The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.
The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All of the current month's bugs are here. Use the links on the left to jump back to past months, or use the search form.
McAfee says that Virex 7.7 for Mac OS X has a bug in the way that default permissions are set. This may allow local authenticated users to launch an attack. If you are running Virex 7.7 on your own Mac, you probably don't need to worry, since you probably aren't going to attack yourself. However, if you are administering a network that uses this software, you should go to https://knowledge.mcafee.com/article/283/518722_f.SAL_Public.html for update information for Virex 7.7 Patch 1.
Today's BugBlog Plus has ten more bugs and fixes for AOL, Apple, Microsoft, Mozilla, Opera and Symantec.
The MacBook is finally here.
The Microsoft Office Outlook 2007 calendar gadget that you can use in Windows SideShow may not work correctly. It will have problems synchronizing with the data in Outlook, and thus may give you incomplete or wrong calendar information. Microsoft says this happens in some versions of Outlook that bundle together perpetual licenses and trial licenses. (In other words, this may be another bug to chalk up to activation or anti-piracy measures.) To get it to work, you will need to disable and then re-enable the Outlook Calendar gadget. Microsoft shows how to do this at http://support.microsoft.com/kb/929866.
eEye Digital Security says they have found a bug in Microsoft Office Publisher 2007 that can be used by remote attackers. As a result, the attackers may be able to run their code on your computer, at the security level of the logged-in user. eEye sent the details on to Microsoft on 2/16. Keep an eye on http://research.eeye.com/html/advisories/upcoming/20070216.html for updates. Until a fix is ready, be wary of Publisher files that you yourself don't create.
Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, Microsoft, Mozilla and WordPress.
Mozilla has released Firefox 126.96.36.199, along with Firefox 188.8.131.52 and SeaMonkey 1.0.8. This is a bugfix release that takes care of a number of bugs that could cause a crash and corrupt memory. Malicious websites may be able to take advantage of this bug to run hostile code. Get the updates either at http://www.mozilla.com/en-US/firefox/ or through the Firefox automatic update.
Today's BugBlog Plus has ten more bugs and fixes for Apple, Cisco, Microsoft and Mozilla.
Microsoft has the Windows Vista Application Compatibility Update available. It fixes a number of incompatibilities between some mainstream applications and Vista. These applications include: Adobe Photoshop 7.0.1, Photshop Elements 4, and Create Suite CS2; Microsoft Money 2005 and 2006; Google desktop 4.2006.1008; AVG Anti-Spyware 184.108.40.206; and Opera 9.02. Read the whole list, and find the link to the download at http://support.microsoft.com/kb/929427
Google patched a number of bugs in their Google Desktop software. These bugs may have allowed remote attackers to mount cross-site scripting attacks through Google Search, and use it to search for information on the victim's hard drives. The bugs were discovered by security researchers at Watchfire. Google patched the bugs before the information was released to the public. Read the details at http://news.zdnet.com/2100-1009_22-6161171.html
Try to install Windows Vista, and you may get this error report:
Error 0xC004F02A - The Software Licensing Service reported that the license is invalid.
What Microsoft says might be the case, however, is that the BIOS for this computer is incompatible with Vista, or is outdated. That means you may need a BIOS update. Microsoft has the details at http://support.microsoft.com/kb/929818.
Today's BugBlog Plus has ten more bugs and fixes for Apple, Autodesk, Microsoft and Snort.
If you are running IBM Lotus Notes or Domino, you will need to make some adjustments due to the change in Daylight Savings Time implementation. Do nothing, and your appointments from March 12 through March 31 may be an hour late. See http://www.ibm.com/support/docview.wss?rs=463&uid=swg21247972 for links to fix information.
Today's BugBlog Plus has five more bugs and fixes for Apple, Computer Associates, Microsoft and Sun Microsystems.
Where did all this snow come from?
There is a bug in the way that Mozilla browsers, including Firefox, handle URIs in a webpage with frames. This may allow an opportunity for a cross-site scripting attack, where a user can be tricked into giving information to a malicious website. There is no fix yet. You can see the details at http://www.kb.cert.org/vuls/id/885753. Michal Zalewski is credited with finding this bug.
Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft and PHP.
Apple's Security Update 2007-002 fixes two bugs in iChat for Mac OS X 10.3.9 and 10.4.8. One bug may let attackers on a local network crash the iChat client. The second may cause iChat to crash or possibly run hostile code, if you visit a malicious website. These bugs were originally reported by the Month of Apple Bugs project.
Today's BugBlog Plus has five morebugs and fixes for Apple, Cisco, and Microsoft.
Now that Microsoft has released a patch for previous zero-day bugs plaguing Microsoft Word, it is time for the bad guys to release new zero-day bugs. Microsoft says they are researching a new bug that may target Word 2000 and Word XP. The vulnerability can only be triggered if you open a maliciously-designed document. Microsoft is tracking this particular bug at http://www.microsoft.com/technet/security/advisory/933052.mspx.
Microsoft patched a large number of bugs on February's Patch Tuesday. The Internet Storm Center lends a helping hand by pointing out what hasn't been patched. If you go to http://isc.sans.org/diary.html?storyid=1940 you will see a list of unpatched bugs and their threat level. For now, only one is labeled Critical, and that's a Microsoft PowerPoint bug that's only a couple of days old. Lucky for us, most are deemed Less Urgent.
Today's BugBlog Plus has nine more critical bugs and fixes for Adobe, Apple, Microsoft and Vonage.
Microsoft has issued a patch for six different bugs in Microsoft Word. Microsoft says that this is a Critical patch for Word 2000, and an Important patch for Word 2002, Word 2003, Office 2004 for the Mac, and Word Viewer 2003. It does not affect the newly released Word 2007. The bugs can be activated by opening maliciously designed Word documents, transmitted either via email or a website. Get the patch at http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx. Shih-hao Weng, USAA, and Adreas Marx of AV-Test are credited with finding some of these six bugs.
Today's BugBlog Plus has six more critical bugs and fixes for Microsoft.
Daylight Savings Time starts earlier this year. Any software, such as your operating system, that automatically does the "spring ahead, fall back" may not be able to handle the change. Microsoft has a February 2007 cumulative time zone update for Microsoft Windows that will make the adjustment. Follow the link to the patch for your version of Windows at http://support.microsoft.com/kb/931836.
Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Sun Microsystems.
It's time to do some computer shopping.
If you are charging your iPod by plugging it into a desktop or laptop computer, and that computer goes into standby, hibernation, or sleep, then the iPod will stop charging. That's by design, so Apple suggests you make sure the computer stays awake during the charging.
Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Mozilla.
If all you computer nerds don't have big Valentine's Day plans, not to worry. The day before is Patch Tuesday, and Microsoft says they will be releasing 12 security bulletins. That means you'll not only have plenty to do on the 13th, but the activity will probably spill over to the next day, too. There will be five bulletins for Windows, at least one of which is deemed Critical. Two bulletins for Microsoft Office, at least one of them is Critical. (Maybe they will finally fix all the zero-day bugs in Word.) There's one Critical bulletin for Microsoft Data Access Components; one Critical bulletin that affects Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint; there's one Important bulletin that affects both Word and Office; one Important bulletin for Step-by-Step Interactive Training; they will also update the Microsoft Windows Malicious Software Removal Tool.
The encryption that Windows Vista uses for communicating with secure web pages via SSL (Secure Socket Layers) is not compatible with the encryption used by Cisco PIX 515E firewalls. Try to use Internet Explorer 7 on Vista from behind one of these firewalls, and you may see this error message with secure pages: Internet Explorer cannot display the webpage Microsoft says the Cisco firewall can only use the weaker DES. They have a workaround at http://support.microsoft.com/kb/929708 that weakens security. They also prod Cisco on that page to provide an update.
Apple has a firmware update for MacBooks. The MacBook SMC Firmware Update v1.1 is supposed to fix some bugs that were causing unexpected shutdowns, otherwise known as crashes. You'll need to be updated to Mac OS X 10.4.8 to be able to see the SMC Update. Find out more at http://docs.info.apple.com/article.html?artnum=304308.
Today's BugBlog Plus has eleven more bugs and fixes for Apple, Google, Microsoft, Red Hat and Trend Micro.
Microsoft has issued a security advisory about a zero-day attack against Excel 2000, Excel XP, and Excel 2003, as well as Excel 2004 for the Mac. The attack occurs if you open a maliciously-designed Excel spreadsheet. There's no fix yet (and we are one week away from Patch Tuesday), so for now add this bug to the four unpatched zero-day bugs for Microsoft Word. See the details at http://www.microsoft.com/technet/security/advisory/932553.mspx.
Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Novell, and NVIDIA.
The Acrobat plug-in and Acrobat Reader are on almost everyone's computer.
Apple says that iTunes 7.0.2 "may work" with Windows Vista on a typical PC. Their official stance is to wait for the next version of iTunes, which is promised for a few weeks after the official Windows Vista release. One of the compatibility problems is with digital rights management -- you may not be able to get iTunes store purchases to play on a Vista computer. See more at http://docs.info.apple.com/article.html?artnum=305042
Today's BugBlog Plus has six more bugs and fixes for Apple, Ipswitch, Microsoft and Red Hat.
If you are using Internet Explorer 7 on a Windows Vista computer with protected mode enabled, you won't be able to use a shared printer within IE 7. Microsoft says this is because protected mode locks down parts of the Registry that are needed for the shared printer. There are two workarounds if you want to print. Either turn off protected mode, or use the Add Printer Wizard to connect to the printer. See http://support.microsoft.com/kb/927842 for details.
Today's BugBlog Plus has five more bugs and fixes for Apple and Microsoft.
If you have a FireWire (or IEEE 1394) device hooked up to a Windows Vista computer, the computer may be very cranky when you try to wake it from sleep. It may give you this error message:
STOP 0x0000009F DRIVER_POWER_STATE_FAILURE
Microsoft has an update to fix this. Get it at http://support.microsoft.com/kb/929762
Red Hat has updated the kernel for Red Hat Enterprise Linux 4. The update patches a number of Important and Moderate bugs, most of which would allow local users to trigger denial of service attacks or escalate their privileges. Get the update at https://rhn.redhat.com/errata/RHSA-2007-0014.html.
Microsoft already has a reliability update for Windows Vista. It fixes a number of USB problems, including bugs that cause devices such as fingerprint readers or Windows Media Center remote controls to stop working. It will also fix a problem that prevents you from reconnecting a USB device after you use the Safely Remove Hardware option to turn it off. Get the update 925528 at http://windowsupdate.microsoft.com.
Today's BugBlog Plus has ten more bugs and fixes for Apple, Cisco, IBM, and Microsoft.
A couple of viruses hitched a ride with TomTom Go 910 satellite navigation devices. TomTom says it was a "small number" of devices manufactured during September-November 2006. The devices have hard drives, and the win32.Perlovga.A Trojan and TR/Drop.Small.qp malware managed to sneak on. These are Windows malware, and while the Go 910 are Linux devices, you can connect them to your computer for backup and updates. TomTom says that antivirus software will work on the infected units. TomTom talks about it at http://www.tomtom.com/support/index.php?Language=1&FID=5327, while ZD Net covers the issue at http://news.zdnet.com/2100-1009_22-6154198.html.
Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Sun Microsystems.
Should you upgrade to Windows Vista? In the words of a famous philosopher, Dirty Harry, "It all depends, do you feel lucky?" The BugBlog has gathered up all the Vista items from the past two months and added them to the Vista Special Report, which will be updated daily.
Copyright 2003-2007 BJK Research LLC