BJK Research

The BugBlog Plus

This is the subscription portion of the BugBlog. The first bug of the day listed is always the free bug available to non-subscribers, followed by the subscription-only bugs.

12/31/2006 Redesign on the Fly

We are going to start 2007 with a redesign of the BugBlog website as well as bjkresearch.com. From a design standpoint, it is only a subtle redesign, but in terms of the HTML behind the scenes, there are quite a few changes - dropping the old JavaScript powered rollover navigation buttons for CSS-based navigation controls, and using CSS layout and positioning instead of the old table-based design. Because I'm overlaying the new pages and graphics on top of the old, there's certainly a chance that something will get mangled. If you find a bug in the BugBlog, please let me know. All the old pages won't be converted -- but everything else going forward should be HXMTL compliant.

12/30/2006 Reports of Some Gmail Problems

Techcrunch reports on an issue where a number of people, who all appear to be Mozilla Firefox 2.0 users, reported a mass deletion of their Gmail emails, while they were logged in. Read more at http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass-email-deletions/, including a link to a discussion of the problem at Google Groups, and a response from Google -- which indicates this affected around 60 people. Just goes to show that you should back up your Gmail, err... never mind.

12/29/2006 Novell Pops a New SUSE Linux Kernel

There is a new Linux 2.6 kernel for Novell SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10. It fixes a bug in the UDF filesystem that sometimes caused the computer to hang when it was truncating files. It also plugged a struct file leak in the perfmon(2) system that happened when the OS was running on an Itanium-based system. Find out more at http://www.novell.com/linux/security/advisories/2006_79_kernel.html

12/28/2006 Acrobat Viewer for the Mac Only Likes Safari

If you want to view Adobe Acrobat PDF files within the Apple Safari web browser, you must be using Mac OS X 10.4.3 or later. Adobe says that the Adobe PDFViewer for Mac OS X won't work on older versions. Also, it will only work within Safari; it doesn't work with Firefox or Opera running on a Mac. See http://www.adobe.com/support/techdocs/333545.html for configuration information.

If you try to install the EA Battlefield 2142 1.10 patch, you may get an error message that says you already have a newer version installed. That may happen if you had tried out the Beta version of the patch. Unfortunately, you will need to go through a complicated Registry edit to fix this. See
http://support.ea.com/cgi-bin/ea.cfg/php/enduser/std_adp.php?p_sid=W1dUMgqi&p_faqid=14319 for the details.

If you look at the Add-in Manager for Microsoft Access 2007, you may see an add-in listed as #401. Microsoft says this is actually the Access Replication Wizard COM add-in, and from an earlier version of Access. This wizard is Acecnf.dll, the 2007 Office database engine Conflict Resolver. To help sort your way out of DLL hell, see http://support.microsoft.com/kb/928024.

If a DVD does not have a First Play Program Chain (PGC) file, it may not play successfully in the Windows Media Center on Windows Vista. Instead, all you will see is a black screen. Microsoft says Windows Media Center Edition 2005 can only play DVDs with that file. Luckily, almost all professionally-made DVDs will have that file. Unluckily, some consumer-manufactured DVDs won't. In that case, use a third-party DVD player.

Secunia says that there is a bug in the CSRSS.exe component of Windows 2000 Server (all versions), and Windows XP that local users can exploit to see the contents of view the contents of CSRSS process memory. If those users are both malicious and skilled, they can use that knowledge to further attack these servers. Secunia credits Rubén Santamarta with finding this bug.

Red Hat has updated tar packages for Red Hat Enterprise Linux 2,3, and 4, and for the Red Hat Desktop. There is a path traversal bug in the way GNU tar archives are extracted. An attacker may be able to use this bug to write over arbitrary files. Red Had credits Teemu Salmela with finding this bug. Get the update at https://rhn.redhat.com/errata/RHSA-2006-0749.html.

12/27/2006 Media Center Update Causes DRM Bug

Once you have installed Windows XP Media Center Edition 2005 Update Rollup 2, you may have problems with Windows Media Digital Rights Manager files. Try to play back one of the protected files, and you may get an error message similar to one of these:
Restricted Content: Restrictions set by the broadcaster and/or originator of the content prohibit playback of the program on this computer
or
0xC00D2751: A problem has occurred in the Digital Rights Management component. Contact Microsoft product support.
Microsoft has issued a new fix to take care of the bug introduced by Update Rollup 2. Get the latest fix at http://support.microsoft.com/kb/913800/. Watch here to find out what bugs this latest bug fix introduced.

If you use Microsoft Outlook 2000 on a Windows 2000 computer, and then you install Adobe Acrobat 7, you may end up with an extra menu item for Convert to Adobe PDF every time you load the PDFMaker DLL. Adobe says you will need to upgrade to Acrobat 8 for a fix. See http://www.adobe.com/support/techdocs/331832.html for more.

If you are importing a calendar into Apple iCal 1.5.4, you may get a warning about unsafe alarms. If a calendar event is set to start another application or open a document, iCal considers it unsafe. Find out more about unsafe alarms at http://docs.info.apple.com/article.html?artnum=300368.

If you are using Apple DVD Studio Pro 4.1 or Final Cut Studio 5.1 on a Mac Pro, and you want to to format a DLT drive so that you can copy a project to it, the process may start OK. You will see a progress bar that will say "Writing lead in data" but you will get no other progress. Eventually, you will need to cancel the process. At this point, Apple has no workaround other than to suggest using a recordable DVD or external hard drive rather than a DLT drive.

It's Year in Review time, and Symantec takes a look at the Year in Review in Phishing. They look at the increase in phishing, new attack vectors and new techniques. Read the whole thing at http://www.symantec.com/enterprise/security_response/weblog/2006/12/phishing_2006_the_year_in_revi.html.

If you are having trouble connecting to websites in Southeast Asia, or in emails to that area, an earthquake off the coast of Taiwan disrupted a number of submarine cables that carry Internet traffic. Not only will it affect Taiwan, it is also causing problems for the Philippines, Hong Kong, and Singapore.

If you use the Top Ten items or Bottom Ten items to group data in a Microsoft Excel 2007 pivot table, you may not be able to ungroup your group. Instead, Excel will crash with this error message: Excel cannot complete this task with available resources. Choose less data or close other applications. At this time, Microsoft's only fix suggestion is not to use those options. See http://support.microsoft.com/kb/928982 for more.

If you use the Windows Vista Disk Cleanup tool, Microsoft says you may break the Hibernate option within Power Options, or the sleep feature may lose it settings if power is lost. If you find that hibernation got broken, Microsoft says you can use the powercfg -h command instead. See http://support.microsoft.com/kb/928897 for the details.

If you run into application compatibility issues in Windows Vista, Microsoft has compiled a set of troubleshooting steps, plus links to other information, at http://support.microsoft.com/kb/927386.

If you upgrade from Windows XP to Windows Vista, and still use a dial-up modem, you may no longer hear the audio handshake, (also known as that annoying squeal) when a dial-up connection is made. Microsoft says that is because some modem drivers don't know how to stream their audio to Vista. However, the connection will still get made. If you want to hear it, you may need a modem driver upgrade.

There is a bug in Novell Netmail 3.52 that may allow authenticated attackers to crash a mail server and trigger a denial of service attack. It has been fixed at 3.52e FTF2 of NetMail. Get the Windows version at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974928.htm.

12/22/2006 Threat Against Windows, Including Vista

The Microsoft Security Response Center may have had a slight delay in the beginning of their Christmas holiday, with reports of a public exploit against the Client Server Run-Time Subsystem in Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. According to their blog, the attacker must have authenticated access to a computer system in order to carry out the attack, which makes it potentially less damaging. More interesting, however, is that Vista is included on the list of vulnerable systems. Read the whole thing at http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx.

If you are using Adobe Acrobat 8 on an Intel-based Mac OS X computer, you may not be able to use the Create PDF from Scanner option. Even though the scanner may be attached to your computer, there won't be any scanner listed in the drop-down menu. Adobe says you will either have to find a Universal Binary driver for the scanner, or use the image capturing software that came with your computer.

If you play Lionhead Studios Black & White 2 on a Windows XP computer with an ATI Radeon graphics card, you may get a rather slow frame rate when setting graphics to their lowest settings. This has been fixed by ATI in their Catalyst Software Suite 6.12.

McAfee Avert Labs talks about more threats from password stealing malware, including a new one that works over Skype named PWS-JO. While it is not surprising that financial institutions are the number one target for password stealers, the second biggest target is Massive Multi-Player Online Role Playing Games (MMORPG). Read the whole thing at http://www.avertlabs.com/research/blog/?p=157.

If you receive a digitally signed email message in Microsoft Outlook 2007, and that message was sent through a mail server that was not Microsoft Exchange, the message may have a paperclip icon, which denotes a message attachment. The icon will be there even though there isn't an attachment. Microsoft does not have a fix or workaround.

There is a bug in the way that password-protected Microsoft Excel 2003 workbooks saved to a Microsoft Windows SharePoint Services document library are protected. While a password that allows modification will work as expected, when you save changes, the password then becomes lost. Microsoft has a hotfix for this, which will be in a future Office 2003 service pack. If you need the fix right away, you will need to contact Microsoft Technical Support. See how at http://support.microsoft.com/kb/929086.

On a Windows Vista computer, if you have configured your screen saver to display the logon screen box, and also have set Require a Password on wakeup, then if you try to watch a video in the Windows Media Center in full-screen mode, the screen saver may turn on. As a workaround, Microsoft says you will need to reverse one of those two conditions. See the details at http://support.microsoft.com/kb/929526.

Microsoft is finally sharing the programming interface, or APIs, for Windows Vista with third-party security firms. It appears that the firms are happy now, but it will probably take awhile for them to have software that works with Vista. Read the article (and possibly between the lines) at http://news.zdnet.com/2100-1009_22-6145285.html.

There is a bug in Mozilla Firefox 1.5.0.8 and 2.0, Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 that may allow JavaScript to use the src attribute of an image element that is in a frame to launch a cross-site script injection. This could be used to steal log-in information by impersonating another website. This has been fixed in Firefox 2.0.0.1 and 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7. Mozilla credits moz_bug_r_a4 for finding this bug.

The Feed Preview feature in Mozilla Firefox 2 inadvertantly sends some of you feed-browsing behavior to other websites, which is something of a privacy invasion. This has been fixed in Firefox 2.0.0.1. Mozilla credits Jared Breland for finding this bug.

There is a bug in the way that Mozilla Firefox 2.0 and 1.5.0.8, Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 uses LiveConnet to create a bridge between Java applets and JavaScript on a website. The bug may cause a crash, and it may be possible to exploit this to corrupt memory and run hostile code on your computer. This has been fixed in Firefox 2.0.0.1 and 1.5.0.9, and SeaMonkey 1.0.7. Mozilla credits Steven Michaud for finding this bug.

12/21/2006 What Does Microsoft Have to Fix?

The Internet Storm Center has posted a very useful chart. It shows their count of Microsoft's zero-day bugs. (Where exploits are known, but there isn't a fix yet.) As of 12/21, there are three critical bugs (all for MS Word), four that are marked less urgent, and three bugs where they don't know enough details to label their severity yet. See the whole list at http://isc.sans.org/diary.php?storyid=1940.

12/20/2006 Cursor Bug Trips Up Mozilla

There is a bug in the way that Mozilla Firefox 2.0 and 1.5.0.8, Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 set the CSS (Cascading Style Sheet) cursor property. The bug may cause a buffer overflow as the custom cursor is converted to a Windows bitmap. This can possibly be exploited by a malicious website to install hostile code on your computer. This has been fixed in Firefox 2.0.0.1 and 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7. Mozilla rates this as a Critical bug, and credits Frederik Reiss with finding and reporting it.

In Adobe Premiere Elements 3.0, if you create a Favorite from a video effect or transition, it may cause this error message when you try to do an edit or load a project:
Adobe Premiere Elements has encountered an error. \pre\Libraries\UIFramework\Src\Window.cpp-267.
Adobe says there are two things you can do to fix this. Either get rid of all the effects and transition Favorites, or delete the Effect Presets and Custom Items preference file. See http://www.adobe.com/support/techdocs/333498.html for the details.

Apple has found a bug in QuickTime for Java, and in the Quartz Composer for Mac OS X 10.4.8. A malicious website may be able to take advantage of this bug to capture images from your computer, and that these images may have local information. This has been fixed in the Apple Security Update 2006-008. The bug doesn't affect QuickTime for Windows, nor does it affect Mac OS X 10.3 or earlier.

If you are trying to play EA Battlefield 2 on a Windows XP computer with an ATI graphics card set to 1920x1440 or 2048x1536 resolution and AA set to 6 times, you may not be able to get the game to start. This has been fixed by ATI in their Catalyst Software Suite 6.12 update.

On a Windows XP computer with an ATI graphics card and the Catalyst Software Suite 6.11 or earlier, playing a DVD with PowerDVD may give a choppy playback. This has been fixed in the Catalyst Software Suite 6.12.

McAfee's SiteAdvisor has published a study looking at how safe search engines are. They judge safety as to how likely it is that the search results will send you to a malware site. The search engines themselves have ratings very close together -- barely more than one percent separates the best from the worst. One surprising fact, as pointed out by BugBlog reader Roseman, is that these are the keywords that take you to the riskiest sites: bearshare, free screensavers, and free ringtones. Read the whole thing at http://www.siteadvisor.com/studies/search_safety_dec2006.

Microsoft has re-released Security Bulletin MS06-078, which fixes critical bugs in the Windows Media Runtime Format 7.1 and 9.0. However, you only have to worry about it if you are Korean and installing the Korean-only package. Those users were getting this error message at installation:
Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer. 0x8007F0DA.
The re-release is at http://support.microsoft.com/kb/923689.

In Microsoft PowerPoint 2007, you can create a chart, add shapes to the chart, and type URLs into the shapes. However, if you use a shortcut version of the URL, such as www.bugblog.com, when you re-open the presentation the shapes and URL won't be there. Microsoft's workaround is to type the complete URL, such as http://www.bugblog.com, into the chart.

There is a bug in Mozilla Firefox 1.5.0.8 and 2.0, Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 that may cause a security problem if a plugin reduces the floating point precision of the CPU. Mozilla points out that this sometimes happens with plugins that create Direct3D devices. It will lead to a bug that overwrites memory, which can be exploited by malicious websites. This has been fixed in Firefox 2.0.0.1 and 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7. They credit Keith Victor with finding this bug.

There is a bug in the way that Mozilla Firefox 2.0 and 1.5.0.8, Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 implements the JavaScript watch() function. A website may be able to exploit this to download malware to your computer. It will only affect Thunderbird if JavaScript is activated for email, which is not the default configuration nor is it recommended. This has been fixed in Firefox 2.0.0.1 and 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.

In Mozilla Firefox 1.5.0.4 and later versions, a crash with memory corruption can occur if SVG comments are appended from one document into an HTML document. The memory corruption can be exploited to download malware onto your computer. This has been fixed in Firefox 2.0.0.1 and 1.5.0.9, and SeaMonkey 1.0.7. Mozilla credits TippingPoint and the Zero Day Initiative for passing along an anonymous tip about this bug.

12/19/2006 Apple Says to Avoid This Folder

Apple has hired some creative writers for their Knowledge Base. They say "As if it were a swarm of bees, you should stay away from the SyncServices folder" for Mac OS X 10.4. If you don't heed their advice you could end up with duplicate data in your address book or iCal. Even worse, you may lose some data. If you don't know where that folder is (and remember that you shouldn't go there), it's in Home folder, Library, Application Support. Appreciate their entire literary effort at http://docs.info.apple.com/article.html?artnum=301920.

While using Adobe InDesign or Illustrator CS2, you may have problems printing to a Hewlitt Packard 4M printer. Try to print, and you may see this rather intimidating error message:
ERROR: typecheck OFFENDING COMMAND: known STACK: �/@shouldNotDisappearDictValue true /CTHasResourceForAllBug false false.
Adobe gives a way to avoid the problem -- they say that within InDesign or Illustrator, save your file as a PDF. Then do your printing from Adobe Acrobat instead.

A late 2006 model iMac running Mac OS X 10.4.7 or later may ignore the configuration setting that tells the screen saver never to activate. Apple says that the screen saver decides to start anyway, after the computer goes through an idle period. Luckily, a key press or mouse wiggle will turn it off. Keep an eye on http://docs.info.apple.com/article.html?artnum=304394 for any announcement of a permanent fix from Apple.

Gizmodo has some pictures of an Apple Macbook Pro whose batteries started to inflate like a balloon. Readers give some of their own laptop horror stories in the comments to the story at http://www.gizmodo.com/gadgets/laptops/macbook-pro-batteries-are-inflating-222468.php.

PC World says that some of the fancy new graphics features in Windows Vista may cause laptop computers to work so hard that you will see much shorter battery life. The "Aero" windows in Windows cause the processors and graphics cards to work much harder, which drains the batteries. Shutting off the new graphics features may help. Read the whole thing at http://www.pcworld.com/article/id,128252-pg,1/article.html.

The Microsoft Office 2003 update of 12/12/06 rolls up a number of earlier hotfixes for the German version of Office. See the complete list of hot-fixes includes, which stretch between December 2005 and November 2006, at http://support.microsoft.com/kb/924886.

Some security researchers are reporting that a computer worm may be circulating via Skype's chat feature. If you are using Skype, ignore any message that asks you to download a file called sp.exe. At this point, Websense thinks it’s a worm, F-Secure doesn't think so, and the Internet Security Center is still studying the issue. Read the whole thing at http://www.pcworld.com/article/id,128258-c,trojanhorses/article.html.

12/18/2006 Anti-phishing Speedup for IE 7

The anti-phishing shield in Microsoft Internet Explorer 7 may cause the browser to bog down and run slowly if you visit a web page that has lots of frames, or if you browse through many different frames over a short period of time. Microsoft has a fix for this. IE 7 users can get it at http://support.microsoft.com/kb/928089.

There's a chance that you will have compatibility problems with an Apple AirPort if you have a 15 or 17 inch Core 2 Duo MacBook Pro, or a 13 inch Core 2 Duo Macbook. If so, get the AirPort Update 2006-002 at http://www.apple.com/support/downloads/airportupdate2006002.html. Its supposed to be a compatibility fix.

Versions of Apple WebObjects earlier than 5.3.1 may have compatibility problems with J2SE 5.0 Release 4. Upgrading to WebObjects 5.3.1, available at http://docs.info.apple.com/article.html?artnum=302797, should fix that, as well as some problems in EOEditing.

If you try to play Rebellion Software's Snipter Elite on a Windows XP computer with an ATI Radeon X1600 graphics card, you may see corruption in some of the screen textures. This has been fixed in the ATI Catalyst Software 6.12 update.

If you mark a Microsoft Access 2007 database file as read-only, then you will not be able to get rid of the Search text box in the Navigation pane. Microsoft says that even if you uncheck the Show Search Bar option, it will be there. They say this is by design, so if you don't want the Search bar, you must get rid of the read-only attribute.

The Lsass.exe process on a Windows Server 2003 computer may have a memory leak when using a DCOM program that is both on the client side and on the server side. The leak happens in the way the security package is negotiated. Microsoft has a hotfix for this, which will be in a future Windows Server 2003 Service Pack. If you can't wait, see http://support.microsoft.com/kb/902058 for information on how to get the fix right away.

12/15/2006 Yahoo Messenger Tripped Up By ActiveX Bug

Yahoo (I'm not putting in the exclamation point) says there is a bug in their Yahoo Messenger due to a bad ActiveX control. The bug may trigger a buffer overflow, which could be activated by visiting a maliciously designed web page. Yahoo says you may be vulnerable if you installed Yahoo Messenger before 11/2/06 (although they didn't post this notice until 12/8/06). You can get an update that fixes this bug at http://messenger.yahoo.com/security_update.php?id=120806.

Any custom PDF settings that you create in Adobe Acrobat 8 Distiller will not be automatically available in Adobe Creative Suite 2.0 applications. That's because they get saved to a different location than the where the Creative Suite applications look. Adobe has some workarounds so that the applications know where to look. See them at http://www.adobe.com/support/techdocs/333516.html.

According to Google, some Mozilla Firefox users are having problems adding Contacts while using Gmail. Google says this happens if you are using the Tabbrowser extension in Firefox. Getting the latest version of this extension may fix the problem. If not, see other workarounds from Google at http://mail.google.com/support/bin/answer.py?answer=10282&topic=1525.

A third zero-day bug has been discovered in Microsoft Word 2000, XP, and 2003. Microsoft itself hasn't 'fessed up on this one (they are probably working on fixes for the first two) but McAfee talks about it, calling it the Microsoft Word 0-Day Vulnerability III, at http://vil.nai.com/vil/content/v_vul27264.htm. A zero-day bug means that code to exploit it is already circulating.

Make some display adjustments in Microsoft Excel 2007, and after you give the CTRL+F11 command to add a macro worksheet, all your other worksheet tabs will disappear. The display adjustments that trigger this include turning off the horizontal scroll bar, turning off the vertical scrollbar, and sheet tabs. Microsoft has some workarounds for this. See the details at http://support.microsoft.com/kb/928989.

Those of you who use PHP a lot may want to read this eWeek Security Watch story. Stefan Esser has resigned from the PHP Security Response Team "in disgust", apparently unhappy with a cavalier attitude towards fixing security bugs. Read the whole story at http://securitywatch.eweek.com/open_source/php_security_guru_quits_in_disgust.html.

12/14/2006 Vista Changes Unpacking Method

Microsoft has changed the way that the Microsoft Update Standalone packages work for Windows Vista. The old way to view the contents or extract the contents of one of the packages will not work -- especially if you are trying to do this on a non-Vista computer. It's because they use the "New and Improved" (those are air-quotes) Intra-Package Delta (IPD) compression technology. You will need to get the Windows Vista OEM Pre-installation Kit (OPK) if you want to view and extract. See http://support.microsoft.com/kb/928636 for the details.

12/13/2006 An Accidental Patch from Microsoft

A security patch for Microsoft Office for the Mac was accidently released ahead of time via auto-update. According to the Microsoft Security Response Center blog, they are still testing this patch, and a pre-release version was accidently released. They've taken the patch out of circulation, and they also recommend that you uninstall the patch. See http://blogs.technet.com/msrc/archive/2006/12/13/information-on-accidental-posting-of-pre-release-security-updates-for-office-for-mac.aspx for the details.

If you installed IBM Lotus Notes in single user mode, and then some other user installed Adobe Acrobat 8 on the computer, you won't have a PDMaker option from within Notes. Adobe has some workarounds for this at http://www.adobe.com/support/techdocs/333476.html.

If you are restoring an iPod using Apple iTunes 7 or 7.0.1, you may see this error message: An unknown error has occurred with one of these numbers included in the message: 1415, 1417, 1418, or 1428. What Apple really means in that message is that you need to upgrade to iTunes 7.0.2 or later.

Try to play an MP3 file that’s been ecoded at 32Khz or higher with a mono channel on a Fifth Generation iPod, and Apple says the iPod may reset itself. You will need to upgrade the iPod software to 1.2.1 or later. Do this via iTunes.

After you upgrade a computer to Windows Vista, some of the uninstall information for programs that are loaded on that computer may be incompatible with the Vista uninstall process. You won't be able to use Vista's uninstall process in the Programs and Features control panel. Microsoft has five possible workarounds that will let you delete the programs. See the details at http://support.microsoft.com/kb/927395.

The validation process for Windows Vista will become one of the more controversial features for the new OS. Microsoft has just released an update for the Windows Vista validation component on Windows Update. They don't specify why it needed updated only a couple weeks after the program was released to manufacturing.

Note that Microsoft's Patch Tuesday releases for December did not include fixes for the two zero-day exploits against Microsoft Word. NASA is not waiting -- they are blocking all Microsoft Word email attachments until patches are released. Read the whole story at http://www.msnbc.msn.com/id/16095705/.

If you install the 913800 Update for Microsoft Windows XP Media Center Edition 2005, then you may not be able to successfully complete the update to Windows Media Player 10 via automatic update. Instead, you will see this error message: A more recent version of Windows Media Player is already installed. To fix the problem caused by the earlier update, Microsoft says to install the 92651 critical update, either via the Microsoft Update web site or Windows Update. See http://support.microsoft.com/kb/926251 for details.

The Sophos Anti-Virus scanning engine has a bug in the way it handles CPIO files. A maliciously designed filename could trigger a buffer overflow. An attacker could take advantage of this to run their own code on a victim's computer. This has been fixed in the Sophos Anti-Virus engine 2.40. See http://www.sophos.com/support/knowledgebase/article/17340.html for the details. Sophos credits an anonymous tipster working through TippingPoint and the Zero Day Initiative for finding this bug.

Sun Microsystems says that a bug in Solaris 8,9, and 10 may let local unprivileged users run their own code with elevated privileges. Sun has fix information at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1. They credit iDefense with finding these bugs. If you want the inside scoop on the bugs, see http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=449 and http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450

Symantec has had to patch a number of bugs in their NetBackup Enterprise Server/NetBackup Server, Server and client and Storage Migrator for Unix option 5.0, 5.1, 6.0. A remote attacker, with access to the Netbackup servers, may be able to run their own code on the vulnerable servers. Symantec has links to patches at http://www.symantec.com/avcenter/security/Content/2006.12.13a.html.

12/12/2006 Windows Media Format Bugs Allow System Takeover

There are two critical bugs in Windows Media Format files that can affect almost all current versions of Microsoft Windows. One bug is in the way that Windows handles Advanced Systems Format (ASF) files, and the other is in Advanced Stream Redirector (ASX) files. Run into one of the maliciously-designed files at a website or in email, and the attacker may be able to take control of your system. It affects Windows 2000, Windows XP, and Windows Server 2003, but not Windows Vista. It affects all versions of Microsoft Windows Media Format 7.1 through 9.5 Series Runtime, but version 11 is not affected. Microsoft has patches available at http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx.

One of the critical security bulletins that Microsoft published on the December 2006 Patch Tuesday is a Cumulative Security Update for Microsoft Internet Explorer. You will be relieved to know that this is an update for the old IE, IE 5.01 and 6. The brand new Internet Explorer 7 does not need a security update yet. (or at least, they haven't released one.) This update fixes four bugs, two in script handling and two in TIFF handling, that may allow an attacker to take control of your computer. Get the update at http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx. Microsoft credits Jakob Balle and Carsten Eiram of Secunia Research, Sam Thomas, working with TippingPoint and the Zero Day Initiative, and Yorick Koster of ITsec Security Services for finding these bugs.

There is a bug in the wmiscriptutils.dll file of Microsoft Visual Studio 2005, the WMI Object Broker control. An attacker may be able to construct a web page that, if viewed by a user of Visual Studio 2005, could allow for the complete take-over of the computer. This ActiveX control is not automatically in the default allow list for Internet Explorer 7, so those users are safe unless they've activated permission. Microsoft has a fix for this at http://www.microsoft.com/technet/security/bulletin/ms06-073.mspx. They credit TippingPoint and the Zero Day Initiative for finding this bug.

Microsoft has released a Cumulative Security Update for Outlook Express on Windows 2000, Windows XP, and Windows Server 2003. There is a bug in the way that the Windows Address Book is handled that can be exploited by an attacker. A Windows Address Book file would have to be sent to initate the attack, and the victim would have to open the file. Microsoft labels this an Important update. Get the fix at http://www.microsoft.com/technet/security/Bulletin/MS06-076.mspx.

There is a bug in the SNMP Service (Simple Network Management Protocol) of Windows 2000, Windows XP, and Windows Server 2003 that may allow a remote attacker to take complete control of a system. Since the SNMP Service is not enabled by default, Microsoft only rates this an Important update. Of course, it's a lot more important if you use SNMP. See the details and fix at http://www.microsoft.com/technet/security/bulletin/ms06-074.mspx. Microsoft credits Kostya Kortchinsky of Immunity, Inc. and Clement Seguy of the European Aeronautic Defence and Space Company for finding this bug.

There is a bug in the way that Microsoft Windows XP Service Pack 2 and Windows Server 2003 handles the file manifests when applications are started. This may allow a local user with valid login credentials to gain elevated privileges. Microsoft rates this as an important update. Get it at http://www.microsoft.com/technet/security/bulletin/ms06-075.mspx.

There is a bug in the Remote Installation Service of Microsoft Windows 2000 Service Pack 3 that may allow anonymous users to overwrite an existing operating system file, if that file has been installed by a RIS server. This capability is not turned on by default in Windows 2000. Microsoft has a fix for this at http://www.microsoft.com/technet/security/bulletin/ms06-077.mspx. Microsoft credits Nicolas Ruff for finding this file.

12/11/2006 Another Microsoft Word Bug Allows Attack

There is a new zero-day attack against Microsoft Word, apparently unrelated to the zero-day attack discussed in the 12.6 BugBlog. It affects Word 2000, 2002, 2003, and the Word Viewer 2003. However, the brand new Word 2007 is not affected. (A cynical person would say this is all a marketing ploy to get people to upgrade. Luckily, I'm not cynical.) The issue is being actively exploited, according to Microsoft. At this point, it does not appear that there will be a fix for either of these issues in time for the 12/12 Patch Tuesday Security Releases. See http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx for more.

Adobe says that if you want to create video in Premiere Elements to export to a Sony PlayStation Portable (PSP), you will be limited to only one MPEG-4 standard, H.264 (AVC). While the PSP supports another standard, MP4 - Simple Profile, Premiere Elements does not.

After upgrading to Mac OS X 10.4.8, some Intel-based Macs may have problems getting IP addresses from third-party wireless routers. While they can create their own IP address to associate with the network, they won't be able to gain Internet access. Apple says to turn the wireless router off and then back on again. This may generate an IP address. If that doesn't work, they say to check with the router manufacturer for help.

In Microsoft Excel 2003, if you have a forumula that uses the NORMDIST function, and the X value for the function is one billion or more, the formula results will show up as #NUM!. Microsoft says they have fixed this in the Excel 2003 post-Service Pack 2 hotfix package of 10/2/2006. See how to get it at http://support.microsoft.com/kb/925225.

If you upgrade a Windows Server 2003 computer with Service Pack 1, that computer may no longer be able to join its domain. It won't have any icons in the Network Places folder, and you won't be able to do any remote procedure calls. Microsoft says the problem may be that "Impersonate a client after authentication" policy has been defined for a Group Policy object (GPO) that is linked to the domain. Microsoft has workaround information at http://support.microsoft.com/kb/925632.

12/08/06 An AOL ActiveX Control Allows Attack

There is a buffer overflow bug in an ActiveX control in AOL 7, 8 and 9 that may allow a malicious website to run their code on your system. You would need to visit the website with Microsoft Internet Explorer, and AOL 9.0 Security Edition revision 4156.910 or earlier (including America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230). The bug was discovered by Secunia Research, who say that using the automatic update function for AOL will get you a version of AOL 9 that is fixed. See http://secunia.com/advisories/23043/ for the details.

If you installed Adobe Premiere Elements 3.0 on a computer that already had Premiere Elements 2.0 installed, some of the Help files may get tangled up. Ask for Help in PE 3.0, and you may be shown Help files from PE 2. Adobe shows how to get this cleared up at http://www.adobe.com/support/techdocs/333359.html.

Apple says that if you have third-party VPN client software on a Mac that is updated to Mac OS X 10.4.8, you may find that the AirPort process may suck up to 90 percent of your available CPU time. This could cause your computer to work very slowly. Apple blames the third-party software, and says you should check with them for updates. They say as much at http://docs.info.apple.com/article.html?artnum=304798, but also say to keep an eye on that page for updates.

When installing Microsoft Office 2007, sometimes there are some missing uninstall files from your previous version of Office. That means the old one won't get completely removed, and you might end up with two versions of one application. If that application is Outlook, Microsoft warns that you may have some serious instability problems. If that's the case, check out the steps you can take to clean things up at http://support.microsoft.com/kb/926799.

While in Windows XP, you can right click the desktop, click New, and then click WordPad document. Documents created in this way may be missing some of their properties if you later open the document on a Windows Vista computer. As yet, there is no fix.

Red Hat has a new jbossas package for the Red Hat Applications Stack for Red Hat Enterprise Linux 4. This package is a Jboss Application server that is used by Java applications and Web apps. The old version had a bug in the DeploymentFileRepository. Remote attackers who could gain access to the console manager could then use this bug to read or write to files. Red Hat credits Symantec for finding this bug. Get the update at http://rhn.redhat.com/errata/RHSA-2006-0743.html.

12/7/06 Security Bugs With Adobe Acrobat and Reader 7

Adobe says that Acrobat 7 and the Adobe Reader 7 have a number of critical bugs that need to be fixed. Attackers may be able to design a malicious PDF file that takes advantage of these to take control of your computer. Users of the free Adobe Reader 7 need to upgrade to the free Reader 8 at http://www.adobe.com/products/acrobat/readstep2.html. Users of Acrobat 7.x should see the fix information at http://www.adobe.com/support/security/bulletins/apsb06-20.html.

12/6/2006 Zero Day Attack Against MS Word

There is a new zero-day attack against Microsoft Word 2000, XP, 2003, Word for the Mac, and Microsoft Works. Users could only be affected if they opened up a maliciously designed Word document. Microsoft itself claims in their security advisory that attacks have been limited, but hostile code is circulating on various malware sites. We are a week away from the next Patch Tuesday, so I'm guessing that Microsoft is working fast to get a fix ready. Read more at http://www.microsoft.com/technet/security/advisory/929433.mspx.

In both Mac OS X 10.3.9 and 10.4.8, when you are installing software as as Admin user, the Installer may be able to evoke system privileges without you giving any authorization. Apple has tightened this up in their Security Update 2006-007. Now, if system privileges are needed, the Installer is going to ask for your permission first.

If you use the Apple Finder in Mac OS X 10.3.9 or 10.4.8 to browse through a shared directory, you may get a heap buffer overflow is Finder finds a corrupt .DS_Store file. Someone may be able to use this in an attack, by luring someone into browsing through a shared directory where they have booby-trapped a .DS_Store file. The overflow could then be used to run hostile code on the victim's computer. This has been fixed in the Apple Security Update 2006-007.

If you want to use Microsoft Word 2007 to create new blog posts with one of the compatible blog hosting companies, you will need to have Microsoft Visual Basic for Applications installed along with Office 2007. If not, you will see this error message when you try to blog:
Microsoft Office Word needs VBA macro language support to complete this action.

If you started out with a beta version of Office 2007 running on a computer with a beta version of Windows Vista, you may have problems with the Office 2007 Viewers after you upgrade to the final version of the product. Microsoft has workaround steps at http://support.microsoft.com/kb/928149.

If you have a Microsoft Excel workbook that has links to another workbook that has been saved in HTML format, it won't be able to update the links if the workbook is closed. If you click the Update button, you will get this error message:
This workbook contains one or more links that cannot be updated.
However, if the HTML source file is open, the links will be refreshed.

iDefense Labs found an integer overflow in Novell ZENworks Asset Management, that also affects Novell Task Server and Colleciton Server. A remote attacker may be able to exploit the bug and run their own code at either the System or Root level, which could lead to the complete takeover of the system. Novell has a patch at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974824.htm.

Red Hat has updated GnuPG packages for Red Hat Enterprise Linux 2,3, and 4. There is a bug in the way that GnuPG decrypts messages that can be exploited by an attacker. They could send an encrypted message that, when decrypted triggers the bug and runs hostile code. This bug was discovered by Tavis Ormandy. Download the updated package at https://rhn.redhat.com/errata/RHSA-2006-0754.html.

12/5/2006 Worm Reports on MySpace

Security researchers at Websense Security Labs report on a worm that is exploiting a bug on MySpace, along with the Apple QuickTime player's support of Javascript, to infect webpages on MySpace. After the infection, links on a MySpace profile may get replaced with links to phishing sites. If you see an empty QuickTime video, or it looks like your links have been changed, you may have been infected. See http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708 for more.

The Apple Security Update 2006-007 for Mac OS X 10.3.9 and 10.4.8 includes a fix for PHP, which is updated to version 4.4 with the security update. This fixes a number of bugs in PHP in the way it interacts with the Apache web server and with scripting.

There is a bug in the FTP server in Mac OS X 10.3.9. According to Apple, if FTP access is enabled, attackers may be able to learn valide account names. During the attack, trying to authenticate an unknown username won't cause a crash. However, if the username is known, the crash will occur, which may give the attackers clues for further attacks. Apple has fixed this in the Security Update 2006-007. They credit Benjamin Williams of the University of Canterbury for finding this bug.

The InfoWorld Gripe Line, by Ed Foster, has news about how some HP DesignJet printer heads are designed to fail, whether they are bad or not. Read about it at http://weblog.infoworld.com/gripeline/archives/2006/12/hps_timebombed.html.

There is a bug in the way that the Google Mini Search Appliance and the Google Search Appliance handle UTF-7 encoded URIs. Attackers can take advantage of that to run both hostile HTML and script code within a browser session. Secunia has more at http://secunia.com/advisories/23239/. As a fix, they recommend filtering malicious characters and character sequences in a proxy. They credit maluc with finding this bug.

Google personalized home pages will work on more than just the latest browsers. It is compatible with Microsoft Internet Explorer 5.5 and later, with Mozilla Firefox 0.8 and later, Safari 1.2.4 and later, Netscape 7.1 and later, and Opera 8 and later. You won't get the full effects for dragging content around on your screens if you don't have JavaScript turned on, however.

If you use a client-only rule within Microsoft Outlook 2007 to delete meeting requests, you may end up with tentative appointments still showing up in your Outlook 2007. Yet you will correctly see those meeting requests in your Deleted Items folder, too. The only workaround from Microsoft so far is to manually delete the tentative meeting requests.

If you format a blank DVD with a Windows Vista computer, you won’t be able to stream live TV and record to the DVD using a regular standalone DVD recorder. According to Microsoft, Vista uses a Universal Disk Format (UDF) that won't work with Real-Time files, which is what the DVD units use.

12/4/2006 Update Windows XP Media Center to Appease Zune

You will not be able to install the Microsoft Zune software on a Microsoft Windows XP Media Center 2005 computer unless you have installed the Rollup Update 2. Without it, you will get this blunt error message: "Operating System Not Supported"
To achieve compatibility, get the update at http://support.microsoft.com/kb/900325. Also, the Zune software is totally incompatible with both Windows XP Media Center Edition 2002 and Microsoft Windows XP Media Center Edition 2004. If you are using those versions, I guess you can always stick with iTunes.

If you installed the Adobe Illustrator 12 Tryout version and then removed it, you may have problems later upgrading Illustrator CS2 with the Illustrator 12.0.1 update. During the upgrade, you will see the error message: The tryout version cannot be updated. Adobe has two fixes for this. Find the Adobe ESDGlobalApps.XML file and delete it, or delete the Illustrator tryout version uninstall Registry key. See http://www.adobe.com/support/techdocs/328994.html for the details.

On both Mac OS X 10.3.9 and 10.4.8, if you have PPPoE enabled on an untrusted local network, one of the other users on this network may be able to cause a buffer overflow on your computer. This could lead to a computer crash, or possibly running hostile code on your computer. Apple has fixed this in the Apple Security Update 2006-007. They credit Mu Security for finding this bug.

If you create a personalized Google home page, but do it without logging in to Google via the Sign In dialog, all your personalized home page settings are stored in cookies. If your cookies get deleted, your personalized settings will be get lost. See http://google.com/support/bin/answer.py?answer=25563&topic=9004 for more.

If you've decided to migrate from Apple iTunes to the world of Microsoft Zune, note that none of the content that you've purchased from the Apple iTunes store can get transferred. That's because it uses the Apple DRM (digital rights management) scheme, instead of the Zune DRM. Any unprotected content can get transferred. See how at http://support.microsoft.com/kb/928224/en-us?sd=zune. Also note that content from the earlier Microsoft DRM system isn't compatible either.

If you upgrade to Windows Vista, on a computer that has a PS/2 keyboard, you may find that the computer is very slow to accept keystrokes from the keyboard, or may delay and then accept them in a burst. According to Microsoft, the keyboard settings don't get converted correctly during the upgrade. Microsoft has steps to fix this at http://support.microsoft.com/kb/927840.

Symantec has patched their Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 to fix a PHP bug. According to Symante, unauthorized users may be able to execute their own code in the context of the server, which may allow them to introduce their own damaging code. This has been fixed in the Symantec Veritas NetBackup PureDisk Remote Office Edition 6.1. Get it at http://support.veritas.com/docs/285984.

12/2/2007 Vista and Office 2007 Upgrade Together Brings Bugs

If you have upgraded to Windows Vista from Windows XP, and then on the same computer upgrade to Microsoft Office 2007 from some earlier version of Office, you may have a problem doing searches in Outlook 2007. If Outlook 2007 uses Rich Text Format (RTF) as its file type, none of your searches will find results within RTF messages. Microsoft has a fix for this. See the details at http://support.microsoft.com/kb/927595.

Adobe says that if you install Premiere Elements 3.0, when you enter in your company name make sure it is less than 50 characters long. If it is longer, then when you first launch the program you will get this error message: Registration information is invalid, reinstall Premiere Elements.

Opening a PDF file with Adobe Acrobat 8 on a Windows XP computer with an ATI video card may cause a Blue Screen of Death on the computer, with this error message:
There was an error processing a page. Insufficient system resources exist to complete the requested service.
Adobe says this can happen if the ATI video card is using their 8.291 driver, and your Acrobat Page Display preferences are set for Use 2D GPU acceleration. Adobe says you will either need to upgrade the video driver, or turn off 2D GPU acceleration. See how to do that at http://www.adobe.com/support/techdocs/324073.html.

Apple says that within the Security Framework for Mac OS X 10.3.9, the Secure Transport mechanism is supposed to figure out the best cipher system that this computer and the other computer can support. However, sometimes there's an error, and the two computers end up using a relatively lax system when a better one could be used. This has been fixed in the Apple Security Update 2006-007. Apple credits Eric Cronin of gizmolabs for finding this bug.

There is a bug in the gnuzip application that ships with Mac OS X 10.3.9 and 10.4.8. An attacker may be able to construct an archived file in such a way that when gnuzip unpacks it, gnuzip may crash. There's also the possibility of the attacker running their own code on your computer. This has been patched in the Apple Security Update 2006-007. Apple credits Tavis Ormandy of the Google Security Team for finding this bug.

Increased security was one of the goals for Windows Vista. (It was also one of the goals for Windows XP Service Pack 2.) For a detailed review of the new security features of Windows Vista, see Paul Thurott's Supersite at http://www.winsupersite.com/reviews/winvista_05b.asp. (Don't wait for my review -- I don't plan on getting a Vista computer for quite a while.)

12/1/2006 Vista Officially Launched, And Threat Identified

Microsoft officially launched Vista on November 30. That's also the day that the anti-virus firm Sophos said that some malware already known to be on the Web can bypass Vista's defenses if downloaded through third-party Web-based email. Even if the malware gets through, however, other parts of Vista may still be able to stop it from causing damage. Read the whole thing at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005542.