BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

Amazon.comOrder books and more at Amazon.com

Win 2K Secrets
Order Windows 2000 Secrets from Amazon.com

 

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Blogcritics

bugblog

  Rather than chopping the BugBlog up into weekly archives, I'm going to try monthly archives instead. So all the August bugs will remain on this page, and you can use the Archives menu on the left to go to past months.
The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. XML Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.
8/29 Time to Patch some Microsoft Servers

If you are ready to patch and fix Microsoft BizTalk Server 2002, go to http://support.microsoft.com/?kbid=815781. This page has links to the extensive fix list for BizTalk Server 2002 Service Pack 1, and a link to get the service pack itself.
If you try to use the Sysprep (System Preparation) tool that comes with Windows Server 2003 to add sites to the Trusted or Local Intranet Zone in Microsoft Internet Explorer, the tool won't work. Microsoft has a hotfix, which will be in a future service pack. If you want to be able to add the sites in Sysprep, you need to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 823616. Note that you might get charged for this call.
8/28 Windows Update Woes

There is an incompatibility between the America Online (AOL) web browser and the Microsoft Windows Update site. This incompatibility is enough to prevent the Windows Installer from completing the update. To do an update, Microsoft says to connect to the Internet via AOL in the normal way. Then start the regular version of Microsoft Internet Explorer, and go to http://windowsupdate.microsoft.com. If you are still having problems, Microsoft says to clear all your Temporary Internet files and Cookies. This is done in the IE, Tools, Internet Options, General dialog.
Microsoft says that if you have Office 2003 installed on a Windows XP Service Pack 1a computer, you might see this error message when starting one of the Office apps:
The application failed to initialize properly (0xc0150002). Click on OK to terminate the application.
Microsoft says that this error is triggered if one of the following conditions is met: 1) This computer was upgraded from Windows XP Home to Windows XP Professional; 2) You had to reinstall Windows XP on your computer; 3) You repaired Windows XP on this computer. If you have fallen into this trap, Microsoft says you can fix things by reinstalling Windows XP SP1a on the computer.
Michael Horowitz of ComputerGripes.com emails to tell about some struggles he's had with Windows Updates. These are his results, and they are carefully documented at http://www.computergripes.com/windows.update.html.
8/27 Red Hat Patches Security Holes

Red Hat has fixed a buffer overflow in the pam_smb packages in Red Hat Linux 7.2, 7.3, 8.0, and 9. This buffer overflow is in pam_smb 1.1.6 and earlier, and may allow an attacker to run their own code on the machine, if pam_smb is running and the system is configured to authenticate remotely accessible service. Get the upgraded packages at https://rhn.redhat.com/errata/RHSA-2003-261.html. Red Hat credits Dave Airlie of the Samba team for finding this.
Red Hat has an updated package for GDM, the GNOME Display Manager for X, for Red Hat Linux 7.x, 8.0, and 9. This fixes a bug which would let a local user read any text file on the system. This bug may also allow a denial of service attack if XDMCP is on. Get the updates at https://rhn.redhat.com/errata/RHSA-2003-258.html.
8/26 Microsoft Passport and MSN Compatibility Info

A client computer running Windows XP will not be able to log on to a web site using Microsoft Passport, if that site has been set up to authenticate against and to run in the Passport Preproduction (PREP) environment. To get around this, you are going to have to edit the Registry of the client computer. For detailed instructions and important safeguards, see http://support.microsoft.com/?kbid=816417.
If, for some odd reason, you really want to use the MSN (Microsoft Network) dial-up service on an Apple Macintosh computer with an AirPort base station, configuration steps for both OS 9 and OS X are at http://support.microsoft.com/?kbid=811519.
When using Microsoft .NET Passport 2.x or Microsoft Passport 2.5, and you enter a host name with exactly 256 characters, you will see this error message, which Microsoft refers to as "bogus":
The value entered for the host name must be a string less than 2048 characters long and cannot be empty.
Microsoft says they have fixed this in Windows Server 2003.
8/25 Some Mac OS X configuration oddities

Apple says that after a crash of the ystem configuration server process (configd) in Mac OS X, you may not be able to find DHCP and BOOTP configuration settings in the Network preferences, TCP/IP tab. You may not be able to change these or other network settings. Apple says you will need to reboot the computer.
Apple says that users of Mac OS X have the option to turn off automatic checking of updates. However, some Apple software updates will turn that feature back on without telling you.
The Apple Power Mac G5 has an internal air deflector that helps cool off the inside of the machine. Apple says that if the air deflector isn't installed in the correct spot, the G5 will run more slowly. (I guess the guy in the commercial won't get blasted all the way out of the house.) So if you are poking around inside the machine, be careful of the air deflector.
8/22 BugBlog Changes File Extensions

We have begun to use ColdFusion for some underlying technologies. This means that some file extensions have changed from .html to .cfm. If you have the BugBlog bookmarked, please make sure to use http://www.bjkresearch.com/bugblog/, instead of using /bugblog/index.html. You will still be able to find your way here after the switch.
8/21 Microsoft Patches IE with MS03-032

Microsoft rolled out another cumulative patch for Internet Explorer 5.01, 5.5, and 6.0. In addition to including all the previously released fixes, this one takes care of two additional problems. The first is a bug in the cross-domain security model, that may allow one website to have access to info that belongs to another site. The second bug has to do with the way IE handles the object type returned from a Web server. These flaws may cause attacks just by viewing a hostile web page, or opening a malicious HTML-formatted email message. You can get the update, and further details, from http://www.microsoft.com/technet/security/bulletin/ms03-032.asp. Microsoft credits Yu-Arai of LAC, the eEye Digital Security team, and Greg Jones from KPMG UK, for alerting them to the various bugs.
eEye Digital Security has put up more information about the Internet Explorer "Object Data Remote Execution Vulnerability", dealt with in Microsoft's MS-03-032 Security Bulletin, at http://www.eeye.com/html/Research/Advisories/AD20030820.html.
8/20

Macromedia Server Fix; How to de-worm Cisco

Macromedia says that there is a security bug in the server behaviors in Dreamweaver MX, Dreamweaver UltraDev, and in Volumes 2 and 4 of their Developer's Resource Kit. It may allow an attacker to get hold of some of the sit-specific cookie info, and also some session info. Get patches at http://www.macromedia.com/devnet/security/security_zone/mpsb03-05.html.


Cisco has put out another information bulletin, showing how customers can configure their Cisco devices to combat the "Nachi" worm, which exploits two Microsoft vulnerabilities. It involves blocking some protocols and ports. Get the details at http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml.
8/19

Not Dead Yet -- IBM Has Some Lotus SmartSuite Fixes

IBM has released a patch for Lotus 1-2-3 Release 9.8. This fixes two bugs in the spreadsheet. The first bug prevents a DBF file from being imported if its path exceeds 40 characters in length. The second bug causes 1-2-3 to crash if you save a chart in Microsoft Excel format, and the chart has a background pattern. Get the patch from ftp://ftp.software.ibm.com/software/lotus/fixes/SmartSuite/123V98_Patch.zip.


There is an update for Lotus SmartSuite 9.6. This update fixes two bugs in Lotus Approach. The first bug is in the Query by Box dialog -- if there are multiple "or" conditions, only the first two will show. The second bug affects the Spanish version - the Lotus Notes filter for Approach is missing. Get the update at ftp://ftp.software.ibm.com/software/lotus/fixes/SmartSuite/SS_Win_Rel_961.zip.


There is an update for Lotus SmartSuite 9.6. This update fixes a number of bugs in Lotus Freelance Graphics. One bug prevents Freelance files from opening if there is a "-l" in its path. Another bizzare character-based bug -- if a file has "-c" in it, it will start multiple sessions of Lotus 1-2-3. This update also fixes some problems with ODMA. Get the update at ftp://ftp.software.ibm.com/software/lotus/fixes/SmartSuite/SS_Win_Rel_961.zip.
8/18

MS Word Bugs; and Cisco Blasts Back at W32.BLASTER

Well, the utilities seem to be back to First World levels -- no more rolling blackouts, and we can drink the tap water, so it's back to bugblogging.

If Microsoft Word 2002 is opening a RTF (Rich Text Format) document that was created by a non-Microsoft source, such as a Unix program, the document may open slow or scroll slow. This happens because the document uses vertically merged table cells defined with the \clvmgf and \clvmrg RTF control words. Microsoft has a hotfix, which will be in a future service pack. If you get screwed up by this bug often, you may want to get the fix right away. Contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base document 818791. Note that you may get charged for this call.


If you are using Microsoft Word 2002, Excel 2002, PowerPoint 2002 or Publisher 2002 to print an AutoShape with a black border, you may have problems if you are using a color printer which prints black by mixing the red, green, and blue inks. The border may not actually be black. Microsoft says the problem isn't present in the Office 2000 versions of these programs, so their suggested workaround is to use those versions for this task.
When using Microsoft Word 2000 Service Pack 3, copying and pasting a single character of text may cause Word to crash. Microsoft has a post-SP3 hotfix to solve this, which they will include in a future service pack. If you need the fix earlier, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 822114. Note that you may get charged for this call.
To see how you can configure your various Cisco devices to combat the W32.BLASTER worm, read Cisco's recommendations at http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml.

8/15 This was supposed to happen 1/1/2000!

Power is back on this morning, but they are forecasting random surges and rolling blackouts. So no bug-blogging today.
8/14 Updates for CiscoWorks and Red Hat; and some Microsoft Access bugs

There are two bugs that cause security problems in CiscoWorks Common Management Foundation (CMF) 2.1 and earlier. One bug may allow a guest user to gain administrative privileges (nothing like making your guests feel welcome) and the other may let someone run arbitrary commands on the CiscoWorks server. Cisco is updating CiscoWorks CMF 2.0 and 2.1 to fix these. Find information on the updates at http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml.
Red Hat has a new redhat-config-network package for Red Hat Linux 9. They say that this includes many bug fixes, although the individual fixes aren't specified on their web site. You can get the update from https://rhn.redhat.com/errata/RHBA-2003-183.html.
You may have problems with a Microsoft Access 97 database if you try to open it in Access 2002. Instead of justing opening it, Access will bombard you with the following message:
You have selected a database created in a previous version of Microsoft Access. You can convert or open the database.
You will run into these problems if all the following factors hold: you choose to Open database in Access 2002, but retain the Access 97 file format; there is a macro in the Access 97 database; you opened the database in Access 97, and edited the macro. Do all that, and you will get the error when you try to open it in Access 2002. Microsoft has a hotfix for this, which will be in a future service pack. If you can't wait for the fix, you can contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 821185. Note that you may get charged for this call.
If you export data from Microsoft Access 2002 into Microsoft Excel 97 or 2000, you may have problems formatting an individual cell of the exported data. Microsoft says the Format Cells dialog won't even open if you do a right-click. Microsoft says you will be able to format, if you do one of the following: select and format the entire exported range; use the menu to do a Format, Cells.
8/13 Windows CE Problems; Plus Some Apple Font Bugs

Some handheld devices running Microsoft Windows CE .NET 4.2 and that include both TCP/IP and a firewall may have configuration problems. If an IP address change notification comes in while the firewall driver is initializing, or while a call to the FirewallSetInterface function is happening, the firewall will lock up, which might cause problems with the device. Microsoft has a fix for this available at http://www.microsoft.com/downloads/. You would want to search for the fix called Windows CE 4.2 Core OS QFE 821506.
Microsoft says that the Microsoft XML (MSXML) Document Object Model (DOM) and the XML minimal parser in Windows CE .NET 4.2 may use up to 100 KB more than they really need. If your handheld device doesn't have lots of memory, this can cause capacity problems. Microsoft has a fix availabe, Windows CE 4.2 Core OS QFE 821039, at http://www.microsoft.com/downloads/, that should take care of the waste.
Apple says that Safari 1.0 or later running on Mac OS X 10.2.6 or later has problems with the Times RO font. Apple says that this doesn't come with Mac OS X, but some install it. If the font is there, Safari may not be able to load some web pages, or possibly get stuck in the middle of loading. If this happens, close Safari and then search two folders, /Library/Fonts/ and ~/Library/Fonts/, for Times RO. If you find it, get rid of it.
Apple says their video editing applications, including Final Cut Pro, Final Cut Express, and iMovie, may not like it if both an iSight camera and a DV video camera are both connected to the computer. Start up these applications, and they may lock up. Apple's workaround is simple -- disconnect the iSight camera from its FireWire port before starting your editing session.
8/12 Some Microsoft Internet Explorer bugs

If you have installed the Q332184 hotfix for Microsoft Internet Explorer 6.0 SP1, and then try to download web pages that have malformed or extraneous headers, you may see this error message:
Page cannot be displayed
Microsoft has a hotfix to fix the problem you get from installing this previous hotfix. You may want to wait for the next Internet Explorer service pack. However, if you often run into these bad headers, you may want to contact MS Technical Support and ask for the hotfix described in Knowledge Base article 818139. Note that you may get charged for this call.
There is a conflict between Microsoft Internet Explorer 6 and some unknown (to Microsoft, at least) third-party application, which may cause IE to crash when it starts up. If you look at the error report that is generated after the crash, you may see it pointing to Ssl.dll 1.0.0.1. As a workaround, make sure IE is shut down. Then go to C:\Program Files\Support Software, and look for these two files: Install.exe and Ssl.dll. If they are there, rename them to something else.
8/12 Information on W32.Blaster.Worm

If you need information on dealing with the W.32.Blaster.Worm, you should see this page at the Symantec Security Response site, http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html, or at https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf.
8/11 Smart Cards and Windows Server 2003; Plus Novell iChain patch, and Apple Printing Woes

In the next week or two, the website will be changing and using Cold Fusion for some underlying technologies. This means that some file extensions are going to change from .html to .cfm. If you have the BugBlog bookmarked, please make sure to use http://www.bjkresearch.com/bugblog/, instead of using /bugblog/index.html. You will still be able to find your way here after the switch.

If you have multiple smart cards on a Windows Server 2003 computer, the correct certificates for the smart cards may got associated with the wrong keys, and the smart cards may not work. Microsoft has some suggestions at http://support.microsoft.com/?kbid=330228 on how to take care of this.
There may be a problem with the Custom Version 2 template for smart card logons in Windows Server 2003. Microsoft has a fix that shows how to edit the custom template to avoid this problem. See them at http://support.microsoft.com/?kbid=313629.
Novell has released iChain 2.2 Field Patch 2. One of the bugs it fixes is the possibility of one user getting into another user's session if both sessions are open on the same port. It also fixes a variety of abend situations. Get the file ic22fp2.exe at http://support.novell.com/servlet/tidfinder/2966683.
Apple says that with Mac OS X 10.1.5 and 10.2 or later, if an application has been open for a long time, and has printed some files already, it may lose its ability to print. A quick workaround is to close the application and open it again. If you have a Hewlett-Packard or Lexmark printer with a PDE plug-in, you may want to update it from your printer manufacturer. Some additional workaround steps for other printers are at http://docs.info.apple.com/article.html?artnum=25533.
8/9 Red Hat Messes Up Signature Checks

Red Hat has GPG signature verification on downloaded packages from their website. This is a good thing, for the Red Hat Update Agent can tell what packages need updating. What is not a good thing, however, is that versions 3.0.7 and 3.1.23 of the update agent, for Red Hat Linux 8.0 and 9, check the signatures incorrectly. Red Hat says it is highly unlikely that anyone could exploit this bug to sneak bad packages on to your system, but advise you to get the updates anyway at https://rhn.redhat.com/errata/RHSA-2003-255.html. Red Hat thanks Barry Nathan for finding and reporting this error.
Red Hat says there is a bug in the HTML rendering widget, GtkHTML, in the Evolution mail reader in Red Hat Linux 9. If Evolution gets a special designed mail message, it could cause a crash. The update is at https://rhn.redhat.com/errata/RHSA-2003-126.html.
The Posfix Mail Transport Agent (MTA) in Red Hat Linux 7.3, 8.0, and 9 has two bugs. Versions of Postfix earlier than 1.1.12 may let an attacker bounce-scan private networks or mount distributed denial of service attacks. Postfix 1.1 up to and including 1.1.12 may allow an attacker to start a denial of service attack via a bad envelope address. Updates are at https://rhn.redhat.com/errata/RHSA-2003-251.html. Red Hat credits Michal Zalewski for discovering and disclosing the flaws and Wietse Venema for providing patches.

8/8 Windows Hotfixes, plus some Apple Workarounds

In the next week or two, the website will be changing and using Cold Fusion for some underlying technologies. This means that some file extensions are going to change from .html to .cfm. If you have the BugBlog bookmarked, please make sure to use http://www.bjkresearch.com/bugblog/, instead of using /bugblog/index.html. You will still be able to find your way here after the switch.
There is a bug in the redirector feature used in Windows 2000 and Windows XP. This may cause problems when you try to open "medium to large" files (sorry, but they aren't more precise than that) in a program such as Microsoft Excel. According to Microsoft, redirector does not use ReadAhead, which is what causes the problems. They have hotfixes for both Windows 2000 and XP, which will be in future service packs for those products. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 328237. Note that you may get charged for this call.
Not sure if you have all the security problems with Microsoft Outlook 2002 patched? (It's a big job, after all.) Make sure you at least have the Outlook 2002 Post-Service Pack 2 Hotfix Rollup package. It has three new fixes: a recurring meeting attendee problem; a fix for a Custom Form bug that crashes Outlook; and a fix for recipients populating a forwarding box. It also includes all the past hotfixes. They really want you to wait for the next service pack, but you can contact Microsoft Technical Support to ask for the hotfix described in Knowledge Base article 822868. Note that you may get charged for this call.
Apple says that when you order an iPhoto book, you should only use these fonts within the book: Helvetica, Helvetica Neue, Century Gothic, Papyrus, Gill Sans, Markerfelt, Baskerville, Brush Script. Use any other font, and the text may come back truncated or distorted. They may also just cancel your order.
If you are using Apple Remote Desktop 1.0 to 1.2, and it tells you that a client is unavailable, Apple says that you shouldn't necessarily believe it. Sometimes clients are really available, you just need to refresh the list. You can do that by switching to another computer list and back, or quit Remote Desktop and then start it again. If it is still listed as unavailable, then you can believe it. One other possibility -- if the client is running Mac OS 9, there may be this incompatibility discussed at http://docs.info.apple.com/article.html?artnum=107500.
8/7 McAfee VirusScan Pro Problems; Some Issues with Windows Server 2003; and a Fix for Mozilla

In the next week or two, the website will be changing and using Cold Fusion for some underlying technologies. This means that some file extensions are going to change from .html to .cfm. If you have the BugBlog bookmarked, please make sure to use http://www.bjkresearch.com/bugblog/, instead of using /bugblog/index.html. You will still be able to find your way here after the switch.

eWeek reports that the McAfee VirusScan Professional 7.03 update prevents some Windows 2000 or Windows XP customers from connecting to the Internet after the reboot. It appears that the problem comes when upgrading from 7.02 to 7.03. According to the story, the update has been pulled from the McAfee download site. If you have already been bitten by the bug, there is not yet any fix information. You can read the full story, including the irate customer quotes, at http://www.eweek.com/article2/0,3959,1212162,00.asp.
Microsoft says that the Mount Manager's AutoMount feature is turned off by default in Windows Server 2003 Enterprise Edition and Datacenter Edition. That means you may not be able to access a raw partition (one that hasn't been formatted yet) on your hard drive. If you need to do this, you will need to do a Registry edit to turn this feature on. The details and warnings are at http://support.microsoft.com/?kbid=822653.
Microsoft says that Windows Server 2003 may run into a problem when it has Terminal Server turned on. If the Termdd.sys Terminal Server component has too many work items entries, it may lock up the server. Unfortunately, Microsoft doesn't specify how many is "too many". They do have a hotfix, which will be in a future Windows Server 2003 Service Pack. If you are running into this problem, and can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base document 821467. Note that you may get charged for this call.
On 2/21, the BugBlog looked at a problem with Mozilla 1.x's XUL.mfl file. Problems with this file sometimes caused Mozilla to lock up when loading. This was a problem that hit me once or twice a week. Maybe I'm speaking too soon, but after over three weeks of using Mozilla 1.4, this lockup hasn't occurred.
8/6 Some Mozilla 1.4 bugs

In the next week or two, the website will be changing and using Cold Fusion for some underlying technologies. This means that some file extensions are going to change from .html to .cfm. If you have the BugBlog bookmarked, please make sure to use http://www.bjkresearch.com/bugblog/, instead of using /bugblog/index.html. You will still be able to find your way here after the switch.

While you can open multiple tabs for browsing in Mozilla 1.4, don't go to extremes. According to Mozilla.org, if you open more than 25 tabs, some of them may stop responding.
Mozilla.org says that Mozilla 1.4 may have problems using SMTP (Simple Mail Transport Protocol) over SSL (Secure Socket Layer) via port 465, which unfortunately happens to be the standard port for secure SMTP. In many cases, it will only work over port 25. They say it will still be secure. If you use port 465, or some other port, Mozilla may lock up.
Mozilla 1.4 on Windows has problems with the Adobe SVG plugin, which may cause a crash. As a workaround, they say to try to use a Mozilla build that has SVG support.
When running Mozilla 1.4 on Linux, there may be problems with the ESD Audio plugin and Macromedia Flash. There may be some other problems with Flash, but Mozilla.org says they get cleared up by upgrading to Flash 6.
When using Mozilla 1.4 on an Apple Mac OS X computer, Microsoft Windows Media Player files that are embedded in a web page won't work. Mozilla.org has no suggestions for a workaround.

8/5 Some bugs and fixes for Microsoft Outlook 2002 and Exchange Server 2003

Microsoft says that Outlook 2002 may lose track of which outgoing emails were actually sent if you lose your dial-up or network connection while outgoing mail is in the Outlook Outbox. Some messages will get moved to the Sent folder, even though they weren't sent. Microsoft has a hotfix, which will be in a future service pack. If you really can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix discussed in Knowledge Base article 822115. Note that you may get charged for this call. Also, the hotfix needs Office XP Service Pack 2 installed first.
In Microsoft Outlook 2002, you can add sub-folders to the Contacts folder. However, Microsoft says the new sub-folders will not be sorted alphabetically. They do have a hotfix for this bug, which will be in a future service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 821669. Note that you may get charged for this call. Also, the hotfix needs Office XP Service Pack 2 installed first.
After installing Microsoft Office XP Service Pack 2, you will have some filtering problems in Microsoft Outlook 2002. While you will be able to create calendar views that have filters, the filtered view actually won't show up when you apply it. Microsoft has a hotfix to fix the bug that came in Service Pack 2. It will be in a future service pack. If you can't wait, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 821468. Note that you may get charged for this call. Microsoft points out that you need Service Pack 2 installed before applying the hotfix, but then you wouldn't be needing this hotfix if it wasn't for this service pack.
If you use the Microsoft Exchange Server 5.5 Administrator program to hide a mailbox for an Address Book, it gets hidden too well. That's because when you later try to use the Data Synchronization Manager or the Exchange System Manager component of Microsoft Exchange Server 2003 to move this mailbox, you will get this error message
There is no such object on the server.
That's because it's hidden, of course. As a workaround, you will need to use the Exchange Server 5.5 Administrator program to temporarily unhide the mailbox. To see the steps involved, see http://support.microsoft.com/?kbid=823458.
If you are going to run the Internet Mail Wizard on a Microsoft Exchange Server 2003, either Standard or Enterprise Edition, you need to make sure that all network adapters on this computer are functioning. If not, when you get to the page to Create SMTP virtual servers, one of the IP addresses may be set to 0.0.0.0. This will happen even if you have one functioning adapter, and one unplugged or disabled.
There is an incompatibility between Netscape Navigator 6.x or Netscape Navigator 7.x and Microsoft Outlook Web Access (OWA) on an Exchange Server 2003. If a mailbox is stored on an Exchange 2003 front-end server that is using Secure Sockets Layer (SSL), and Gzip compression is enabled on the Exchange virtual server. If you open the OWA Options page, you may not be able to save or close it. For now, there is no fix.
8/4 Apple's European Goof; Novell Plays Better with PeopleSoft; RedHat Continues nfs-utils Fix

Apple said that some of their European model PowerBook G4s and Flat Panel iMacs had the wrong preloaded software installed. This will cause a problem if you need to use the Software Restore CDs. When you try to use the first one, it will not be accepted. Apple's fix is drastic: Start the computer with the first Mac OS X 10.2 Install CD. Perform a clean installation, using the "Erase hard disk" option. Hope you had your data backed up.
Novell has released an updated DirXML Driver 4.0 for PeopleSoft. The new driver takes care of some incompatibility problems. It's called drps4pt3.exe, and you can get it at
http://support.novell.com/servlet/tidfinder/2966503.
Red Hat has updated a previously fixed nfs-utils package that was patched to fix a potential denial of service attack. On 7/30/2003 they also added fixes for Red Hat Linux on IBM iSeries and pSeries systems. Get the fix at https://rhn.redhat.com/errata/RHSA-2003-206.html.
8/1 Hardware Compatibility Problems with Windows Server 2003; Apple Toughens Up Mac OS X 10.2.6

If you hook up a Dell PV122T DLT Medium Changer to a Windows Server 2003 computer, Windows won't be able to identify it. Once this happens, the device will quit working. Microsoft has a hotfix, which is an updated Powerfil.sys driver. It will be in a future service pack, but if you need it sooner, you will have to contact Microsoft Technical Support and ask for the hotfix describe in Knowledge Base article 823211. Note that you may get charged for this call.
Microsoft points out a potential problem with Windows 2000, XP, and Server 2003. If you suspend and resume your computer a number of times, you might find that your hard drive may start to work slowly. The problem is that after the Windows driver Atapi.sys gets six time-out or cyclical redundancy check (CRC) errors within a session, it will adjust hard drive performance into slower "PIO Mode", which you may see in Device Manager. Microsoft has a hotfix, which also includes a Registry edit, for this problem. First, check out the details at http://support.microsoft.com/?kbid=817472. If you think you need this fix, there will be contact information and some cautions listed.
Apple's Security Update 2003-07-23 1.0 is for the Mac OS X 10.2.6 client and server. It updates Work Group Manager 1.2.2 with a policy procedure. After installing the update, any new account created by the Workgroup Manager will have a disabled password. That means no one will be able to use that account until somebody goes in and uses it for the first time. Get the update at http://docs.info.apple.com/article.html?artnum=120235.

7/31 Sun Web Server SP; More on the Microsoft MIDI Flaw; and a bug in AppleWorks

Sun ONE Web Server 6.0 Service Pack 6 is out. It has a large number of fixes, including quite a few for digest authentication problems. There are also LDAP fixes, and a fix for the bug that was giving an unknown AVA error. The full list of fixes is at http://docs.sun.com/source/816-6770-10/rn60sp6.html#17607.
CERT's original bulletin about Microsoft Security Bulletin MS03-030, the MIDI vulnerability, suggested that disabling certain controls (disable Active Scripting, Disable Play sounds…) may offer safeguards against this threat. However, they have changed the bulletin and now state the only complete protection is by getting the patch from Microsoft. You can read the CERT bulletin at http://www.cert.org/advisories/CA-2003-18.html.
If you are using Apple AppleWorks 6.2 through 6.2.6, you may have problems if you move the Dock to the left or right side of the screen. The problems may include finding minimal margins when opening a new document, or having the Spelling window off-screen when doing a spelling check. Apple says that these have been fixed in AppleWorks 6.2.7 or later. You can get that at http://www.apple.com/appleworks/update/.
7/30 Microsoft Botches a Fix; plus Cisco, Novell, and Red Hat Fixes

Microsoft has confirmed the problem between the security patch in MS03-29 and Windows NT 4.0 Routing and Remote Access Service (RRAS). After applying the patch and rebooting the server, RRAS will fail. Microsoft is working on fixing their fix. When they finally get it right, they will report it in the Security Bulletin at http://www.microsoft.com/technet/security/bulletin/ms03-029.asp.
Cisco has found a potential denial of service attack in IOS. However, this is limited to Cisco Aironet AP1x00 Series Wireless devices, specifically the: Cisco Aironet Wireless Access Point AP1100 series running IOS 12.2(4)JA, 12.2(4)JA1, 12.2(8)JA, or 12.2(11)JA; Cisco Aironet Wireless Access Point AP1200 series running 12.2(8)JA or 12.2(11)JA; and the Cisco Aironet Wireless Bridge AP1400 series running 12.2(11)JA. The bug is fixed in IOS 12.2(11)JA1 version of the for all Cisco Aironet AP1x00 devices. See http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml for details.
Novell has an updated eDirectory 8.7.0.4 for NetWare running on Windows NT. They term it a pre-Service Pack 1 release. It includes a number of bug fixes and refinements. Get the file at http://support.novell.com/servlet/tidfinder/2965952.
Red Hat has a new OpenSSH package for Red Hat Linux 7.x, 8.0, and 9. An incompatibility between OpenSSH and the PAM system may cause an information leak. You can get the updated packages at https://rhn.redhat.com/errata/RHSA-2003-222.html.

| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02