BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

Amazon.comOrder books and more at Amazon.com

Win 2K Secrets
Order Windows 2000 Secrets from Amazon.com


Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.



  Rather than chopping the BugBlog up into weekly archives, I'm going to try monthly archives instead. So all the July bugs will remain on this page, and you can use the Archives menu on the left to go to past months.
The BugBlog is free- but if you want to help support its existence, feel free to make a donation via PayPal using the button at left. XML Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.
7/31 Sun Web Server SP; More on the Microsoft MIDI Flaw; and a bug in AppleWorks

Sun ONE Web Server 6.0 Service Pack 6 is out. It has a large number of fixes, including quite a few for digest authentication problesm. There are also LDAP fixes, and a fix for the bug that was giving an unknown AVA error. The full list of fixes is at http://docs.sun.com/source/816-6770-10/rn60sp6.html#17607.
CERT's original bulletin about Microsoft Security Bulletin MS03-030, the MIDI vulnerability, suggested that disabling certain controls (disable Active Scripting, Disable Play sounds…) may offer safeguards against this threat. However, they have changed the bulletin and now state the only complete protection is by getting the patch from Microsoft. You can read the CERT bulletin at http://www.cert.org/advisories/CA-2003-18.html.
If you are using Apple AppleWorks 6.2 through 6.2.6, you may have problems if you move the Dock to the left or right side of the screen. The problems may include finding minimal margins when opening a new document, or having the Spelling window off-screen when doing a spelling check. Apple says that these have been fixed in AppleWorks 6.2.7 or later. You can get that at http://www.apple.com/appleworks/update/.
7/30 Microsoft Botches a Fix; plus Cisco, Novell, and Red Hat Fixes

Microsoft has confirmed the problem between the security patch in MS03-29 and Windows NT 4.0 Routing and Remote Access Service (RRAS). After applying the patch and rebooting the server, RRAS will fail. Microsoft is working on fixing their fix. When they finally get it right, they will report it in the Security Bulletin at http://www.microsoft.com/technet/security/bulletin/ms03-029.asp.
Cisco has found a potential denial of service attack in IOS. However, this is limited to Cisco Aironet AP1x00 Series Wireless devices, specifically the: Cisco Aironet Wireless Access Point AP1100 series running IOS 12.2(4)JA, 12.2(4)JA1, 12.2(8)JA, or 12.2(11)JA; Cisco Aironet Wireless Access Point AP1200 series running 12.2(8)JA or 12.2(11)JA; and the Cisco Aironet Wireless Bridge AP1400 series running 12.2(11)JA. The bug is fixed in IOS 12.2(11)JA1 version of the for all Cisco Aironet AP1x00 devices. See http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml for details.
Novell has an updated eDirectory for NetWare running on Windows NT. They term it a pre-Service Pack 1 release. It includes a number of bug fixes and refinements. Get the file at http://support.novell.com/servlet/tidfinder/2965952.
Red Hat has a new OpenSSH package for Red Hat Linux 7.x, 8.0, and 9. An incompatibility between OpenSSH and the PAM system may cause an information leak. You can get the updated packages at https://rhn.redhat.com/errata/RHSA-2003-222.html.
7/29 Another Look at Some Microsoft Security Bulletins; more W2K SP4 Woes; plus an Apple Final Cut Incompatibility

Microsoft has enlarged the reported vulnerability, first reported in Security Bulletin MS03-026, that affects Windows NT/2000/XP/Server 2003. The buffer overrun that leaves you open to attack on port 135 also leaves you vulnerable on port 139 and port 445. In addition, if any other port has been specifically configured for RPC, it may also be vulnerable.
Russ Cooper at NT Bugtraq reports receiving more than 30 reports that the fix from Microsoft Security Bulletin 03-029 has killed off Windows NT 4.0 RAS servers. You can see some of the details in their message archives here.
Microsoft says that Windows 2000 Service Pack 4 causes compatibility problems with Microsoft ASP.NET 1.1, if it is running on a Windows 2000 Server domain controller. If you request ASP.NET 1.1 page, you may see this error message:
Server Error in '/iwamtest' Application.
The problem, according to Microsoft, is that the IWAM account doesn't get impersonate user rights for ASP.NET 1.1.
If you upgrade a Windows 2000 computer to Service Pack 4, Certificate Services may not start when you reboot the computer. This may cause this error message in the Event Viewer:
Event Type: Error
Event Source: CertSvc
Event ID: 100
Description: Certificate Services did not start: Could not load or verify the current CA certificate.

Microsoft says that once you verify that you do have a valid certificate, you may be able to fix this by changing the LogLevel Registry Value. For the details on this, see http://support.microsoft.com/?kbid=825061.
Apple Final Cut Pro 4 has compatibility problems with the Edit Decision Lists (EDL) on a Sony 9100 or Sony 5000 EDL formats. When importing the EDL, Apple says the sequence will have no name nor any clips. For now, there is no fix or workaround.

7/28 Red Hat and Oracle Security Fixes; plus iMovie iNcompatibilities

There is a new semi package for Red Hat Linux 7.1, 7.2, 7.3, 8.0, and 9. According to Red Hat, a bug in semi 1.14.3, which is a MIME library for GNU Emacs and Xemacs, may allow an attacker to overwrite an arbitrary file with their own data. Links to the packages are at https://rhn.redhat.com/errata/RHSA-2003-234.html.
Oracle says that Oracle8i (all releases in the 8.1.x series), Oracle 9i Release 1 and Release 2 all have a common bug, a buffer overflow in the Oracle Database Server EXTPROC. This may allow an attacker to run their own code on the Oracle database. See http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf for details and patch information.
Oracle reports a buffer overflow in the Oracle E-Business Suite. Check for the details at http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf. There is also another problem with E-Business Suite, that may cause information to be disclosed to people who shouldn't be seeing it. The details for this are at http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf.
Apple says that iMovie 3.0 and later may have compatibility problems with third-party QuickTime codecs. These problems may cause an iMovie crash when some audio files get added to a project. If you look at the Crash Reporter you will see that Thread 0 crashed in strcpy. As a workaround, Apple says to shut down iMovie and then take any third party codecs out of /Library/QuickTime and ~/Library/QuickTime by dragging them to the desktop. If the crashes go away, and you dragged out more than one codec, add them in one by one to look for a culprit. For more details and help on this, see http://docs.info.apple.com/article.html?artnum=93267.
7/26 Novell iChain Support Pack; plus more on Mozilla 1.4

Novell has released iChain 2.1 Support Pack 3. This has a number of bug fixes, including two that take care of security problems. One is a buffer overflow that happens when running a special script against login. The second happens when you try a login with a name of more than 230 characters. Get the file ic21sp3.exe at http://support.novell.com/servlet/tidfinder/2966560.
If you are going to run Mozilla 1.4 on Linux, realize that you will only get full printing functionality, according to Mozilla.org, if you use the non-standard Xprint module. Without that, you won't have toolbars, printing from print preview, or page setup, among other things.
Mozilla 1.4 has a printing problem on both Macintosh and Linux. Transparent backgrounds print out as black (which certainly isn't transparent.)
7/25 Some Mozilla 1.4 bugs and fixes

Mozilla.org says that if Mozilla 1.4 crashes on startup, and the error message indicates a problem with xpcom.dll, then the basis of the problem is probably incompatibility with third-party extensions. As a workaround, they say to uninstall previous versions of Mozilla, and then completely delete the Mozilla install directory. After that, re-install Mozilla. Note that this won't lose bookmarks, preferences and the like, since that is stored with the profile data. However, you may lose the third-party extensions and plugins.
Mozilla 1.4 running on Windows is now compatible with NTLM authentication. This increases compatibility with Microsoft web and proxy servers.
Mozilla 1.4 for Linux is compiled with GCC 3.2. According to Mozilla.org, if you use these binaries, then you will have problems with JavaScript access to Flash.
One problem that may affect Mozilla is a dialog box or two that may get hidden behind the main Mozilla window. It will appear that Mozilla is locked up, but in reality it is waiting for an answer in the hidden dialog. Before you assume a crash, start minimizing windows and look for the hidden dialogs.
Mozilla.org says that if a site requires HTTP authentication to download a Java applet, and the applet also needs authentication, you will have to do two logins.
7/24 Microsoft Faces a Flurry of Security Problems -- Three bulletins and an embarrasing report about weak passwords.

Microsoft says there are two buffer overruns in their DirectX multimedia services. This is a wide-ranging bug, which affects Direct X 6.1, 7.x, 8.x, 9.x, and on Windows 98, 98 SE, ME, 2000, XP, Server 2003, and NT 4.0. (Various combinations of DirectX and Windows are involved.) Because of the buffer overruns, an attacker may be able to run their code on your computer, via a maliciously designed MIDI file. So beware of strangers offering MIDI files until you get the patches available from http://www.microsoft.com/technet/security/bulletin/MS03-030.asp. Microsoft credits eEye Digital Security for finding this one.
Microsoft has a new cumulative patch for SQL Server 7.0, SQL Server 2000, the Microsoft Data Engine 1.0, and SQL Server 2000 Desktop Engine. It includes all the previous patches for the products, plus it takes care of three new bugs. The new onew are a named pipe hijacking, a named pipe denial of service, and a SQL Server buffer overrun. You can find links to the patches at http://www.microsoft.com/technet/security/bulletin/MS03-031.asp. Microsoft gives credit to Andreas Junestam of www.@stake.com for finding the problems.
Microsoft says that Windows NT 4.0 Server has a bug in the file management function. This opens up a possibility of a denial of service attack. You can get the fix from http://www.microsoft.com/technet/security/bulletin/MS03-029.asp. The credit for finding this goes to Matt Miller and Jeremy Rauch of @stake, http://www.atstake.com.
Both C Net and The Register cover a report by Swiss researchers, who find that it is much easier to break Windows passwords. Apparently, Microsoft's password encoding techniques are susceptible to a strategy called time-memory trade-off.

7/23 A Microsoft IIS Hotfix; Windows Compatibility Problems with Intervideo, Roxio, and Dreamweaver; and Adobe PageMaker Problems

A bug in the Microsoft Internet Information Services (IIS) Inetinfo.exe process in Microsoft Windows Server 2003 may cause the IIS Admin Service to crash without causing either a Dr. Watson error message or a crash dump file. This particular bug doesn't cause the crash, it just interferes with the error reporting after one. Microsoft has a hotfix for this, which will be in a future service pack. If you can't wait for that, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 823596. Note that you may get charged for this call.
There may be compatibility problems with some third party media programs, such as Intervideo WinDVD or Roxio Easy CD Creator 5 when running on Windows 2000, XP, or Server 2003. This will happen if you are using a USB 2.0 DVD-ROM or CD-RW drive. It may cause audio or video problems, or this error message when copying:
Disc Copier could not find a support CD-ROM reader
These are caused when a host controller receives several USB STALL packets from the DVD device or the CD-RW device, and then issues a USB bus reset command. Microsoft has a hot-fix, which will be in future service packs for each of the Windows versions. If you can't wait for the fix, you can contact Microsoft Tech Support and ask for the hotfix described in Knowledge Base article 820759. Note that you may get charged for this call.
Macromedia says that Dreamweaver MX users may run into some compatibility problems after installing Microsoft .NET Framework or SDK, version 1.1 or greater. Instead of seeing the built-in ASP.NET controls show up as icons in Dreamweaver design view, the icon showing an ASP syntax error instead. This doesn't affect the page functionality -- whatever is being designed will still render correctly in a browser. As a fix, get the Dreamweaver MX extension fix for .NET framework version 1.1.
Adobe says that if you are exporting to a PDF file from PageMaker 6.5x for Windows or Macintosh, bitmapped graphics such as TIFF files may appear jagged. This will happen with the Export Adobe PDF plug-in version 3.0 or 3.0.1. Adobe has two possible fixes. The first is to upgrade to PageMaker 7. The second is to export the PDF file from PageMaker without compressing the graphics. To see how to do that, go to http://www.adobe.com/support/techdocs/310f6.htm?code=TA.
7/22 New Red Hat kernel; some Adobe Acrobat workarounds; and Windows ME mike problems

Red Hat Linux has released an updated 2.4 kernel for Red Hat Linux 7.x, 8.0, and 9. This update includes fixes for a number of security bugs. One bug in /proc/tty/driver/serial may let an attacker know the number of characters in serial links, which can be put to use for password-breaking. Another bug in /proc filesystem may let users have information to information in programs where they don't have ownership. The full list of bugs, and links to each build, are at https://rhn.redhat.com/errata/RHSA-2003-238.html.
If you make an Adobe Acrobat document, using Acrobat Distiller 5 or 6, from a Microsoft Office document, you may find that the Acrobat document is way larger than the underlying file. Adobe says if this happens, check the original document to see if there were transparent images. The way that Distiller handles these images causes a lot of file bloat. They recommend deleting any of these images before creating the PDF. For tips on finding if these images are present, and then removing them, see http://www.adobe.com/support/techdocs/3112e.htm?code=TA.
Adobe uses a third-party utility called the Netopsystems FEAD Optimizer for compression of the Adobe Reader 6.0 program. If you download and try to install the Reader 6.0, and the installation freezes, then the problem may be that the installer file got banged up during the download, and it is causing the Optimizer to choke. It may be more likely to happen when the download is done via your web browser. Adobe has a suggested workaround -- use the Adobe Download Manager by going to http://www.adobe.com/products/acrobat/readstep2.html and make sure the option Do Not Use Adobe Download Manager is not selected. You may also be able to download and install the basic Reader 6.0 program, rather than the full version.
Microsoft says that a Windows ME computer may crash if you unplug a USB microphone while it is in use. That makes sense -- but note that "in use" means more than when you are talking into it. If a program sometimes makes use of the microphone, and that program is running, then the mike is in use. Some example programs they give are Microsoft NetMeeting, GraphEdit from the Microsoft DirectShow SDK, or AmCap from the DirectShow SDK. They also suggest that crashes will be less likey if you install the DirectX 9.0a End-User Runtime package from http://support.microsoft.com/?kbid=818725.

7/21 Mac OS X 10.2.6 Security Fix, plus some Windows Media Player fixes

There is a security fix for the Apple Mac OS X 10.2.6 Client and Server. Security Update 2003-07-14 fixes a bug that may allow an unauthorized user to get access to the desktop when a password is needed while waking from a Screen Effects feature. Get the update at http://docs.info.apple.com/article.html?artnum=120232.
There is an incompatibility between the Microsoft Windows Media Player 9 OCX Control, when used with Netscape Navigator. This happens if Netscape has an embedded <APPLET> tag that is used for the OCX control. This may result in the error message:
General Failure
java.lang.NoClassDefFoundError: sun/awt/DrawingSurface at WMPNS.WMP.getHWND(WMP.java).
Get the update at http://support.microsoft.com/?kbid=817855.
Even if you install the Multilingual User Interface pack for Microsoft Windows Media Player 9 for Windows 98/ME/2000/XP, the First User Experience dialog box will still show up in English, rather than the other selected language. To fix this, go to http://support.microsoft.com/?kbid=822926 and get the download for your language.

7/19 Server Goofiness from Both Microsoft and Apple

Thanks to Eric and Dawn Olsen for hosting the party for Cleveland-area bloggers last night. Check the left-hand column for some of the locals.

There are compatibility problems between Windows Server 2003 and RSA Security's RSA ACE/Agent. If you upgrade a Windows server to Server 2003, the RSA Web Security will disappear. If you try a fresh install of RSA ACE/AGENT on Server 2003, Microsoft says it probably won't work. They pass the buck over to RSA, so you will probably need to look to them for upgrades.
If you rename a Windows Server 2003 domain that is running the Cell Manager for Hewlett-Packard (HP) OmniBack II 4.x clients, the clients will lose contact. You may see this error message:
You do not have access to any OmniBack II functionality. Contact your OmniBack II Administrator.
Microsoft says that after you rename the domain, you need to reinstall both the OmniBack II Cell Manager and the clients.
Apple says that on the Mac OS X Server 10.2, NetBoot clients won't be able to use some Disk Utility features. There's no workaround -- that's how they planned things.
Apple says that when you are configuring a UFS partition on a Mac OS X Server 10.0.3, you can't set it to 1 terrabyte (TB) or larger. Apple says the maximum is actually just less than 1 TB. The actual maximum, they say, it is 2147475488 blocks. (Remember when you used to think a gigabyte was big?)
If you have a Mac OS X Server configured to provide both DNS Service and NFS Service, it probably won't boot successfully. Instead, it will hang when it gets to "Starting Network Filesystem." If you've mistakenly ended up with this combination, check out the detailed fix from Apple at http://docs.info.apple.com/article.html?artnum=107626.
Pt 2
Office XP Bugs, and a few fixes

Microsoft Word 2002 may have problems word-wrapping around a table. This will happen if your document has a right-to-left table, and you have selected the text to be wrapped around the table. When you print it out, the text is under the table instead. Microsoft has a hotfix, which will be in a future service pack. If you are having this problem, you can either wait for the service pack, or you can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 818328. Note that you may get charged for this call, and that this hot fix also requires Office XP Service Pack 2.
If you are running Microsoft Excel 2002 with Service Pack 2 installed, you may have problems copying a range of formatted dates via a macro. Microsoft says this will happen if you have a regional setting where the short date format is dd/mm/yyy, and you are trying to copy a range that has been date formatted as dd-mm-yyyy. Microsoft has a hotfix, which will be in a future service pack. If you are having this problem, you can either wait for the service pack, or you can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 821564. Note that you may get charged for this call.
If you are running Microsoft Access 2002 on a Windows 98 computer, exporting a report in a snapshot format may not work correctly. The snapshot may be blank when you use the Windows 98 snapshot viewer. Microsoft has some suggested workarounds. If you are using an Adobe Systems PostScript printer driver, try a Hewlett-Packard Printer Control Language (PCL) printer driver instead. If you are already using a PCL driver, see if there is an update. If you are still having problems, they suggest a different printer driver entirely, although they won't specify a particular one.
7/18 Cisco Finds a Big Bug; Novell Goofs; An Update from Apache; and MS Incompatibilities

A bug with a potentially wide impact has been announced by Cisco. Any of their routers and switches that use Cisco IOS software, all versions, to process IPv4 packets are wide open to a denial of service attack. If the attacker sends a carefully constructed packet, the router will cease to process any more incoming packets till it is rebooted. Links to the upgrade status of the various versions of Cisco IOS can be found at http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml.
Novell says that their Consolidated Support Pack 9 loads the wrong driver when it is used to deliver NetWare 5.1 Support Pack 6. It will install the 32-Bit Array Controller Driver for Novell NetWare (CPQARRAY.HAM) 2.16. However, that's the wrong driver for NetWare 5.1. You should be using CPQARRAY.HAM 2.09, which you can get at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966524.htm.
Apache.org released a new version of their Apache Web server on 7/9/03. The new version 2.0.47 includes a number of bug fixes. These include: a bug in SSLCipherSuite that may use weak ciphers instead of strong ones; a bug in prefork MPM that results in a denial of service (DOS) attack; a bug in the FTP proxy that could cause a DOS attack. The full list of changes and fixes is at http://www.apache.org/dist/httpd/CHANGES_2.0.
Microsoft says that their SharePoint Portal Server 2001 is incompatible with all the versions of Windows Server 2003. You will probably see a warning message if you install Server 2003 on a computer that has SharePoint Portal Server already installed. If you persist, they predict all sorts of problems with SharePoint.
There may be incompatibility problems with applications created in Microsoft Visual Studio .NET when used on Microsoft SharePoint Portal Server. If two or more users go for the same ASPX web page simultaneously, the users that happen to be second (or third) in line might get time-out errors. Microsoft has a hotfix, which will be in a future service pack. If you really, really need this, you can contact Microsoft Technical Support, and ask for the hotfix described in Knowledge Base article 820289. Note that you may get charged for this call.
7/17 Microsoft Patches Three Security Holes -- One is Particularly Nasty

Microsoft releases another group of three security patches. The first one is by far the most threatening, affecting Windows NT/2000/XP/Server 2003.

Microsoft has patched a critical security flaw in Windows NT/2000/XP/Server 2003. There is a bug in the Remote Procedure Call protocol that may allow an attacker to send a specially designed message to Port 135 of a computer. As a result of the attack, the attacker could pretty much do as he pleased with the computer. The success of the attack depends on port 135 being open, so as a workaround you can configure your firewall to close that port. In the long run, you can download the patch for your version of Windows from http://www.microsoft.com/technet/security/bulletin/ms03-026.asp. Microsoft credits the The Last Stage of Delirium Research Group for finding and reporting this problem.
Microsoft says there is an unchecked buffer in the Windows Shell of Windows XP Service Pack 1 (but not the original version of Windows XP). The buffer can be exploited by an attacker constructing a fake Desktop.ini file and hosting it on a network share. The patch for both the 32 and 64 bit versions of Windows XP are at http://www.microsoft.com/technet/security/bulletin/ms03-027.asp.
There is a bug in the Microsoft Internet Security and Acceleration (ISA) Server 2000 that can turn it into the UnSecurity Server. Because of the flaw, an attacker may be able to do a cross-site scripting attack. System Administrators should get the patch for their language version of the ISA Server at http://www.microsoft.com/technet/security/bulletin/MS03-028.asp. Microsoft credits Brett Moore of Security-Assessment.com for finding this bug.
7/16 Patches for Red Hat and Cisco Catalyst, and more W2K SP4

Red Hat has updated nfs-utils packages for Red Hat Linux 7.x, 8.0, and 9. These take care of a bug that may allow a denial of service attack that could be triggered remotely. Red Hat credits Janusz Niewiadomski for finding the bug, a buffer overflow, in nfs-utils 1.0.3. You can find links to the updated packages at https://rhn.redhat.com/errata/RHSA-2003-206.html.
Cisco says that their Catalyst 4000 series 2948G and 2980G/2980G-A, Catalyst 5000 2901, 2902 and 2926, and Catalyst 6000 switches, running CatOS, are vulnerable to a remote denial of service attack. This attack can be triggered by sending eight non-standard TCP connections. After this attack, you will need to reboot the switch. Links to patches for the various CatOS versions are at http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml.
The NT BugTraq Mailing list has gotten a number of complaints that Windows 2000 Service Pack 4 may have compatibility problems with Captaris RightFax 7.2, 8.0, and 8.5. There isn't any word from Microsoft yet, and no official word from Captaris, although there is some unofficial acknowledgements, according to NT BugTraq. Get more details here.
7/15 Patches Pile Up for Microsoft Outlook

Why the headlines all of a sudden? To support the RSS feed that's coming soon.
If you try to send an encrypted email message using Microsoft Outlook 2002 to more than 200 people, the first 199 should go out OK. However, for number 200 on up in the list, you may see this error message
Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities: e-mail address
with the actual address showing up at the end of the error message. Microsoft has a fix for this, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 820029. Note that you may get charged for this call.
Microsoft Outlook 2002 with Service Pack 2 installed may have trouble determining which email sender's name should be the focus of a message in the following situation: your email messages are sorted by From; Outlook is focused on the message list; you use the Input Method Editor to type the first character of the sender's display name; that first character is in a Double Byte Character Set font. Microsoft says this causes Outlook to make an error when converting from DBCS to Unicode. Microsoft has a fix for this, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 819969. Note that you may get charged for this call.
In Microsoft Outlook 2002, with Service Pack 2 applied, you may get an error that crashes Outlook when you reply to an email message that is using the option "Have Replies Sent to". After the generic error message
Microsoft Outlook has encountered a problem and needs to close
the detailed error message points to a problem in Mso.dll. You may run into this error if you have installed the Outlook update 318120. Microsoft has a fix for the bug introduced in the earlier fix. It will be in a future service pack, but you can get it earlier by contacting Microsoft Technical Support and asking for the hot-fix described in Knowledge Base article 820367. Note that you may get charged for this call.
If you are running Microsoft Outlook 2002 with Service pack 2, and you have also installed the 1/22/2003 Outlook Update 812262, and you create a new e-mail rule for moving messages, you will have problems if you then collapse the .pst folder tree. The next time you start Outlook, the rule will seem to be turned off, and the .pst folder won't be in the Rules Wizard. Microsoft has a fix for this, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 820722. Note that you may get charged for this call. For more details, see http://support.microsoft.com/?kbid=820722.

7/14 BorderManager, Apple Bluetooth and MS Outlook Express Language Problems

Novell has an upgraded BorderManager Virtual Private Network (VPN) Client 3.7.2. It fixes the bug that was causing this error message
Tree or Server not found
when you try a Netware login to a Netware server behind the VPN server. Get the update in bm37vpn3.exe at http://support.novell.com/servlet/tidfinder/2966295.
Apple has an upgrade to Bluetooth. The new version 1.2.1 extends compatibility to Symbian OS based mobile phones, such as the Nokia 3650, Nokia 7650, and Sony Ericsson P800. Apple says to use in with iSync 1.1.
Apple says that if you are using their iSight camera where the only light source is 50 Hz fluorescent, there may be bands or flickering in your images. As a fix, Apple says to let the sun shine in (add sunlight as a light source, even indirectly) or turn on some incandescent bulbs.
Apple says that if you have an AirPort Extreme Base Station 3.1 with 5.1 firmware, clients running Microsoft Windows may have problems connecting. Apple has some basically generic troubleshooting advice (get updated drivers, etc.) at http://docs.info.apple.com/article.html?artnum=107620.
Microsoft says that after installing the April, 2003, Cumulative Patch for Outlook Express 6 that came with Microsoft Security Bulleting 03-14, the Tip of the Day may show up in the wrong language. This may happen if you are using the following language versions of Outlook Express: Czech, Danish, Dutch, Greek,
Finnish, French, Greek, Hungarian, Italian, Norwegian, Polish, Portuguese, Portuguese (Brazilian), Russia, Spanish, Swedish, Turkish. Microsoft has fixes for each of the languages, which you can find at http://support.microsoft.com/?kbid=820223.
7/11 W2K SP 4, and Incompatibilities on a Tablet PC

Microsoft says that because of "new functionality" in Service Pack 4 (SP4), there may be problems with logon scripts on a Windows 2000 computer after it has been upgraded to SP4. Two things need to happen for the problems: the script is in a user policy from a trusted Windows 2000 forest, and you haven't enabled the Allow Cross-Forest User Policy and Roaming User Profiles policy on this computer. The fix is to enable the policy. To see how, go to http://support.microsoft.com/?kbid=823862.
If you are running Microsoft Word 2002 on a Tablet PC with the Microsoft Office XP Pack for Tablet PC, don't try to edit an Ink Object when you are in Print Preview. Microsoft says this may lock up the computer.
When using Microsoft Word 2002 on a Tablet PC with the Microsoft Office XP Pack for Tablet PC, there may be a problem when replying to e-mail (with Word as the RTF editor). If you resize an ink canvas, it may push the reply text off the screen. Microsoft says you can get it back by minimizing and then restoring the e-mail message.
When using Microsoft Word 2002 as the RTF e-mail editor from within Microsoft Outlook on a Tablet PC equipped with the Microsoft Office XP Pack, after closing an email message you may see a prompt to save changes to the Email.dot template. Microsoft says the only way to work around this bug is to disable the option of "Use MS Word to Read RTF E-mails" from within Outlook. Go to Tools, Options and go to the Mail Format tab to do this.
7/10 ColdFusion MX and .Net Problems

Macromedia says there is a bug in ColdFusion MX (Standard Edition), ColdFusion MX for J2EE (JRun), and JRun 4.0 (All Editions). They say that someone may be able to see the source code of a ColdFusion or Jrun page if they put an encoded space at the end of a URL. However, this will only affect ColdFusion MX if it is running with an Apache 1.3.x or 2.x HTTP server on a Windows computer. If you are affected, go to http://www.macromedia.com/devnet/security/security_zone/mpsb03-04.html for the patch and installation instructions.
Microsoft says there may be some compatibility problems between Microsoft .NET Framework 1.0 and Microsoft ASP.NET 1.0, and some third-party anti-virus (AV)programs. They say that because the AV programs change the archive bit of the file, this may cause some web applications to restart. They have a hot-fix available for this problem, which they say has been tested with AV programs from Etrust, McAfee, and Symantec\Norton. You will need to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 820746. Note that you may be charged for this call. (Microsoft says you can also wait for the next service pack, which will include the fix.)
Microsoft says if you run a cross-database query in Microsoft SQL Server 2000, you may see an error message that looks like this:
Server: Msg 3624, Level 20, State 1, Line 1
Location: dbtable.cpp:2608
Expression: status
SPID: 51
Process ID: 2068
Connection Broken

Microsoft says this has been fixed in SQL Server 2000 Service Pack 3.
If you are using Apple iMovie 3, and you export a movie to QuickTime or iDVD, Apple says you audio and video may get out of sync. If you don't want your movie creations to look like a badly-dubbed foreign film, then it is time to upgrade. Apple says to move up to iMovie 3.0.3 or later, as well as QuickTime 6.3 or later.

7/9 Microsoft issues three security bulletins

A bug in the Server Message Block (SMB) of Windows NT 4.0, Windows 2000, and Windows XP may allow a buffer overrun. An attacker may be able to exploit this to corrupt data or run their own code on a computer. You can find the information for the fix for your particular version of Windows at http://www.microsoft.com/technet/security/bulletin/ms03-024.asp. Microsoft credits Jeremy Allison and Andrew Tridgell of the Samba Team for finding this bug.
A bug in the Accessibility features of Windows 2000 (features that allow people with disabilities to use Windows) may cause security problems. It may handle Windows messages incorrectly that may allow an attacker to gain higher privileges on this computer. According to Microsoft, the good news is that this can't be exploited remotely. A fix is at http://www.microsoft.com/technet/security/bulletin/ms03-025.asp.
There is a critical security update for all versions of Microsoft Windows, from Windows 98 up through Windows Server 2003. A bug in the file conversion system of Windows, that allows cut-and-pasting of HTML files, may allow an attacker to run their own code on your machine. This could only be done if they send you a hostile e-mail, or you visit a carefully-crafted web page. You will want to go to http://www.microsoft.com/technet/security/bulletin/MS03-023.asp for details, update information, and specific information about each version of Windows that is affected.

7/7 Novell TCP Upgrades, and multimedia problems with both MS and Apple

Novell has an upgraded TCP stack for both NetWare 5.1 and NetWare 6. The update includes all the fixes since the last NetWare Support Pack for both versions, along with four new fixes. One fixes a bug in the TCK SACK Otpion that caused unwanted transmissions; another fixes an ABEND in TCPReassembleSegment; a fix for UDP Fragments checksums; and a UDP Bind problem with Multicast and Broadcast addresses. The fix for 5.1 is at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965147.htm, and the NetWare 6 version is at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965158.htm.
Apple says that when a PowerBook G-4 (with the 17-inch screen) goes into sleep mode, any external amplified speakers may still make noise, which they describe as "static". (At least they aren't snores.) Apple has some workaround -- disconnect the speakers, turn down the volume, or turn off the speaker power.
This isn't a bug - it's how they planned the product. Apple says that iSync 1.1 will synchronize with data that is in a cell phone's memory, but it won't be able to synchronize with data that may be stored on the phone's SIM card.
Microsoft says that all versions of Windows XP (Home/Pro/Media Center/Tablet/64 bit) may exhibit two related problems. There may be a very long wait when going to My TV and starting LIVE TV, and there may be errors when trying to use the Windows Update site to install updates. The problems trace back to Cryptsvc.dll, for which Microsoft has a fix. They advise you to go to Windows Update and get the Q817287 Critical Update. They do not mention, however, how to do this if you are suffering from the second symptom (problems in using Windows Update.)
7/3 No bug-squashing on the Fourth-MS game bugs for now

When you play Microsoft Rise of Nations on a computer with a Creative Technologies SoundBlaster Live!Wave sound card, you may only get game sounds from one speaker. Microsoft says that the latest driver for this card should fix things. Get it from Creative at http://www.soundblaster.com.
There are compatibility problems between Microsoft Rise of Nations and the Creative Technologies SoundBlaster Live! sound card when played on a Windows XP computer. These problems may cause the game to slow down. As a fix, Microsoft says to turn off Hardware Acceleration for the sound card. Go to Start, Control Panel. Click Sounds and Audio Devices, and go to the Audio tab. Click the Advanced button under Sound Playback, and go to the Performance tab. Drag the Hardware Acceleration slide to None.
There are compatibility problems between Microsoft Rise of Nations and the Aureal Vortex sound card. The problems may be bad enough that the game won't start. As a fix, Microsoft says to turn off Hardware Acceleration for the sound card. Go to Start, Control Panel. Click Sounds and Audio Devices, and go to the Audio tab. Click the Advanced button under Sound Playback, and go to the Performance tab. Drag the Hardware Acceleration slide to None.
Digital rights management (DRM) can cause problems playing Microsoft Rise of Nations with an Audigy 2 sound card. Microsoft says there are compatibility problems between that sound card and the SafeDisc utility that is on the game. As a fix, turn off the Audigy 2 splash screen. Another problem with this sound card: don't play the game after watching a DVD on this computer. Restart your computer first.
Another place where size matters. If you use a Microsoft ActiveSync 3.1 or 3.5 serial port connect, with a baud rate of 19200, to convert a large Pocket Excel file (300 K or more) that is on a Handheld PC 2000 device, it won't work correctly. Microsoft says you may not get the .XLS file that you expect. As a workaround, set the connection speed to something greater than 19200.
If you were planning on accessing a Microsoft .Net Compact Framework network with a Pocket PC 2000 device using ActiveSync, you are out of luck. That is not a compatible combination. Microsoft says to upgrade to Pocket PC 2002 with ActiveSync 3.5 or later.
If you are using Microsoft ActiveSync to synchronize mail between Microsoft Outlook on your desktop computer and a Pocket PC 2002 handheld, you may get odd results. If you have moved mail from the Outlook Inbox to some other folder, they do not get removed from the PocketPC Inbox, at least until permanently deleted in Outlook. Microsoft says that the bug is in the PocketPC Inbox, and not in ActiveSync. A fix and a couple of alternative strategies for dealing with this are at http://support.microsoft.com/?kbid=813787.
If you add hover buttons or banner ads to a web page in Microsoft FrontPage 2002, they may not show up when you click the Preview tab. The reason, according to Microsoft, is that when you preview via the tab, you are looking at the page as it is stored in the Temporary Internet Files folder. Unfortunately, the effects from hover buttons or banner ads aren't stored there, too, so they show up as broken graphics. If you want to see them, use the Preview in Browser method instead.
7/2 Red Hat Security Fixes, and Netscape and Novell Upgrades

Red Hat has a security update for the unzip package that is in Red Hat Linux 7.x, 8.0, and 9. It fixes a bug that may allow arbitrary files to get overwritten on a computer when a ZIP file is unpacked. Get the update at https://rhn.redhat.com/errata/RHSA-2003-199.html.
Red Hat has a new redhat-config-date package for Red Hat Linux 8.0 and 9. This fixes a bug that causes problems in a system that has a separate /usr partition. This interferes with the GUI tool that lets you set the system time, date, and time zone. Get the update at https://rhn.redhat.com/errata/RHBA-2003-211.html.
Still using Novell NetWare 4.11 or 4.2? Then Novell has an upgraded DS.NLM for you. (I'm sure they also hope you upgrade someday.) DS.NLM 6.17 fixes synchronization problems with a Windows NT Server in a mixed ring. You can get the upgrade, and installation instructions, at http://support.novell.com/servlet/tidfinder/2963473.
When Netscape 7.1 is running on Windows, there will be incompatibility problems with Netscape QuickLaunch and interMute AdSubtract software that may cause the browser to crash.
Netscape 7.1 has compatibility problems with McAfee WebScanX. According to Netscape, you may get startup crashes if WebScanX is installed. They say to disable the program, and then go pester McAfee for a fix.
Netscape points out a compatibility problem when running Netscape 7.1 on the Apple Macintosh OS X 10.2.x. They say that if you do frequent updates and installs, OS X might lose the setting of Netscape as the default browser. Netscape says you will need to first delete three files:
and then reboot your Mac.
7/1 W2K SP4, and Mac OS X Mail bugs

If you use Apple iMovie 3.0.2 to import still pictures from an iPhoto library, the pictures may llok bad. In particular, Apple says you may see some real obvious pixelation. Their advice is to upgrade to iMovie 3.0.3.
In case you don't know this, the Mac OS X Mail program bases the size of email messages that you print out based on the width of the Mail message window. If the text is too small after printing, make the window narrower. If it is too big, make it wider.
If you upgrade to Windows 2000 Professional/Server/Advanced Server Service Pack 4 (SP4), and then later uninstall SP4, none of your scheduled tasks will later run. Instead, you will see the error message
Status: Could not start
The problem is that SP4 changed the credentials database, and after you get rid of SP4 the database can no longer be read. If you have already fallen into this trap, re-enter all your credentials.
Windows 2000 Service Pack 4 clears up some incompatibility problems with Windows NetMeeting. Before, hanging up on NetMeeting and then quitting a Whiteboard session may have crashed NetMeeting.
Windows 2000 Service Pack 4 includes seventeen security fixes. These are not all brand-new fixes, for many have already been issued as hot-fixes as part of Microsoft Security bulletins. To see the whole list, go to http://support.microsoft.com/?kbid=821665.
6/30 Microsoft has released Windows 2000 Service Pack 4. Here are a number of items of interest about the new service pack:

Microsoft has the complete list of fixes included in Windows 2000 Service Pack 4 listed at http://support.microsoft.com/?kbid=327194. Since the service packs are cumulative, SP4 includes the fixes from all the previous Windows 2000 Service Packs. That page has links back to the fix list for those, too.
How much space do you need to install Windows 2000 Service Pack 4. It depends on two things: if you are using a backup folder, and if you are installing from a distribution folder from a network or from the CD or web. Using a backup folder will add 175 MB to your space requirements. That might seem rather large, and you may be tempted to skip that step. But that means you won't be able to uninstall SP4, and considering Microsoft's track record of including bugs and incompatibilities in a Service Pack, you probably want that safeguard. If so, you will need 340 MB when installing from a CD or web, and 280 MB from a network.

Windows 2000 Service Pack 4 drops the Windows Media Tools (WMT) 4.1 package. If WMT is already installed, SP4 won't uninstall them, however. The reason for this appears to be licensing issues with the Microsoft MPEG-4 Video codec.
If you got some Windows 2000 pre-Service Pack 4 hotfixes directly from Microsoft Product Support Services, they might cause a conflict with Windows 2000 Service Pack 4. According to Microsoft, this is not an issue with fixes that come from either Windows Update or the Windows Download Center. You will know about the conflict during the SP4 installation, when installation will temporarily halt and an error message will tell you about the conflict. Microsoft says you can continue SP4 installation, and then get an updated fix afterwards. These are the hot-fixes which may trigger the message: 811525; 812419; 813130; 814120; 815767; 816542; 816560; 816627; 816813; 816989; 817354; 817416; 817700; 818173; 818396; 818528; 818704; 818825; 818826; 819019; 819636; 819653; 819876; 820325; 820326; 820550; 820765; 820841; 821102; 821290; 821471; 822563. For more information on this issue, see http://support.microsoft.com/?kbid=822384.
There is a compatibility problem between Windows 2000 Service Pack 4 and the Cisco Aironet wireless network adapter. If you install the Cisco Aironet Client utility with the PEAP option onto a Windows 2000 SP4 computer, you won't see PEAP on the Authentication tab, and all the dialog boxes will be different and wrong. Microsoft says you will need to go to Cisco to get the latest Aironet Client utility.
There are compatibility problems between Windows 2000 Service Pack 4 and Microsoft's own .NET Framework 1.0. Try to run one of the .NET Framework-based program or Visual Studio .NET programs, you may see one of many different error messages. As a fix, go to http://msdn.microsoft.com/netframework/downloads/howtoget.aspx and find out how to get .NET 1.1.
There are compatibility problems between Windows 2000 Service Pack 4 and Symantec Norton Internet Security 2001 or Norton Personal Firewall 2001. Try to load a web page with Internet Explorer, and you will get a time out error. Also, incoming call notification in Windows NetMeeting may be delayed by a few minutes. Microsoft says you will need to update the Symantec products.
Windows 2000 Service Pack 4 brings some new features. One is called "Impersonate a client after authentication" and the other is "Create global objects". Since they are new, existing programs may not interact well with these features. Microsoft has some tips and troubleshooting techniques at http://support.microsoft.com/?kbid=821546.
There may be some version mis-match problems if you install the Microsoft Security Update from bulletin MS03-011 onto a Windows 2000 Service Pack 4 computer that also has the Microsoft VM on it. The error message will say that the SP version is newer than the update. You will have to get the newest version of this security update, which is called the 816093 security update, from the Windows Update Catalog. For more details, see http://support.microsoft.com/?kbid=820101.