The BugBlog Plus
This is the subscription portion of the BugBlog. The first bug of the day listed is always the free bug available to non-subscribers, followed by the subscription-only bugs.
5/31/2007 Mozilla Fixes Some Layout Engine Bugs
Mozilla released the Firefox 2.0.0.4 and Firefox 1.5.0.12 updates, to fix a number of bugs in the layout engine. Some of these bugs could crash Firefox and corrupt memory, which means they could be exploited as a means of installing malware. Mozilla credits Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay for finding these bugs. You can get the update via the Mozilla update function (Help, Check for Updates) if you haven't gotten notified automatically.
Mozilla Firefox 2.0.0.4 did not ship with a Microsoft Windows Media Player plug-in. If you want one, see the instructions at http://kb.mozillazine.org/Windows_Media_Player#Missing_plugin.
If you are using Mozilla Firefox 2.0.0.4 on a Mac OS X system, if you have more than 20 tabs open you may not want to use the "Close Other tabs" on a tab's shortcut menu. This may not work correctly.
Windows Vista Parental Controls do not work correctly with Mozilla Firefox 2.0.0.4. According to Mozilla, controls are not applied to file downloads. They plan to fix this in a later release.
5/30/2007 Flash Player Sound Card Problems
Adobe Flash Player 9.0.45.0 for Windows may have compatibility problems with some sound cards. According to Adobe, the drivers for some Realtek and SoundMax cards may not support WaveOut, which will lead to audio problems. There is no workaround from Adobe -- you'll probably have to wait for a driver update.
5/28/2007 Overflowing iChat Can Allow Attack
A buffer overflow bug in iChat for Mac OS X 10.3.9 and 10.4.9 may allow a malicious local user to trigger either a denial of service attack or run hostile code on the victim's computer. The bug is in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol). Apple has fixed this in the Security Update 2007-005.
If you create new ActionScript 3.0 components in Adobe Flash CS3 Professional, they may not work correctly in older version of the Adobe Flash Player. This has been fixed in the Flash Player 9.0.45.0 update.
There is a bug in the Mac OS X 10.4.9 PPP daemon that may allow a local user to grab system privileges. The Apple Security Update 2007-005 fixes this by doing a better job validating user privileges. Apple credits an anonymous researcher reporting to iDefense for finding this bug.
Apple uses the Security Update 2007-005 to ship patches for the Ruby CGI library. Without the patches, attackers can launch denial of service attacks.
Apple has patched QuickTime 7.1.6 for both Mac OS X and Windows. There is a bug in QuickTime for Java that may allow a malicious website to run their code on your computer and take control. Get the patch for your OS at http://www.apple.com/support/downloads/. Apple credits John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force, and Dyon Balding of Secunia Research for finding this bug.
If you change an environment variable in Windows Vista so that it is longer than 1024 characters, it may get shortened to 1024 characters at your next log-on. Depending on the variable, that may cause problems. Microsoft has a fix for this, which will be in a future service pack. If you've got a long environment variable, you may want to get the hotfix. See how at http://support.microsoft.com/kb/935765/.
5/24/2007 MacBook Loses Its Display
If you have an external display hooked up to a MacBook that is running in clamshell mode, after waking up the computer you may not be able to use the built-in monitor. Apple says you will need to use the f7 key to restore the display, and then you need to restart your computer. See http://docs.info.apple.com/article.html?artnum=305507 for more.
Install Adobe Reader 8 on a Windows Vista computer, and you may see this error message:
The Temp folder is on a drive that is full or is inaccessible.
Microsoft says you can fix this by enabling User Access Control, and then installing Adobe Reader. See how to do this at http://support.microsoft.com/kb/http://support.microsoft.com/kb/936645.
There is a bug in the Alias Manager for Mac OS X 10.3.9 and 10.4.9. An attacker may be able to confuse a victim by showing identically-named disk images, one of which holds a malicious program. They may be able to trick the victim into opening the the bad one. This has been fixed in the Apple Security Update 2007-005. Apple credits Greg Bolsinga of Blurb for finding this bug.
The Apple Security Update 2007-005 includes an updated BIND package. This update, to BIND 9.3.4, fixes a number of security bugs. Apple points to http://www.isc.org/index.pl?/sw/bind for details of the bugs.
There is a bug within VPN in Mac OS X 10.3.9 and 10.4.9 that may let a local user grab system privileges. They can do this via a format string vulnerability. This has been fixed in the Apple Security Update 2007-005. Apple credits Chris Anley of NGSSoftware for finding this bug.
There is a bug in the CoreGraphics for Mac OS X 10.4.9 that may allow hostile code to be snuck in via an evil PDF file. This is due to an integer overflow bug, which may allow hostile code to be run. This has been fixed in the Apple Security Update 2007-005. It does not affect earlier versions of OS X.
There is a bug in a third-party cryptographic library that is used in a number of Cisco products, including Cisco IOS, Cisco IOS XR, Cisco PIX and ASA Security Appliances, Cisco Firewall Service Module (FWSM), and Cisco Unified CallManager. Cisco says the bug may allow denial of service attacks. However, they say that the bug will not allow attackers to decrypt information. Cisco has fix information at http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c5d.shtml.
The Internet Storm Center says that someone sent the AV company Sophos a proof-of-concept virus that can use OpenOffice files to infect Windows, Linux and Mac OS X computers. This virus does not appear to be circulating, and given the oppotunities for infecting large numbers of Microsoft Office users versus a small number of OpenOffice users, this may not turn into a real threat. See http://isc.sans.org/diary.html?storyid=2847 for more.
Try to download some files from a Microsoft Office SharePoint Server 2007 site, and the download progress indicator may not function correctly. In some other cases, a document may get downloaded twice. Microsoft has fixed these bugs in a Software Update for Web folders. Get the update at http://support.microsoft.com/kb/907306.
Try to download some files from a Microsoft Office SharePoint Server 2007 site, and the download progress indicator may not function correctly. In some other cases, a document may get downloaded twice. Microsoft has fixed these bugs in a Software Update for Web folders. Get the update at
Symantec sent out flawed anti-virus signatures in the simplified Chinese version of their product. These flawed files caused two critical Windows XP files to be quarantined, mistaking them for the Backdoor.Haxdoo Trojan. Because of this, a large number of Chinese PCs got turned into doorstops. If affected, you can recover the files from your Windows XP disk. (Assuming you have them.) Read more at http://www.cisrt.org/enblog/read.php?100.
5/22/2007 Isolating Microsoft Office
Microsoft has released their Microsoft Office Isolated Conversion Environment (MOICE). That's not a padded cubicle where you can stash your disruptive co-workers. Instead, it is a file blocking and file conversion tool that may help protect you from malware coming in on an Office file, especially via email. Read more about it, and download it, from http://support.microsoft.com/kb/935865.
When you install the Adobe Version Cue CS3 Server on a Mac OS X system, it may turn off the Mac Personal Firewall while it sets everything up. Unfortunately, it forgets to turn the firewall back on. The only workaround for now is to turn the firewall back on manually. If you don't know how to do that, see http://www.adobe.com/support/security/bulletins/apsb07-11.html.
If you turn on your iPod nano and see a picture of a USB cable on the display, it may mean that you need to reset your iPod. See how to do that at http://docs.info.apple.com/article.html?artnum=305443. If that doesn't work, you may need to take it in for service.
If you are using the Microsoft Office Compatibility Pack for Office 2007, it won't work correctly on documents with form fields if you are using an East Asian language version of Windows. This has been fixed in the Compatibility Pack update. Get it at http://support.microsoft.com/kb/936695.
If the Windows Media Center is running on a Windows Vista Ultimate or Vista Home Premium computer, and you remove a USB flash storage device, you may see this error message:
Unknown audio error occurred (C00D1191)
Microsoft doesn't have a fix, but says the error message will go away and you can still remove the device.
Here's a bug for my cousins back in the old country. If you are using a Croatian version of Windows Vista, and you try to create an RTF file, you may see an error message that begins:
Stvaranje datoteke 'Novo: Dokument u obliku...
It's telling you there is a problem with a colon in the file name. If you are fluent in both Croatian and English, you may want to go to http://support.microsoft.com/kb/937250 to see a workaround.
Microsoft has had to repatch the hotfix for the Microsoft Installer MSI fix. The fix that was at http://support.microsoft.com/kb/916089. has been replaced by the one at http://support.microsoft.com/kb/927891. The bug itself may lock up your computer when you are using Windows Update.
Red Hat has a new gimp package for Red Hat Enterprise Linux 2.1 through 5. The update fixes a stack overflow bug in the GIMP RAS file loader. Get the update at https://rhn.redhat.com/errata/RHSA-2007-0343.html.
There is a bug in the AdSense plugin for the WordPress blogging software. It may allow a malicious site to conduct cross-site scripting attacks. The bug was discovered by David Kierznowski, who hasn't released the details, but has notified WordPress. Read more about it at http://michaeldaw.org/alerts/alerts-200507/.
5/21/2007 Your Header Ducks After Conversion
Microsoft says that if you use Word 2003 to open a Word 2007 OpenXML document that has a header, and then you save the file in the Word 2007 OpenXML format, the header may move farther down the page. Microsoft says they have fixed this in the update to the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. Get it at http://support.microsoft.com/kb/936695.
We've already repeated the Adobe warning that any beta versions of Adobe Creative Suite CS3 need to be removed before installing the shipping version. In case you run into problems doing this on a Mac, Adobe has a clean-up script that you can use. Get it at http://www.adobe.com/go/kb401056/
If you want to use Adobe InDesign's CS3 SaveBack option to save an InDesign document back to CS2, you won't be able to open it in CS2 unless you have installed the Adobe InDesign CS2 4.0.5 update. You can use the Adobe Update Manager to get it.
If you export an Adobe InDesign CS3 document to an RTF format, any page breaks get converted to paragraph marks. Adobe says they only way to fix this is to go in and manually add breaks to the RTF document.
Microsoft says that if Adobe Dreamweaver is configured as the default XML editor on a Windows Vista computer, then the Vista Help and Support Center won't run. Instead, you may see this error message:
Internet Explorer cannot download / from windows. Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.
Microsoft has a Registry edit to fix this. See the details, as well as important safeguards in editing the Registry, at http://support.microsoft.com/kb/937491/
If a Microsoft Word 2007 OpenXML document has a text box, and you open it with Word 2003, when you save it again as an OpenXML file the aspect ratio of the text box will change. Microsoft says they have fixed this in the update to the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. Get it at http://support.microsoft.com/kb/936695.
Attackers can create a malicious torrent file that, when clicked in Opera 9.2, can execute an attack on the target computer. Opera Software says they have fixed this in Opera 9.2.1.
Red Hat has an updated libpng package for Red Hat Enterprise Linux 2 through 5. This package fixes a bug that could allow an attacker to design a malicious PNG file that may allow
There's a bug in the Net-SNMP software that comes with Sun Microsystems Solaris 10. This may allow remote or local users to trigger a denial of service attack. Sun has a fix for this at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102725-1.
5/18/2007 Vista Doesn't See Some Casio Digital Cameras
Windows Vista does not recognize the Secure Digital (SD) card for these Casio digital cameras: Exilim Card EX-S3; Exilim Zoom EX-Z3; CASIO QV-R40. Connect one of them, and Vista shows it confusion by giving this error message:
Please insert a disk into Removable Disk (E:).
Microsoft has a fix for this that includes a Registry edit. See the details for this, plus important warnings about editing the Registry, at http://support.microsoft.com/kb/934332/.
5/16/2007 Another Symantec ActiveX Bug
Symantec Norton Personal Firewall 2004 and Norton Internet Security 2004 both use an ActiveX control that can be exploited by remote attackers to run hostile code on the victim's computer. The control is part of ISLALERT.DLL, and has a buffer overflow bug. Symantec does not know of any actual exploits using this bug. They have patched this and are distributing the patch via Live Update. Users should make sure either that automatic updating is on, or do a manual update.
Try to use Apple iSync to synchronize over Bluetooth to a Motorola E815 cell phone, and you may see the error message:
iSync Cannot Connect With This Device"
The problem is actually Bluetooth, for Apple says that you can sync if you use a USB cable.
When Apple Logic Pro 7 or Logic Express 7 are working on a big project on a computer with more than 2 GB of RAM, the program may crash unexpectedly. Apple says the problem is actually too much virtual memory. See http://docs.info.apple.com/article.html?artnum=305494 for some troubleshooting and workaround help.
If you get one of those highly technical Google Gmail error messages, the ones that says "Oops" and then give a number, see http://mail.google.com/support/bin/answer.py?answer=10315&topic=1536 for troubleshooting information.
IBM says that Workplace Web Content Management (WCM) version 6.0 fix pack 2 (6.0.0.2) is designed to remove any interim fixes to version 6.0.0.1. However, in some cases the WCM fix pack will also remove interim fixes that have been applied to WebSphere Portal version 6.0.0.1 too. Administrators who have installed the fix pack may need to go back and reinstall the fixes for the other product. See http://www-1.ibm.com/support/docview.wss?uid=swg21259877 for more.
Microsoft Internet Explorer 7 will have problems with web pages that have an IFRAME that has a src attribute that points directly to an .svg file. Pages designed this way probably won't display correctly because they will load in the wrong order. See http://support.microsoft.com/kb/924926/ for workaround information.
The "Shrink to Fit" feature in Outlook 2003 or in Outlook Express is turned on automatically. This may cause problems with certain emails that contain really wide images. The message may get shrunk so much that it is unreadable. A quick fix is to delete the wide image before printing. The more complicated fix is to go to http://support.microsoft.com/kb/932538/ to get Microsoft's hotfix. Upgrading to Outlook 2007 will also work, but that's not a free upgrade.
After you install the Cumulative Security Update for Internet Explorer that was in MS07-027, and you have moved your Temporary Internet Files folder outside its normal spot in the Users folder, and you have the Phishing filter enabled, you may run into a number of extra security warnings asking you
Do you want to save this file?
Microsoft has some workarounds available at http://support.microsoft.com/kb/937409.
After you wake up a Windows Vista computer from sleep, it may not be able to control an audio CD in an attached DVD player. Microsoft has a hotfix for this, which will be in a future Windows Vista service pack. If you need the fix right away, see http://support.microsoft.com/kb/927341/.
If you use the Fast Forward button a couple of times on a Microsoft Windows Media High Definition Video (WMV HD) DVD or a WMV HD file in Windows Media Center in Windows Vista, the audio and video may go out of sync. Microsoft has a hotfix for this problem at http://support.microsoft.com/kb/935333/. It replaces the earlier 932757 hotfix.
Red Hat has an updated kernel for the Red Hat Enterprise Linux 5. It fixes a number of security bugs, including in the way that Red Hat handles IPv6 routing headers, in IPv4 forwarding, and in netlink messages. Get the updated package at https://rhn.redhat.com/errata/RHSA-2007-0347.html.
5/15/2007 Acrobat Can't Be First
First things first, according to Adobe. After you install Adobe Creative Suite 3, don't pick Acrobat 8 as the first product to start. If you do, you will see an error message: You must launch another Creative Suite application. It appears that anything but Acrobat will do.
Once you have installed Adobe Creative Suite Web Premium on a Mac OS X computer, you will not be able to install InDesign CS2, Illustrator CS2, and Acrobat 7. Adobe says the installation will fail. If you want some of both, you will need to uninstall CS3, install the CS2 components you want, and then install CS3 again.
Adobe Flash CS3 does not recognize the four digit extension .JPEG. If you want to import a JPG with that extension, choose All Files from the pull-down menu. It will be able to import the file, it just doesn't understand that the JPEG is a JPG.
Adobe says that Microsoft Vista Virtual Folders are incompatible with Adobe Bridge CS3.
Via a tip from the Fake Steve Jobs blog, here's a posting on "Why Security Pros Use Macs". You might not be a security pro, but there are still some interesting points Read the whole thing at http://blogs.ittoolbox.com/security/investigator/archives/why-security-pros-use-macs-16168.
Microsoft has updated the original Microsoft Office 2007 Compatibility Pack. It fixes a number of bugs that were losing Equations, Smart Art, and Charts properties when saving Excel, Word, and Powerpoint 2007 files into older versions of Office. Get the update at http://support.microsoft.com/kb/936695
5/14/2007 ActiveX Bug Puts a Hole in Norton Antivirus
The consumer versions of Symantec Norton Antivirus, including the 2005 and 2006 versions, plus Norton Internet Security 2005 and 2006, use an ActiveX control that can be exploited by malicious websites to load hostile content. According to Symantec, they have already pushed out a fix for this via LiveUpdate. See the details at http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09.html. They credit Peter Vreugdenhil, working through iDefense, with finding this bug.
Adobe points out that during the installation of Creative Suite 3 Design Premium, Design Standard, or the Web Premium edition, any installations of Adobe Acrobat 7 and Acrobat 3D7 will be deleted. (These editions come with Acrobat 8). However, the electronic licenses for the products will not be deactivated.
If you are having problems syncing your Apple TV with your Mac or Windows PC after you have given your passcode, the problem may be your firewall. You may need to configure the firewall to allow TCP connections on port 3689. See http://docs.info.apple.com/article.html?artnum=305287 for details.
Apple users who want to use Backup on a FAT32 formatted disk will need to use Backup 3.1.1 or later. Earlier versions don't support FAT32. You can get that version from the.Mac Backup page. See http://docs.info.apple.com/article.html?artnum=305501 for more on backup.
After installing Microsoft Security Update MS07-027, you may have problems using Microsoft Internet Explorer on certain websites. Microsoft says this is because the websites are doing things they shouldn't be doing. This isn't malicious activity -- its just the way those websites issue prompts for multimedia plugins like Adobe Shockwave or Apple QuickTime player. There's little the user can do, it's up to the webmasters of those sites to conform to the new Microsoft standards. See http://support.microsoft.com/kb/931768 for more.
If you are still using the original version of Windows Server 2003, known as either the Gold or RTM (Release to Market) version, it's time to update. Microsoft is discontinuing support as of 5/28/2007. After that time, any fixes to Windows Server 2003 will only be for the Support Pack 1 or Support Pack 2 versions. After all this time, it’s a good idea to get those support packs installed, anyway.
5/11/2007 Windows Media Center Fouls Up Scanner
After you start the Media Center program on a Windows XP Media Center 2005 computer, you may find out that the buttons on your scanner no longer work. According to Microsoft, the Media Center disables all button handlers. They do this so that the mouse won't "interrupt the Media Center experience." Restarting the computer will bring back the scanner buttons. You can also get your scanner buttons back by restarting the Windows Image Acquisition service. See how to do that at http://support.microsoft.com/kb/936090/.
If you are going to be installing Adobe Creative Suite 3, or one of the CS3 applications, on a Mac OS X computer, make sure it is a Mac OS X 10.4.8 or later computer. The installer won't start on earlier versions of OS X.
Apple has updated the Darwin Streaming Server to version 5.5.5. They did this to fix a number of bugs that may allow an attacker to crash the server or possibly run their own code. Get the update at http://docs.info.apple.com/article.html?artnum=305495. These bugs were discovered by iDefense.
Cisco hardware running IOS 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4 and configured for an FTP server have a number of bugs that can be exploited to either cause a denial of service attack or spoof the authentication process. See http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml to find out whether your device is vulnerable and to get fix information.
An article at Ars Technica says that there is talk among malware authors about how to piggyback on a Windows Update service called Background Intelligent Transfer Service (BITS). Symantec says they have not seen any instances of it happening in the wild yet, so for now its still only a potential attack. Read the whole thing at http://arstechnica.com/journals/microsoft.ars/2007/05/11/malware-piggybacks-on-windows-background-intelligent-transfer-service.
Previously, Microsoft released an update that was supposed to help users who were getting errors when they tried to use Windows Update. This KB916089 didn't work for a number of people, so Microsoft has a second update, at http://support.microsoft.com/?kbid=927891, for people having problems with the first update to Windows Update.
5/10/2007 Windows Mail is Persistent
Reboot or wake up a Windows Vista computer, and you may start seeing this message:
Windows Mail can compact the message store.
Microsoft says this will happen if any combination of Windows Mail, or the Windows SideShow Windows Mail gadget has been started 100 times. You will get this message even if Windows Mail is not your default email program. If you click Cancel, the message will keep coming back every time you restart. As workarounds, you can bow to the inevitable and say Yes. Microsoft says if you don't use Windows Mail, the process won't take long. Or else, you can turn off the Windows Mail gadget. (While it doesn't take up a lot of memory, this appears to be another piece of code running in Windows background, whether you need it or not.)
5/9/2007 Even RTF Files Can Trigger Attack
A heap corruption bug may allow an attacker to load hostile content onto your computer via a Rich Text Format (RTF) file in Microsoft Word. This affects Word 2000, Word XP, and Word 2003, but does not affect Word 2007. Microsoft has patches for this at http://www.microsoft.com/technet/security/Bulletin/MS07-024.mspx. The bug was discovered by iDefense, who has more details at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525.
There is a cross-site scripting bug in Adobe RoboHelp X5, 6 and RoboHelp Server 6. Attackers may be able to manipulate a URL that will fool the victims into disclosing information to another site. Adobe has a fix, and more details, at http://www.adobe.com/support/security/bulletins/apsb07-10.html.
Apple says that it is important to properly unmount or disconnect a disk or other storage volume connected to a Mac OS X 10.4.x computer. If you don't, then recently copied or saved files may not be there next time. (Most of the time, you want to click the Eject button to unmount.) If you didn't do it correctly, and you think there are files missing, you may also have additional drive corruption. Apple says you should use Disk Utility to repair any damage. See http://docs.info.apple.com/article.html?artnum=305396 for details.
Apple says that if you are going to connect a storage device via a PCI card, make sure that card can support sleep mode. If not, you may have problems waking up the computer. You may also trigger a kernel panic. This error message may also show up:
Device Removal. The device you removed was not properly put away. Data might have been lost or damaged. Before you unplug your device, you must first select its icon in the Finder and choose Eject from the File menu.
See http://docs.info.apple.com/article.html?artnum=305262 for tips on how to avoid this.
IBM has released a cumulative fixpack for IBM Workplace Web Content Management. The update takes WCM from the 6.0.0.1 level to 6.0.0.2, and has a substantial list of bugfixes. See the fixlist, and download the update, at http://www-1.ibm.com/support/docview.wss?rs=1041&uid=swg24015650.
While there were seven security bulletins released by Microsoft in May, they actually covered 19 different bugs. I've thought about counting up all the critical bugs so far this year, bug McAfee Avert Labs has done that for me. To see how patch activity this year compares to other years, see http://www.avertlabs.com/research/blog/?p=273. So far, Microsoft is patching at a record-setting level.
There's a bug in the Microsoft Excel 2003's AutoFilter records function when in handles Excel BIFF8 format spreadsheet. The autofilter does not do a good job filtering out hostile content, and may allow an attacker to access memory and run hostile code on the computer. Microsoft has fixed this with the http://www.microsoft.com/technet/security/Bulletin/MS07-023.mspx security bulletin. Greg MacManus of iDefense Labs found this bug.
Microsoft Excel 2000, XP, 2003, 2007 and Microsoft Office for the Mac have a bug in the set font values are handled. A malicious Excel file, delivered via email or the web, could exploit this bug to run hostile code on your computer. This is a Critical bug for Excel 2000, and an Important bug for the other versions. It has been fixed with http://www.microsoft.com/technet/security/bulletin/ms07-023.mspx.
There is an integer overflow bug in Microsoft Exchange 2000's IMAP service that may allow a remote attacker to crash all Exchange services, and possibly lose data. Microsoft has patched this with http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx. Microsoft credits Joxean Koret, working with the iDefense Vulnerability Contributor Program, for finding this bug.
Microsoft says there is a property memory corruption bug that affects Microsoft Internet Explorer 6 and 7, for all versions of Windows including Windows Vista. An attacker could exploit this bug via a hostile web page to take complete control of your computer. This has been labelled a Critical bug by Microsoft. It has been patched by the Cumulative Update for Internet Explorer at http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx.
Security researchers at iDefense have found a bug in the way that Vmware Workstation handles shared folders. Because of the bug, guest systems may be able to view files belonging to the host system. As a workaround, turn off the Shared folders feature. See http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=521 for more.
5/8/2007 MIcrosoft Patches Critical Windows Server Bug
Microsoft has patched the Domain Name System (DNS) Server Service for Windows 2000 Server and Windows Server 2003. There is a buffer overflow bug that my allow an attacker to take complete control of the server through a Remote Procedure Call (RPC). Microsoft has patches available at http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx for this. Note that this is for Windows Servers, and not the ordinary Windows client software that most people use. Microsoft considers this a Critical update. They credit ark Hofman of the SANS ISC Handlers, and Bill O'Malley with the Information Security Office at Carnegie Mellon University for finding this bug.
5/7/2007 Power Drain For Vista Laptops
There have been many complaints about the poor battery life you may get when running Windows Vista on a laptop computer. The problem is the new Aero Glass interface, because if you turn off the new interface battery life shows much improvement. ZD Net has another story summarizing the complaints, and also details the work that HP has done in changing the power management functions on their Vista laptops. Read the whole thing at http://news.zdnet.com/2100-1040_22-6181366.html.
Adobe says that if you were using a beta version of Adobe Photoshop CS3, you must remove it before you install the shipping version of Adobe Creative Suite. Adobe shows how to do this, for various OS platforms, at http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=kb401056.
Google says that some users of Google Calendar say that some of their holidays are showing the label of "busy." While Google is woring on a permanent fix, they suggest deleting the Holiday Calendar, and then re-adding it.
Upgrade to Microsoft Windows Media Player 11, and you won't be able to use the Nero burning plug-in (Neroburnplugin.dll). It's incompatible with WMP 11. However, Microsoft has an update that will fix this problem. Get the update at http://support.microsoft.com/kb/935957/.
Red Hat says they have updated the Evolution PIM (Personal Information Manager) for GNOME on RHEL Desktop Workstation 5. It fixes a bug in the way the Evolution parses memo fields. An attakcer may be able to design a memo that can exploit this to run hostile code on the website. Get the update at https://rhn.redhat.com/errata/RHSA-2007-0158.html.
iDefense says they found a bug in Sun Microsystems Solaris 10. Attackers could use this bug in integer signedness to trigger a kernel panic and thus a denial of service attack. Sun has a patch for this. Read the details from iDefense, and get the link to the update, at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524.
5/6/2007 PHP Fixes Lots of Bugs
System administrators and webmasters should know update for the PHP 5.2.x and 4.4.x have been released. PHP 5.2.2 has a number of security fixes, listed at http://www.php.net/releases/5_2_2.php. A somewhat similar series of fixes for PHP 4.4.7 is at http://www.php.net/releases/4_4_7.php.
Apple has an Airport Extreme update for Intel-based Mac computers. According to Apple, it improves compatibility with third-party access points that are configured for WPA and WPA2 security. Get it at http://www.apple.com/support/downloads/airportextremeupdate2007003.html.
You may not see your Apple TV listed as a device in iTunes when you have an Ethernet network, even though iTunes can see it when you use a wireless network. Once you get past the obvious troubleshooting steps (are the network cables all plugged in?) Apple has some additional things you can check at http://docs.info.apple.com/article.html?artnum=305290.
To install Microsoft Office 2007, you are going to need 1596 MB of free space on your target drive. (That's a gigabyte and a half.) According to Microsoft, there's no way around that; either free up space, or install on another hard drive.
If you open a Microsoft Access 2007 database in read-only mode, you are stuck with Search text dialog in the Navigation pane. Even if you want to turn it off by clearing the Show Search text box, it will stay there. The only way to get rid of it is to get rid of read-only mode. See http://support.microsoft.com/kb/928300/ for the details.
Novell has an updated kernel for openSUSE 10.2. It fixes a number of security bugs that may lead to denial of service attacks, or for unpriviliged users to see infomation they shouldn't be able to see. Get the download and see the details at http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html.
5/4/2007 Patch Tuesday Preview
Microsoft announced they would be releasing seven security bulletins on Tuesday, May 8. Two of them will be for Windows, with at least one of those at the Critical level (probably the DNS bug). Three of them will be for Office, and at least one of them will be Critical. (Take your pick from the number of unpatched Office flaws that we know about.) There will also be security bulletins for Exchange and for BizTalk.
5/3/2007 Apple Plugs QuickTime Hole
Apple has patched the hole in QuickTime that may have allowed a malicious website or Java applet to run code on your computer. This update is for both the Mac (OS X 10.3.9 and 10.4.9) and Windows (2000 and XP) platforms. This bug was the one exploited in the widely publicized hacking contest. You can get the update at http://www.apple.com/support/downloads. Apple credits Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for finding the bug.
You may have problems within Adobe Acrobat when you try to create a PDF from an Adobe InDesign CS3 file. Instead of creating the file, you may get this error message:
Invalid value for parameter 'using' of event 'exportfile'. Expected PDFExportPreset, but received <name of joboption>.
According to Adobe, this error is caused by one of these job options: Oversized Pages; PDF/A-1b:2005(CMYK); PDF/A-1b:2005(RGB); Standard. Adobe has some workarounds for this at http://www.adobe.com/go/kb400876.
Cisco admits that there are a number of bugs in their Cisco Adaptive Security Appliance (ASA) and PIX security appliances. Two of the bugs may allow someone to bypass Lightweight Directory Access Protocol (LDAP) authentication; two others may trigger denial of service attacks. Cisco has free updates to fix this at http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml.
Microsoft says that the System Information tool in Windows Vista maynot be able to count the number of buttons on your mouse. It will show 0 buttons in the Number of buttons dialog. Luckily, there's an easy workaround -- Look at your mouse and count the buttons yourself.
Microsoft says that the Windows Vista Connect to a Network dialog box may not be able to tell the difference between an 802.11g and an 802.11n network. If you are trying to connect to an N network, Vista may think its a G. Microsoft says not to worry -- you will still be able to connect, and the network will work correctly.
Red Hat has released a new xscreensaver package for Red Hat Enterprise Linux 2.1, 3, and 4. If fixes a security bug that could be exploited to cause a network outage. Get the update at https://rhn.redhat.com/errata/RHSA-2007-0322.html.
5/2/2007 A Buggy Ghost (Norton Ghost, that is)
Security researchers at iDefense say there is a buffer overflow bug in Symantec Norton Ghost 10.0 that may allow local attackers only to run their code as a System level user. Symantec has fixed this bug with an update at http://www.symantec.com/avcenter/security/Content/2007.04.26.html. As a workaround, iDefense says to limit users access to the Norton Ghost Service Manager. See http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=519 for more.
Try to sync up your iPod with iTunes for Windows on a Windows XP computer, and you may get this error message: The iPod "Customer's iPod" cannot be updated. An unknown error occurred (-50)
According to Apple, this may happen if there are problems with the digital signing of some of your Windows XP drivers, or some .dll files may have become unregistered. Apple shows how to fix this at http://docs.info.apple.com/article.html?artnum=304996, but also warns that these driver problems are sometimes the result of malware.
Apple's Security Update 2007-004 added a bug to ftp configuration files for Mac OS X Server v10.4.9 systems. Because of the bug, FTP users may find they can access directories that should be off limits. This has been fixed in the Apple Security Update 2007-004 1.1.
After installing Apple Security Update 2007-004 on a Mac OS X 10.3.9 computer, you may lose your AirPort connections after waking the computer from sleep. This has been fixed in the Security Update 2007-004 v1.1.
IBM says that the Microsoft MS06-013 security update changes the behavior of some ActiveX controls in Microsoft Internet Explorer. This won't affect IBM Workplace Forms directly, bug may cause problems if the Workplace Forms Viewer is used within HTML with an OBJECT tag. IBM discusses what you may need to do about this at http://www-1.ibm.com/support/docview.wss?uid=swg21236391.
If you have more than one Network Device Interface Specification (NDIS) filter driver installed on a Windows Vista computer, you may have intermittent problems connecting to a network. Microsoft has a hotfix for this, which will be in a future Windows Vista service pack. If you need more than one NDIS filter, then see http://support.microsoft.com/kb/933657 for information on how to get the hotfix right away.
May 2007 is the Month of ActiveX Bugs. Given that just about any ActiveX control should be viewed with suspicion, the people running the site should have an easy time of it. The first bug is in the PowerPointViewer.ocx 3.1. There are a number of different ways to trigger a denial of service attack via the control. There is no fix yet. You can find this month's website at http://moaxb.blogspot.com.
The Month of ActiveX Bugs website says that bugs in the ExcelViewer.ocx 3.1 ActiveX control may trigger denial of service attacks. See how to trigger a crash at http://moaxb.blogspot.com/2007_05_02_archive.html.
Microsoft says that a bug in Excel 2007 may cause text in a chart that has been configured to display vertically to actually display as horizontal. There is no fix yet -- keep an eye on http://support.microsoft.com/kb/928732 for an update.
Microsoft says that when you try to view a snap-in such as the Disk Management Microsoft Management Console (MMC) on a Windows Server 2003 computer, you may get an error message like this:
error code 80040153 - Invalid value for registry.
The reason for the error may be that DCOM permissions have errors. Unfortunately, you may not be able to use the Dcomcnfg utility on the server to fix them. Microsoft says you will need to go to a different Windows Server 2003 computer, and use that to configure the sick one. See how to do that at http://support.microsoft.com/kb/934701.
Sun Microsystems says that there is a bug in Sun Java System Directory Server 5.2, Sun Java System Directory Server Enterprise Edition, and Sun ONE Directory Server 5.1 that may allow both local or remote users to crash the server. Sun has more information to see if you are vulnerable, plus fix information, at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102895-1.
5/1/2007 Starting Firefox in Vista
Try to start Mozilla Firefox on a Windows Vista computer, and you may see this error message:
"The program must close to allow a previous installation attempt to complete. Please restart."
Restarting Firefox, or waiting and restarting Firefox, doesn't seem to do anything. What you need to do, according to Mozillazine, is to start the Task Manager and stop the "xpicleanup" process, if it is running. Then go to the C:\Users\<your_username>\AppData\Local\VirtualStore\Program Files\Mozilla Firefox folder, and delete the xpicleanup.dat file. Still having problems? See http://kb.mozillazine.org/Browser_will_not_start_up#Windows-specific_problems for more help.
There is a bug in the way that AOL Winamp 5.34 handles MP4 files. An attacker may be able to exploit this via a maliciously designed MP4 file that can corrupt memory and possibly run code on the machine. There is no fix yet. Secunia credits Marsu with finding this bug. Read more at http://secunia.com/advisories/25089/.
Parts of your active-matrix LCD screen are bad? That's not a product defect, says Apple, it's only a "pixel anomaly". According to them, you have to expect a few "anomalies". They explain why at http://docs.info.apple.com/article.html?artnum=22194, and also tell you what you should do if you think you have too many.
Apple says there is a bug in the IO Kit HID interface that may let other local users of your computer to capture your keystrokes. That's probably not a problem for most users, but if you are sharing a Mac with lots of users (such as at a library or school) there's always a chance someone could exploit this to steal things like passwords. Apple originally fixed this in the Mac OS X 10.4.9 update, but some problems with the update package may have prevented this particular fix from being applied. Apple has fixed this again in the Security Update 2007-004. They credit Andrew Garber of University of Victoria, Alex Harper, and Michael Evans for finding this bug.
Microsoft says that the ImageX.exe tool, which is part of the Windows Automated Installation Kit, really won't work as backup software. That's not what it was designed to do, and will miss a number of things that you would want backup software to do. Microsoft explains more at http://support.microsoft.com/kb/935467.
Red Hat has updated the kernel in Red Hat Enterprise Linux 5. It fixes a couple of bugs in IPv6 that may allow local users to read memory or cause a denial of service attack. Get the update details at https://rhn.redhat.com/errata/RHSA-2007-0169.html.
4/30/2007 Adobe Photoshop PNG Bug
Secunia reports on a bug in Adobe Photoshop CS2, Adobe Photoshop Elements 5.0, and possibly in Adobe Photoshop CS3. The buffer overflow bug is in the PNG.8BI plug-in for handling PNG files. An attacker may be able to construct a PNG file that could be used to run hostile content. There is no fix yet, and the only workaround seems to be avoiding suspicous PNG files. They credit Marsu for finding the bug. Read the whole thing at http://secunia.com/advisories/25044/.
Apple has a battery firmware update for their MacBook and MacBook Pro laptop computers. Once this firmware is installed, it will update all the batteries that you install into that computer. The update should help battery performance, and in some cases prevent malfunctions. Get the update, and installation instructions, at http://docs.info.apple.com/article.html?artnum=305256.
It may be possible to accidently disable the Apple TV remote control. You'll notice that it may be disabled if the Apple TV LED flashes amber. One way to disable the remote is to the hold down the Menu and Play/Pause buttons for over five seconds. See http://docs.info.apple.com/article.html?artnum=304977 to find out how to re-enable the remote.
Cisco says that their Cisco Network Services (CNS) NetFlow Collection Engine (NFC) versions earlier than 6.0 are created with default accounts with identical usernames and passwords. Cisco has an update for this, which is not free. However, it's possible to change these default usernames and passwords via a configuration command that is discussed at http://www.cisco.com/warp/public/707/cisco-sa-20070425-nfc.shtml.
Google deleted some AdWord accounts that actually linked to sites that tried to install malicious software on your computer. The links did go to a legitimate site, but by way of a site that tries to install password stealing software. Read more at http://news.zdnet.com/2100-1009_22-6180022.html.
Try to open a Microsoft Excel 2007 spreadsheet, and you may see this error message:
Scripts in this XML document and/or references to other documents are disabled.
Look at the details for this error message, which you can see by pressing CTRL+Shift+I, and you will see this error number 700994. To get around this, you will need to lower the security level on the XSL spreadsheet . See http://support.microsoft.com/kb/908556 for instructions on how to do that, plus an explanation of what the lowered security may mean.
4/27/2007 Windows Media Player Plug-in Problems for Firefox
Try installing the Microsoft Windows Media Player plug-in for Mozilla Firefox 2.0.0.3, and the installation may fail with this error message:
Error code -203
Microsoft says to first make sure you have the latest version of the plug-in, at http://port25.technet.com/pages/windows-media-player-firefox-plugin-download.aspx. Then restart Firefox, and then restart the plug-in installation. You may see a message that Windows is changing Firefox compatibility settings. Microsoft says you don't need to do anything with that message. (Personally, I would cringe when seeing that Microsoft is changing something about Firefox, but that's just me.)
4/26/2007 QuickTime Bug Makes Mac Browsers Vulnerable
Secunia reports more on the highly critical bug in Apple QuickTime that may allow attackers to take over a computer. The bug is in the way that QuickTime uses Java, and any Java-enabled browser running on Mac OS X, which includes both Apple Safari and Mozilla Firefox, are vulnerable. For now the only workaround is to disable Java support. Read more at http://secunia.com/advisories/25011/. They credit Dino Dai Zovi with finding the bug.
Copyright 2003-2007 BJK Research LLC