BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

XML

View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Blogcritics

 

 

BugBlog

Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current January bugs are here. Use the links on the left or below to jump back to past months.

1/31/2006 Get the Bugs Out of Your iPod

Apple has a new iPod Updater available. The new versions are new iPod Software 1.1 for iPod nano, new iPod Software 1.2.1 for iPod with color display, new iPod Software 1.4.1 for iPod mini, and new iPod Software 3.1.1 for iPod with Click Wheel. This upgrade has a number of unspecified (by Apple) bug fixes, and it also supports the iPod Radio Remote for iPod with video and iPod nano. Get it at http://www.apple.com/support/downloads/ipodupdater20060110.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft and Nullsoft.

1/30/2006 Black and White Turns Gray in Office 2003

Printing out a black and white image from a Microsoft Office 2003 Service Pack 2 application may not work correctly. According to Microsoft, some printers may print the white color as a light gray. They don't list which printers are affected, but presumably you will know if you see it. Microsoft has a hotfix for this, which will be in a future service pack. If you are affected, see http://support.microsoft.com/kb/913164 for information on how to get it sooner.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft.

1/28/2006 Possible Bug Drains Some Laptop Batteries

An article at Tom's Hardware Guide says that their testing shows that a possible bug in the Microsoft's ACPI driver may lead to a power drain when plugging a USB 2.0 device into a laptop computer with Intel Core Duo mobile processor platform. These devices have not been getting the battery life that Intel originally touted. There's still lots of undisclosed information in the story at http://www.tgdaily.com/2006/01/28/toms_hardware_uncovers_power_drain_issue/, which says that a still private Microsoft Knowledge Base article KB899179 may have the information on this problem, which dates back to July, 2005.

Today's BugBlog Plus has five more bugs and fixes for Adobe and Microsoft.

1/27/2006 Media Center Fix Overwrites Files

Installing the Update Rollup 2 for Microsoft Windows XP Media Center Edition 2005 may overright some of your DRM (Digital Rights Management) files. This may prevent you from playing some of your "protected" content. Try to play one of these files in Windows Media Player 10, and you may see the error message
C00D277F - Secure Storage Protection Error
Microsoft has a hotfix for the bug that they introduced with this previous fix. Get it at http://support.microsoft.com/kb/910393.

1/26/2006 Surprise! You Are a Mozilla Beta-Tester

Depending on how you moved to Mozilla Firefox 1.5, you may still be beta-testing browsers. Only this time you are testing Firefox 1.5.0.1. This happens if you installed one of the Firefox 1.5b1 or 1.5b2 beta versions, and then auto-upgrade to get the final 1.5 release. People who did that get labelled by Mozilla as beta-testers, and automatically get the next upgrade for testing. (Whether they wanted to or not.) To get out of the automatic beta-testing, see http://developer.mozilla.org/devnews/index.php/2006/01/19/what-the-heck-is-with-this-1501-update/.

1/25/2006 Intel Macs Won't Do the Classics

Wondering whether your Classic applications will work on the new Intel-based Apple Macs? The answer from Apple is no -- they won't be compatible. Their only advice is to to check with the manufacturer about updates of Classic apps to their Mac OS X versions. (Hey, if you can afford that new Mac, you can afford the software updates, I guess.)

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, ATI, Microsoft, PopTop and Red Hat.

1/24/2006 More Music CDs With Problems

Music CDs with DRM (digital rights management) software that opens up dangerous security holes on your computer are not llimited to those from Sony BMG. Sony actually used third-party software from two different companies, and one of the companies, SunComm, has released lists of affected CDs. There are a number of other labels and artists affected. The Electronic Frontier Foundation has links to the list, and will probably have further updates, at http://www.eff.org/deeplinks/archives/004339.php.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, and Microsoft.

1/23/2006 Review of XML Demystified

A straight-forward, "just the facts, ma'am" look at XML.

1/23/2006 Patience Needed When Accessing CD Drive

Microsoft points out that when you put a CD or a DVD into the drive of a Windows XP Media Center Edition computer, it may take at least ten seconds before you can do anything with the disk (view it in Windows Explorer or My Computer, or access its contents). That's because the disk first has to spin up to speed, then Windows has to figure out its contents, and determine what is there. Only then will you be able to use the CD. (Note that on the BugBlog's HP Media Center computer, it is often closer to 15 seconds.) See http://support.microsoft.com/kb/911815 for the details.

Today's BugBlog Plus has five more bugs and fixes for Adobe, CA, Microsoft, and Oracle.

1/21/2006 Power Icon May Be Missing in Windows XP

If Universal Plug and Play is enabled on a Windows XP computer, it may prevent the power icon from being displayed on the taskbar, even if you have configure the Always Show option in your Power Options. One way to get it to show up is to restart your computer. If that doesn't work, try the configuration steps at http://support.microsoft.com/kb/555555.

Today's BugBlog Plus has five more bugs and fixes for Apple, EMC, Microsoft, and Red Hat.

1/20/2006 Bugs in F-Secure AV

A couple of bugs have been found in most versions of F-Secure's antivirus and Internet security product lines. One is a buffer overflow that may allow a remote attacker to run their code on your computer. The second may enable other hostile content to remain undetected. F-Secure has the complete list of affected products, and patch information, at http://www.f-secure.com/security/fsc-2006-1.shtml. F-Secure credits Thierry Zoller for finding the bugs.

1/19/2006 Cisco IOS Has Denial of Service Bug

Cisco says that any of their devices running IOS and with the Cisco IOS Stack Group Bidding Protocol (SGBP) feature turned on may be vulnerable to a remote denial of service attack. This feature is turned on via a global IOS command, which causes the hardware to listen on port 9900. Cisco has updates available for the different versions of IOS. Find out more at http://www.cisco.com/en/US/products/products_security_advisory09186a00805e8a63.shtml.

1/18/2006 AOL Picture Service Has Critical Bug

US-CERT says that the America Online You've Got Pictures service has a buffer overflow bug that may allow a remote attacker to take over your computer. The bug is actually in AOL YGP Picture Finder Tool ActiveX Control (a bad ActiveX control, that's a real surprise) that is in AOL 8.0, 8.0 Plus, and 9.0 Classic. It has been fixed in AOL 9.0 Optimized and AOL 9.0 Security Edition. There is also a hotfix available at http://download.newaol.com/security/YGPClean.exe.

Today's BugBlog Plus has seven more bugs and fixes for Adobe, Apple, Microsoft, and Novell. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

1/17/2006 Thunderbird Attachments Can Be Spoofed

Earlier versions of Mozilla Thunderbird have a bug in the way they handle mail attachments. File extensions could be spoofed, leading a user to inadvertently saving and/or opening a malicious file. Testing at Secunia Research says that versions 1.0.2, 1.0.6, and 1.0.7 are vulnerable. It has been fixed in the new version 1.5.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Oracle, and Symantec. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

1/16/2006 Standby Button Ignored in Windows Media Center Edition

Once you add the Update Rollup 1 for eHome Infrared Receiver for Windows XP Media Center Edition 2005, you may have a problem with the Media Center Remote control. Pressing the STANDBY button on the remote may not put the computer into standby. Microsoft says that all you need to do is press the STANDBY button one more time - then it should go in to standby. There is a bug in the Hibernation Driver for the Windows XP Media Center that y causes the first button press to be ignored. By the way, Microsoft says that on some remotes, the STANDBY button may be labeled as POWER.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Mozilla, and Sun Microsystems. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

1/14/2006 Problems with the QuickTime Update

Many people who have installed the Apple QuickTime 7.0.4 update are complaining about the problems they are having with it. You can see two extended discussions of this at http://discussions.apple.com/thread.jspa?threadID=310936&tstart=0 and at http://discussions.apple.com/thread.jspa?threadID=309078&tstart=0. Apple has posted a QuickTime 7.0.1 reinstaller if you want to remove the update. It is at http://www.apple.com/support/downloads/quicktime701reinstallerforquicktime704.html. The reason for the update in the first place was to patch numerous security bugs that may allow hostile content to come in via graphics files. There seem to be more complaints about QuickTime for Mac than QuickTime for Windows -- but that may be because Mac users are more likely to go to the Apple Forums. The update originally appeared in the 1/11 BugBlog.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, Mozilla, and PHP. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

1/13/2006 Expert Calls Symantec and Kaspersky Flaws Rootkits

Techniques used by Symantec Norton SystemWorks and Kaspersky Anti-Virus to cloak certain files on your computer are really another version of a rootkit, according to Mark Russinovich, the software expert who unveiled the Sony rootkit problem in 2005. The Symantec cloaking technique, covered in the 1/11 BugBlog Plus, protects certain folders from deletion by hiding them. Kaspersky hides some checksum information. Read both sides of the story at http://www.pcworld.com/resource/article/0,aid,124365,pg,1,RSS,RSS,00.asp.

1/12/2006 Thunderbird 1.5 is Flying

Mozilla has released Thunderbird 1.5, the latest update to their email client. As in earlier versions of Thunderbird, they say to make sure to install it into a clean folder, one where an earlier version hasn't been installed. User data (saved emails, passwords, etc) from earlier versions are stored in a separate user profile, so the new installation folder should not be affected. A very extensive bugfix list is at http://weblogs.mozillazine.org/rumblingedge/archives/2006/01/1-5.html.

1/11/2006 QuickTime Bug Affects Mac and Windows

A bug in Apple QuickTime for both Mac OS X 10.3.9 or later, and Windows 2000/XP, may allow an attacker to run hostile code on your computer. They can do this via a QTIF image with hidden hostile content that can generate a heap buffer overflow. This has been patched in QuickTime 7.0.4, which you can get via Apple's Software Update or from http://www.apple.com/support/downloads/. Apple credits Varun Uppal for finding this bug.

Today's BugBlog Plus has eight more bugs and fixes for Apple, Cisco, Microsoft, and Symantec. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

1/10/2006 Critical Bug in Microsoft's Web Font Handling

Microsoft says all versions of Windows have a bug in the way they handle embedded Web fonts on a webpage or in an email. An attacker could construct a Web font that has malicious content that, when viewed, may allow an attacker to take complete control of the victim's computer. Microsoft classifies this as a Critical bug, and has fixes available for Windows 2000, XP, and Server 2003 at http://www.microsoft.com/technet/security/bulletin/ms06-002.mspx. It appears that they will be providing fixes for Windows 98 and ME at a later time. Microsoft credits eEye Digitial Security for finding this. (Note that this is labeled a Windows problem, and not an Internet Explorer problem. The effect on third-party browsers is not spelled out by their bulletin.)

Today's BugBlog Plus has ten more bugs and fixes for Apple, Eudora, Microsoft, Red Hat and Sun Microsystems.

1/9/2006 Microsoft WMF Bug Wins the Bug of the Month

The bug in Microsoft's graphics file, and the way it played out over a week, wins the uncoveted award for Microsoft yet again.

1/9/2006 Apple Fixes a Hole in AirPort

Apple says that a bug in the firmware for their AirPort Extreme 5.7 and 6.3 base stations may allow for denial of service attacks. Because the attack is mounted by an attacker sending malformed packets, the update makes sure these packets get thrown out, rather than bogging down the network. Get the update at http://docs.info.apple.com/article.html?artnum=303072.

Today's BugBlog Plus has ten more bugs and fixes for IBM, Microsoft, Novell, Oracle, and Red Hat. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

1/6/2006 Microsoft Releases WMF Bug Patch

If enough people complain, I guess that Microsoft will change its mind. The patch for the very dangerous WMF (Windows Metafile) bug was released early, on 1/5/2006. The patch, for Windows 2000, Windows XP, and Windows Server 2003, is a Critical Update that will prevent remote attackers from possibly taking over your computer after you view a WMF graphics file on your computer, in an email, or on a webpage. Get the update at http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx. Now that the "official" patch is out, you will not need the unofficial patch available from the Internet Storm Center. [Edit 1/10: Microsoft credits Dan Hubbard of WebSense for finding this bug.]

1/5/2006 AV Software Working Against WMF Bug

Most anti-virus programs are catching malicious content trying to sneak in through Microsoft's unpatched WMF (Windows Metafile) bug. Microsoft still insists on waiting till January 10 to patch this dangerous bug, while an unofficial but safe patch is available from the Internet Storm Center at http://isc.sans.org/diary.php?storyid=1010. In the meantime, independent testing shows that Symantec and McAfee were able to catch all 206 of the test files; most other AV vendors, with the exception of Trend Micro, also did well. Read these results at
http://news.zdnet.com/2100-1009_22-6018696.html.

1/4/2006 Microsoft Fixes Word 2003 Converter

Microsoft has a new Word 2003 post-Service Pack 2 hotfix package that fixes a bug in the WordPerfect 5.x for Windows filter. These bugs may prevent WordPerfect 5.x file options from showing up when you try to save a document. Microsoft says the problems may show up if you installed the Office Converter Pack for Microsoft Office 2003. See http://support.microsoft.com/kb/912338 for details on how to get the fix.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Symantec. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

1/3/2006 Many Exploits for Microsoft WMF Bug

The Microsoft WMF bug, from the 12/31 BugBlog, is being taken advantage of by adware vendors and others who don't have your best interests at heart. A round-up story in eWeek at http://www.eweek.com/article2/0,1895,1907102,00.asp shows that anti-virus vendors are catching up, but don't offer blanket immunity. Disabling the buggy DLL from Microsoft offers a temporary patch, by preventing Windows Picture and Fax Viewer from opening. It may be possible for this security breach to be exploited by third-party programs that open WMF files. See details, and limitations, of this workaround in the eWeek story.

Today's BugBlog Plus has five more bugs and fixes for Microsoft, Novell, RIM and Sony. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/31/2005 New Microsoft Graphics Vulnerability

Microsoft interrupts everyone's vacation with news of another vulnerability that could load hostile content onto your computer via a Windows Metafile graphic. The graphic would be hosted on a website, but Microsoft says a user would have to visit the website by clicking on a link -- they could not be forced onto the site. There are reports that code to exploit this are already circulating on the Internet. Microsoft has a bulletin at http://www.microsoft.com/technet/security/advisory/912840.mspx, which will get updated later.

12/23/2005 Have a Merry Christmas and a Happy New Year

The BugBlog will be very sporadic until about January 3. So everybody -- have a Merry Christmas and a Happy New Year. And if you celebrate something else, have a Happy Something Else.

Home | Contact | Writing | Online | News | Tips | CABE |

© 2006 BJK Research LLC