BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

Amazon.comOrder books and more at Amazon.com

Win 2K Secrets
Order Windows 2000 Secrets from Amazon.com

 

BugBlog

BugBlog Bug of the Month

Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past month. Usually, it is a single bug that is either particularly harmful or affects lots of users.

This month is different. The Bug of the Month goes to Microsoft, not for a single bug but for their body of work over the past month. Think of it as one of those lifetime achievement Oscars.

Why Microsoft? Well consider that on this month's Patch Tuesday, April 11, they released five security bulletins. Three of them fixed critical flaws in Microsoft Internet Explorer, in Windows Explorer, and in the Microsoft Data Access Components. There was also an important update for Outlook Express and a moderate update for Front Page. That's an impressive bunch of bugs, but that really wasn't what won the award for Microsoft. What clinched the win for them was how many problems were generated by these patches.

The Windows Explorer patch had to be re-released on April 26 to fix incompatibility problems the original patch had with the Hewlett-Packard Share-to-Web program and with some older NVIDIA graphics card drivers. These third-party apps are older but are still in use on lots of computers.

The patch for Internet Explorer, where security was tightened to help guard against rogue web sites, also caused problems for legitimate web sites that used ActiveX commands. Those sites needed to re-write their pages to keep users from having to click multiple times. Third-party applications from Siebel and Google were also affected. Part of the problem was that Microsoft mixed non-security changes in behavior along with the security patches in the comprehensive upgrade, a decision roundly criticized by many. (For example, see eWeek at http://www.eweek.com/article2/0,1759,1952445,00.asp.)

There were also problems with the Outlook Express patch. There were numerous postings on Microsoft's own message boards saying the MS06-016 patch for Outlook Express caused the address book to disappear. Also, form-style messages couldn't be sent from web pages. If you removed the patch, then the problems went away. If you have Windows Update set to work automatically, however, the patch may get re-installed the next day.

So for both the bugs and the buggy way they were patched, Microsoft wins this special Bug of the Month.

Previous Bugs of the Month

April 2006: Adobe Macromedia Flash Player

March 2006: Microsoft Windows Media Player

Feb 2006: Apple QuickTime

Jan 2006: Microsoft WMF Bug

Dec 2005: Sony's Secret DRM Scheme Leaves Users Exposed

November 2005: Four Separate Bugs Leave Windows Open to Takeover

October 2005: Acrobat Screws Up MS Word

September 2005: Apple Security Update Breaks 64-bit Apps

August 2005: Cisco IOS Vulnerable to IPv6 bug

July 2005: RealNetworks Fixes Four Bugs in Their Media Player

June 2005: Flawed Rollout for Netscape 8

May 2005: TCP/IP Fix for Windows

April 2005: Denial of Service against Symantec Norton AntiVirus

March 2005: IDN Spoofing Bug

February 2005: Windows Animated Cursor Bug

January 2005: Windows Firewall Problems with Dial-up connections

The Bug of the Month is also posted at Blogcritics.org