM says that if you use the iSeries Save/Restore scripts with the IBM Workplace Collaboration Services 2.6, and you also have the IBM Workplace Web Content Management installed, the scripts won't act on the Workplace Web Content Management data. IBM has updated scripts that will include that. Get them at http://www-1.ibm.com/support/docview.wss?uid=swg24013481.

There is a bug in the Ipswitch WS_FTP Server 5.x that may allow a buffer overflow if you send the server a very long command argument. The buffer overflow may then allow the attack to run their own hostile code on the server. Ipswitch has a patch for this at http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp.

You may have problems linking a Microsft Excel 2003 chart object in a PowerPoint presentation back to the original spreadsheet. This means that automatic updates may be lost. This happens if the QFE_ONTARIO registry DWORD value is enabled, and you open the chart to update it by right-clicking and then selecting Chart Object. You can avoid the problem by double-clicking the chart object instead of right-clicking.

Mozilla says that there is a possibility of frame-spoofing in both Firefox and SeaMonkey. This spoofing can happen if a malicious website is able to open a new window or tab, which could then be made to look like the target site. Any sensitive information entered into the spoofed fram could then be stolen. Mozilla thinks the security threat from this is low, and they have fixed it in Firefox 1.5.0.7 and SeaMonkey 1.0.5.

The Opera 9.01 web browser is also susceptible to the RSA bug that has surfaced in a lot of other applications that also rely on RSA for security certificates. In this case, if a signing certificates uses an RSA public exponent of 3, it could be spoofed. For now, the only workaround is to avoid using CA certificates with a RSA public exponent of 3.

9/15/2006 JavaScript Bug in Mozilla

There is a heap buffer overflow in the JavaScript Engine in Mozilla Firefox, Thunderbird, and SeaMonkey. A malicious website may be able to create a regular expression in JavaScript that could read beyond the end of the buffer, which could cause a crash or corrupting memory. This has been fixed in Firefox and Thunderbird 1.5.0.7, and in SeaMonkey 1.0.5. Mozilla credits CanadianGuy, Girts Folkmanis and Catalin Patulea for finding this Critical bug.

Researchers at Princeton University say there are bugs in the Diebold Election Systems touchscreen voting systems. This may make it easier to engage in ballot fraud compared to all the tried and true ways that have been done in the past. Read the whole story at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003310.

There is a new bug discovered in Microsoft Internet Explorer. A hostile website may be able to construct a page that uses the the Microsoft Multimedia Controls ActiveX control (daxctle.ocx). The bug will then enable them to run their code on your computer. Microsoft is "investigating" the bug at http://www.microsoft.com/technet/security/advisory/925444.mspx. For now, make sure only trusted sites are allowed to run ActiveX controls, or turn off ActiveX altogether.

Mozilla points out that the auto-update feature in Firefox and Thunderbird uses SSL (Secure Socket Layers) to prevent DNS (Domain Name System) spoofing. This means that you shouldn't be tricked into downloading an imposter version of Firefox or Thunderbird. However, if during your browser session you accepted an unverifiable SSL certificate from another site, it may be possible for that other site to hijack the Mozilla update process. As a safeguard, always start a new browser session after accepting such as certificate, especially if you are then going to auto-update.

A third-party bug, discovered by Daniel Bleichenbacher that affects RSA signature verification is present in Mozilla's Network Security Services (NSS), and affects Firefox, Thunderbird and SeaMonkey. Because of this bug, man-in-the-middle attacks that may be able to steal data during a secure transaction are possible. This Critical bug has been fixed in Firefox and Thunderbird 1.5.0.7 and in SeaMonkey 1.0.5. Mozilla credits Philip Mackenzie and Marius Schilder of Google for finding that the bug affects Mozilla.

There is a bug in Symantec AntiVirus Corporate Edition 8.1, 9.x, and 10 that may allow local users to gain privileges and run code that they otherwise would be prevented from running. This bug cannot be exploited by remote attackers. Symantec has fixed this bug. Details are at http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html.

9/14/2006 Flash Bugs Allow System Takeover

There are bugs in the Adobe Flash Player 8.0.24.0, along with earlier versions, that may allow a remote attacker to take control of a computer. They can do this via a maliciously-designed SWF file that they must lure you into playing. As a fix, get the latest Flash Player 9.0.16.0 (or later) from http://www.adobe.com/go/getflashplayer.

If you are running the Adobe ColdFusion Flash Remoting Gateway, note that someone will be able to develop a command that can send the gateway into an infinite loop, which creates a denial of service attack. Adobe says either upgrade to ColdFusion MX 7.0.2 or get the update at http://www.adobe.com/support/security/bulletins/apsb06-12.html.

A malicious user may be able to make an Apple QuickTime movie that when played in either the Mac or Windows version of QuickTime, can either crash the application showing the movie, or possibly run their own code. Apple says they have fixed this in the QuickTime 7.1.3 update. They credit Mike Price of McAfee AVERT Labs for finding this bug.

A malicious user may be able to make an H.264 format movie that when played in either the Mac or Windows version of Apple QuickTime, can either crash the application showing the movie, or possibly run their own code. Apple says they have fixed this in the QuickTime 7.1.3 update. They credit Sowhat of Nevis Labs, Mike Price of McAfee AVERT Labs, and Piotr Bania for finding this bug.

There is a bug in the Microsoft Indexing Service which, when queried through a specially designed query on Microsoft Internet Information Server, may allow the disclosure of information, or may allow a client-side script to run. This could possibly affect Windows 2000, XP, or Windows Server 2003. However, this is not installed by default in 2000/XP, and is not turned on by default in Server 2003. However, if you use it, get the update at http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx.

If you want to use conditional formatting on a string in Microsoft Excel, it will only work on characters that are in the first format you did to the string. In other words, if first you make a selection and made it bold, and then later made a selection and changed the font, you won't be able to make the font change conditional. Microsoft says this is how they designed it, so you'll need to work around the limitation.

Red Hat has an updated package for their Flash plug-in that is included with Red Hat Enterprise Linux Extras v. 3. This plugs a security hole that may let outsiders take control of your computer via a malicious Flash movie. Get the update at https://rhn.redhat.com/errata/RHSA-2006-0674.html.

9/13/2006 Bug in Windows Pragmatic General Multicast

There is a bug in the MSMQ service in Windows 2000, Windows XP, and Windows Server 2003 that may allow a malicious user to send a multicast message that can take over a system. However, Microsoft points out that this service is not installed by default on Windows systems. If you are using this service, which also goes by the name Pragmatic General Multicast (PGM), you should get the patch at http://www.microsoft.com/technet/security/bulletin/ms06-052.mspx. Microsoft credits David Warden of NuPaper Inc. for finding this bug.

Adobe says that Macromedia ColdFusion MX 6.1, MX 7.01, and MX 7.02 are affected by a bug that may let an attacker launch a cross-site scripting attack using a ColdFusion error page. Get the patch at http://www.adobe.com/support/security/bulletins/apsb06-14.html to fix this. Adobe labels this an Important bug.

Adobe says there is a bug in the ColdFusion MX 7 and ColdFusion MX 7.0.1 sandbox security. Because of the bug, CFML templates that are outside a sandbox may call components (CFC) within a sandbox. Fix this by upgrading to ColdFusion MX 7.0.2 or getting the patch at http://www.adobe.com/support/security/bulletins/apsb06-13.html.

Apple says that QuickTime 7 has a heap buffer overflow bug. An attacker may be able to exploit this bug via a specially-designed FLC movie that can crash QuickTime and possibly run hostile code. This has been fixed in QuickTime 7.1.3. Apple credits Ruben Santamarta of reversemode.com working with the iDefense VCP Program, and Mike Price of McAfee AVERT Labs for finding this bug.

The new Apple iTunes 7 has a new enhanced backup feature that should let you backup songs to disk. There may be some differences between the Windows and Apple version of backup -- the Apple version is covered at http://www.tuaw.com/2006/09/12/how-to-back-up-your-music-using-itunes-7/.

Microsoft has re-released their MS06-040 security patch that was originally released on 8/8/06. After installing the earlier version of the patch, you may run into problems with programs that need lots of contiguous memory, such as some Microsoft Business Solutions applications. Get the new version at http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx.

On a Microsoft Windows XP Media Center Edition 2005 computer, if you are running Media Center in full-screen mode, or you are watching TV or a DVD, you put the computer into hibernation, wake it up, and then try to preview a 3D screen saver, you may get the error message:
Could not create the Direct3D device.
Microsoft says to close the Media Center before hibernation.

Microsoft has re-issued, for the second time, their MS06-042 Security Patch, which is a cumulative security update for Microsoft Internet Explorer. That makes it the third version for this patch since its 08/08/06 release. The reason this time is that eEye Digital Security found another bug in the way that IE handles long URLs. So its time for everyone to go back to http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx once again and get the patch. Chances are, Microsoft is working on the next cumulative update, so they probably won't have to do this one a fourth time.

The Internet Storm Center reports that there are ways that PHP running on shared hosting machines can have scripts evade some script security that is set in Apache httpd.conf files. As a workaround, use security settings in the php.ini file if you can. See http://isc.sans.org/diary.php?storyid=1697 for more.

Red Hat has an updated X.org x11 package for Red Hat Enterprise Linux 4. There are two integer overflow bugs in the way the X.org server does CID font files processing. Authenticated users may be able to exploit this to crash the server and disrupt other users. Get the update at https://rhn.redhat.com/errata/RHSA-2006-0665.html. Red Hat credits iDefense for finding these bugs.

The developers at Second Life found that their user database was hacked, and all the Second Lifers account names, passwords, and payment information may have been accessed. See their blog at http://blog.secondlife.com/2006/09/08/urgent-security-announcement/ for more information.

9/12/2006 Critical Bug in Microsoft Publisher

This month's critical vulnerability in Microsoft Office is in one of its less popular applications, Microsoft Publisher. A remote attacker may be able to construct a Publisher file with a maliciously designed string. When this file is opened, it could trigger hostile code to be run, and the attacker could possibly take over the computer. Microsoft has a fix at http://www.microsoft.com/technet/security/Bulletin/MS06-054.mspx. Even if you don't have Publisher installed, Windows Update may offer this patch, because Publisher shares some files with other Office applications. Microsoft credits Stuart Pearson of Computer Terrorism for finding this bug.

9/9/2006 On the Road Again

Will be on the road for a few days, so updates will be light.

9/8/2006 It Will Be a Smaller Patch Tuesday

Microsoft has announced their Patch Tuesday list for September. On September 12, they will release one Critical security bulletin for Microsoft Office. There will be two security bulletins for Windows, but they are only rated as Important. There will also be two high-priority updates released via Windows Updates, and three more on Microsoft Update, but these are not security-related.

If you use characters that can be mistaken for math operators (like - or +) in a Adobe Macromedia Flash Player SWF movie file, these characters may confue Microsoft Internet Explorer. Adobe says to be safe, stick with the alphabet, numbers, and the underscore.

Researchers at Core Security have found two vulnerabilities in the AOL and ICQ Toolbar 1.3 for Microsoft Internet Explorer. These bugs may let remote attackers change your configurations and inject scripting code. Upgrade to ICQ 5.1 for a fix. Read more at http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510.

In August the BugBlog reported on a Washington Post story about how two security researchers were able to exploit flaws in third-party wireless drivers to hack into an Apple MacBook. However, details have not been disclosed (except to Apple) and some other researchers think the flaw isn't there. You can read more about this at http://www.securityfocus.com/brief/294.

PC World has a handy explanation of how some phishers try to disguise a suspicious link to make it look legitimate. Read about it at http://www.pcworld.com/article/id,126742-page,1-c,browsersecurity/article.html.

McAfee says they are now seeing advertising messages from spammers being included into Microsoft Word attachments or HTML file attachments, instead of being in the body of the email message. This may circumvent anti-spam filters. One would hope that users avoid opening attachments from unknown senders, so this may not be the most effective way of spamming.

Microsoft says that if Microsoft Outlook is how users are connecting to Exchange Server 2003 or Exchange 2000 Server, and there are third-party search engines integrated into the Outlook desktop, then you run the risk of a big increase in Exchange database size that will cause performance to drag. Microsoft has a couple of ways to avoid this. See http://support.microsoft.com/kb/919207 for details.

If Windows XP Service Pack 2 gets installed twice onto a computer, after the second installation Remote Assistance may no longer work. Microsoft says this is because DCOM gets unregistered, and removes the Remote Assistance Helper group permissions. Microsoft has a hotfix for this, which will be in a futures Windows XP Service Pack. If you need the fix right away, see http://support.microsoft.com/kb/923214.

On both 64-bit versions of Windows XP, and on Windows Server 2003, if you refresh the wireless network list you may sometimes get an access violation that crashes Windows Explorer. Microsoft has a hotfix for this, which will be in a future service pack. If you refresh the list a lot, and are getting crashes, see http://support.microsoft.com/kb/920155 for information on how to get the fix right away.

The Security Focus website reports that are seeing lots more activity by the SDBot program, an older piece of malware that has been reconfigured so that it can exploit the flaw that has been fixed in MS06-040. So there's another reason to make sure that patch is in place. See http://www.securityfocus.com/brief/293 for more.

Novell has announced that as of October 31 they will no longer be supporting or updating SuSE Linux 9.2. That's because that version has reached its second birthday. So users may want to think of upgrading to SuSE Linux 9.3, 10.0, or 10.1.

9/7/2006 Encrypted Malware a New Type of Threat

McAfee reports that they are now seeing malware that takes advantage of the EFS (Encrypting File Systems) capabilities of Windows. The encrypted files ultimately do what other trojan software does -- install a backdoor onto your system, often with a newly-created administrator login account. The encryption just adds an extra layer of defense. See McAfee's report at http://www.avertlabs.com/research/blog/?p=77 for more on how it works, and what IP addresses the malware tries to contact.

9/6/2006 ZoneAlarm Update Fixes Domestic and International Bugs

Zone Labs has released ZoneAlarm 6.5.737.000. This version clears up a bug that sometimes prevented users couldn't change the default home page in their browser. It also fixes some bugs in international versions that were either truncating text displays or causing some random crashes. If you haven't been affected by these problems, you may want to wait a couple of days before upgrading at http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html, to make sure the upgrade itself doesn't have problems.

If you are trying to uninstall your Apple iTunes software from your computer, you may see this error message: Cannot delete iPodService.exe: It is being used by another person or program. While we can assume you have shut down the iTunes software before trying to uninstall it, something else like the iPod Updater utility may be running in the background. See http://docs.info.apple.com/article.html?artnum=93976 for information on how to shut everything down.

If you are using the ATI Multimedia Center on a Windows XP Media Center Edition computer, ATI warns that you shouldn't change your color depth or display resolution while the ATI Multimedia Center is running. You may crash either the Multimedia Center or Windows XP. Close down the Multimedia Center, make your changes, and then start up the Multimedia Center.

On a Windows XP Media Center Computer with the ATI Multimedia Center 9.14 and an ATI graphics card, trying to do a still capture won't work. There will be no crash and no error message, but nothing will be saved, either. This has been fixed in the ATI Multimedia Center 9.15 update.

If you are running a picture in picture display within the ATI Multimedia Center 9.14 on a Windows XP Media Center Edition computer, and you togle multiple times between the two, you may get a crash of the Multimedia Center and an error message in aticore.dll. This has been fixed in the ATI Multimedia Center 9.14 update.

If you open up a Microsoft Word 2003 document from a SharePoint document library, and that document is based on a template that is based on another template, any start-up macros will run twice. If those macros do something like set up a toolbar, it will do those twice. Microsoft has a hotfix for this, which will be in a future Office 2003 service pack. If you can't wait for the fix, see http://support.microsoft.com/kb/923825.

Microsoft has confirmed the report by Symantec from 9/5 about a new security bug in Microsoft Word 2000 that is being actively exploited. However, they did not say when they will be fixing the bug. Since the next Patch Tuesday is six days away, it won't be part of the regular September cycle. Read more at http://www.pcworld.com/article/id,127046-pg,1-RSS,RSS/article.html.

When using Microsoft Office XP on a network, you may not be able to successfully digitally sign documents. Microsoft says this may happen if the system administrator uses an autoenrollment Group Policy object to deploy the certificate. Microsoft has a hotfix for this, which will be in a future service pack. If you can't wait for this fix, see http://support.microsoft.com/kb/924122 for details on getting it right away.

Novell says that after you apply the August PRU to the ZENworks Asset Management 3.2DE, you may get this error message when you run the network discovery scan: Ignoring Network Discovery fingerprint file, NDREC.TKB The scan will continue running, but not all the devices will be correctly recognized. This has been fixed in the zam32netdiscfix.exe patch from Novell. Get it at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974361.htm.

Red Hat has an update for the OpenSSL package for Red Hat Enterprise Linux 2.1, 3, and 4. This update fixes a bug that may allow attacks via PKCS #1 v1.5 signatures that may result in incorrect authentication. This bug was discovered by Daniel Bleichenbacher. Get the new Red Hat packages at https://rhn.redhat.com/errata/RHSA-2006-0661.html.

Red Hat has a new Mailman package for Red Hat Enterprise Linux 3 and 4. This update fixes a bug in the way Mailman handles MIME multipart messages. A remote attacker may be able to exploit this bug as a way of shutting down the mailing list. Red Hat credits Barry Warsaw for finding this bug. Get the update at https://rhn.redhat.com/errata/RHSA-2006-0600.html.

9/5/2006 New Problem for Microsoft Word 2000

Symantec is reporting a new vulnerability in Microsoft Office 2000. If you open an infected Word doc a Trojan Horse program will run and create another program, Backdoor.Femo, which will give access to your computer. There is no patch from Microsoft yet, although Symantec says that their AV software will detect it. Read more at http://www.symantec.com/enterprise/security_response/weblog/.

If you created a Flash SWF file with Swish MAX, you may not be able to play that file in Adobe Macromedia Flash Player 9. According to Adobe, SWiSHZone fixed this incompatibility in a new version of Swish MAX released 6/29/06. Look for it at http://www.swishzone.com/.

When you plug an external video camera into an Apple Power Mac G3 via FireWire, your camera may not be recognized by Apple Final Cut Pro 1.0. It may be because your camera is incompatible with Final Cut Pro. Check the list at http://www.apple.com/finalcutpro/techspecs/io.htm to see. If it's not incompatible, the problem may be that the correct extensions haven't been installed for it. See http://docs.info.apple.com/article.html?artnum=31093 for information on fixing that.

IBM says that in Lotus Notes 6.5.4 and earlier, if you try searching backwards in Calendar view, Notes may crash once it can no longer find items. This has been fixed in Notes 6.5.5.

After you install the MS06-008 security patch from Microsoft, you may not be able to stop the Remote Registry service. According to Microsoft, that's because it shares a a Svchost.exe process with the SSDP Discovery Service, the TCP/IP NetBIOS Helper, and the WebClient. Until you stop all those services, you won't be able to stop Remote Registry. Microsoft has a fix for this, which will be in a future service pack. See http://support.microsoft.com/kb/923416 for information on how to get the fix right away.

Here's a Panasonic battery recall -- only 6000 of them, from Panasonic Let's Note CF-W4G laptops. A spring from the battery cover may end up inside the battery, which can cause bad things to happen. See http://gizmodo.com/gadgets/laptops/panasonic-recall-laptops-because-of-battery-problems-198423.php for more.

9/4/2006 Sony Wins the Bug of the Month

Sony wins the September Bug of the Month, because they are the manufacturer for all the Dell and Apple batteries being recalled.

9/4/2006 Outlook Printing Problems

There is a new hotfix package for Microsoft Outlook 2003 that fixes two printing bugs. The first bug may prevent email messages that are printed using the TIFF format from being saved correctly. The second bug may affect someone with two printers connected to their system. Trying to print to the non-default printer may not always work. This hotfix is for Office 2003 systems with Service Pack 2 installed. This new hotfix will be in a future service pack, but if you need it right away see http://support.microsoft.com/kb/924435.

If you are using Adobe Premiere Elements 2.0 to work on a project in the PAL format, if you export a clip to a camcorder the audio may get lost. According to Adobe, this can be fixed by getting the Adobe Premiere Elements 2.0 PlayerStandard plug-in update, which you can find at http://www.adobe.com/support/downloads.

If you install Adobe Flash Player 9.0.16.0 or higher, and then install Adobe Flex Builder 2, you may get this error message when you go into debug mode: Installed Flash Player is Not a Debugger. Flex Builder cannot locate the required debug version of the Flash Player…. Adobe says that the Flex Builder installation sometimes gets it Flash players confused, and doesn't install the Debug Flash player. See http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=758bf58b for a fix.

The 1.04 update for LucaArts Star Wars Empire at War had a bug that may cause problems when you try to save a game. (Or as Yoda might say "A bug the game has"). They fixed this in the 1.05 patch, which you can get at http://support.lucasarts.com/patches/EAW1_5.htm.

SuSE has a new update that fixes a number of bugs that affect all versions of SuSE Linux. One of the bugs is in openldap. Because of the bug, Access Control is lax and may allow users to change more things than they should be allowed to touch.

US-CERT notes a problem with VMware ESX Server. The Server Management tool that comes with Wmware will store any password changes from users in an unencrypted log file that makes it easy for passwords to get borrowed. Keep an eye on http://www.kb.cert.org/vuls/id/822476 for updates.

9/1/2006 Only four?

There have been a number of news stories about TippingPoint's new Zero Day Initiative's Upcoming Advisory List. This list shows when the TippingPoint alerts a vendor to a bug. The details of the bug aren't released to the public, only the company name and severity level of the bug. There's some criticism that this helps alert malware authors to potential vulnerabilities, but it's very limited help. For instance, the list says that there are four high severity bugs in Microsoft products. Is that news to anyone? (My reaction was "Only four?") On the other hand, when a company with a small number of offerings, like WinZip, makes the list, the target is narrower. See the full list at http://www.zerodayinitiative.com/upcoming_advisories.html.

Another example of cultural imperialism from Apple -- if you are using Mac OS X Text to Speech you will only be able to preview in the English language version. If you are using another language version of Mac OS X, the play button is grayed out.

CA eTrust Antivirus apparently had a bug in their latest antivirus signatures that flagged the legitimate Windows Server 2003 service LSASS.EXE as infected. What's worse, in many cases the AV software then deleted the file, which is needed in most cases for the computers to re-boot. CA has fixed the antivirus signatures, and if they managed to cripple your server, they've got fix instructions at http://supportconnect.ca.com/sc/kb/techdetail.jsp?searchID=TEC405236&docid=405236.

There is a new publication from the National Institute of Standards and Technology (NIST) called "Guidelines for Media Sanitation." It does not call for wiping down your hard drive and CD-RWs with bleach. It means seeing what's needed to make sure any sensitive data is not only deleted but written over on any media that you are throwing out. Get it at http://csrc.nist.gov/publications/nistpubs/800-88/SP800-88_Aug2006.pdf.

US-CERT says there is a bug in Microsoft Visual Studio 6.0 that may let remote attackers trigger a bug via the ActiveX controls tcprops.dll, fp30wec.dll, mdt2db.dll, mdt2qd.dll, and vi30aut.dll. It may only lead to a denial of service attack, but there's a chance that they could run hostile code as well. There is no fix yet. See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4494 for more.

The Internet Storm Center has been seeing lots of recent activity directed at port 139. It appears to be some new malware trying to exploit the vulnerabilities that Microsoft patched in MS06-040, but for good measure also tries to exploit older bugs fixed in MS04-007, MS05-017, and MS05-039. So far, every AV vendor is calling it something different: McAfee is calling it W32/SDbot.worm!MS06-040, Sophos is calling it, W32/Vanebot-A, and Symantec is calling it W32.Randex.GEL. Read more at http://isc.sans.org/diary.php?storyid=1660.

8/31/2006 Word 2003 May Take a 30 Minute Break

Try to open a Microsoft Word 2003 XML document, and Word may lock up for anywhere from 10 to 30 minutes. Microsoft says this may happen when the Word doc is linked by another Microsoft Office document, and that other document is on a network share and is opened by someone else. There aren't any configuration changes that can avoid this. Microsoft has a hotfix for this, which will be in a future Office service pack. See http://support.microsoft.com/kb/923826 if you need to get the fix right away.