BJK Research

The BugBlog

The BugBlog is a daily look at computer bugs, incompatibilities, and other things that can go wrong with your computer.

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All of the current month's bugs are here. Use the links on the left to jump back to past months, or use the search form. XML

2/28/2007 McAfee Virex 7.7 Bug

McAfee says that Virex 7.7 for Mac OS X has a bug in the way that default permissions are set. This may allow local authenticated users to launch an attack. If you are running Virex 7.7 on your own Mac, you probably don't need to worry, since you probably aren't going to attack yourself. However, if you are administering a network that uses this software, you should go to https://knowledge.mcafee.com/article/283/518722_f.SAL_Public.html for update information for Virex 7.7 Patch 1.

Today's BugBlog Plus has ten more bugs and fixes for AOL, Apple, Microsoft, Mozilla, Opera and Symantec.

2/28/2007 Episode 3 - Can a PC Guy Become a Mac Guy?

The MacBook is finally here.

2/27/2007 Outlook Calendar Gadget is Busted

The Microsoft Office Outlook 2007 calendar gadget that you can use in Windows SideShow may not work correctly. It will have problems synchronizing with the data in Outlook, and thus may give you incomplete or wrong calendar information. Microsoft says this happens in some versions of Outlook that bundle together perpetual licenses and trial licenses. (In other words, this may be another bug to chalk up to activation or anti-piracy measures.) To get it to work, you will need to disable and then re-enable the Outlook Calendar gadget. Microsoft shows how to do this at http://support.microsoft.com/kb/929866.

2/26/2007 Bug in Microsoft Publisher 2007

eEye Digital Security says they have found a bug in Microsoft Office Publisher 2007 that can be used by remote attackers. As a result, the attackers may be able to run their code on your computer, at the security level of the logged-in user. eEye sent the details on to Microsoft on 2/16. Keep an eye on http://research.eeye.com/html/advisories/upcoming/20070216.html for updates. Until a fix is ready, be wary of Publisher files that you yourself don't create.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, Microsoft, Mozilla and WordPress.

2/24/2007 Mozilla Has a Security Fix

Mozilla has released Firefox 2.0.0.2, along with Firefox 1.5.0.10 and SeaMonkey 1.0.8. This is a bugfix release that takes care of a number of bugs that could cause a crash and corrupt memory. Malicious websites may be able to take advantage of this bug to run hostile code. Get the updates either at http://www.mozilla.com/en-US/firefox/ or through the Firefox automatic update.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Cisco, Microsoft and Mozilla.

2/23/2007 Vista Application Compatibility Fixes

Microsoft has the Windows Vista Application Compatibility Update available. It fixes a number of incompatibilities between some mainstream applications and Vista. These applications include: Adobe Photoshop 7.0.1, Photshop Elements 4, and Create Suite CS2; Microsoft Money 2005 and 2006; Google desktop 4.2006.1008; AVG Anti-Spyware 7.5.0.47; and Opera 9.02. Read the whole list, and find the link to the download at http://support.microsoft.com/kb/929427

2/22/2007 Google Desktop Bugs Allow Attackers to Search Your Computer

Google patched a number of bugs in their Google Desktop software. These bugs may have allowed remote attackers to mount cross-site scripting attacks through Google Search, and use it to search for information on the victim's hard drives. The bugs were discovered by security researchers at Watchfire. Google patched the bugs before the information was released to the public. Read the details at http://news.zdnet.com/2100-1009_22-6161171.html

2/21/2007 Vista Doesn't Like Your BIOS

Try to install Windows Vista, and you may get this error report:
Error 0xC004F02A - The Software Licensing Service reported that the license is invalid.
What Microsoft says might be the case, however, is that the BIOS for this computer is incompatible with Vista, or is outdated. That means you may need a BIOS update. Microsoft has the details at http://support.microsoft.com/kb/929818.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Autodesk, Microsoft and Snort.

2/20/2007 Lotus Notes and Daylight Savings Time

If you are running IBM Lotus Notes or Domino, you will need to make some adjustments due to the change in Daylight Savings Time implementation. Do nothing, and your appointments from March 12 through March 31 may be an hour late. See http://www.ibm.com/support/docview.wss?rs=463&uid=swg21247972 for links to fix information.

Today's BugBlog Plus has five more bugs and fixes for Apple, Computer Associates, Microsoft and Sun Microsystems.

2/19/2007 Episode 2: Can a PC Guy Become a Mac Guy?

Where did all this snow come from?

2/19/2007 Cross-site Scripting Bug in Mozilla

There is a bug in the way that Mozilla browsers, including Firefox, handle URIs in a webpage with frames. This may allow an opportunity for a cross-site scripting attack, where a user can be tricked into giving information to a malicious website. There is no fix yet. You can see the details at http://www.kb.cert.org/vuls/id/885753. Michal Zalewski is credited with finding this bug.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft and PHP.

2/16/2007 Apple Fixes iChat Bugs

Apple's Security Update 2007-002 fixes two bugs in iChat for Mac OS X 10.3.9 and 10.4.8. One bug may let attackers on a local network crash the iChat client. The second may cause iChat to crash or possibly run hostile code, if you visit a malicious website. These bugs were originally reported by the Month of Apple Bugs project.

Today's BugBlog Plus has five morebugs and fixes for Apple, Cisco, and Microsoft.

2/15/2007 A New Word Zero-Day Bug Arrives

Now that Microsoft has released a patch for previous zero-day bugs plaguing Microsoft Word, it is time for the bad guys to release new zero-day bugs. Microsoft says they are researching a new bug that may target Word 2000 and Word XP. The vulnerability can only be triggered if you open a maliciously-designed document. Microsoft is tracking this particular bug at http://www.microsoft.com/technet/security/advisory/933052.mspx.

2/14/2007 What Wasn't Patched on Patch Tuesday

Microsoft patched a large number of bugs on February's Patch Tuesday. The Internet Storm Center lends a helping hand by pointing out what hasn't been patched. If you go to http://isc.sans.org/diary.html?storyid=1940 you will see a list of unpatched bugs and their threat level. For now, only one is labeled Critical, and that's a Microsoft PowerPoint bug that's only a couple of days old. Lucky for us, most are deemed Less Urgent.

Today's BugBlog Plus has nine more critical bugs and fixes for Adobe, Apple, Microsoft and Vonage.

2/13/2007 Microsoft Patches Word Bugs

Microsoft has issued a patch for six different bugs in Microsoft Word. Microsoft says that this is a Critical patch for Word 2000, and an Important patch for Word 2002, Word 2003, Office 2004 for the Mac, and Word Viewer 2003. It does not affect the newly released Word 2007. The bugs can be activated by opening maliciously designed Word documents, transmitted either via email or a website. Get the patch at http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx. Shih-hao Weng, USAA, and Adreas Marx of AV-Test are credited with finding some of these six bugs.

Today's BugBlog Plus has six more critical bugs and fixes for Microsoft.

2/12/2007 Daylight Savings Time Fix

Daylight Savings Time starts earlier this year. Any software, such as your operating system, that automatically does the "spring ahead, fall back" may not be able to handle the change. Microsoft has a February 2007 cumulative time zone update for Microsoft Windows that will make the adjustment. Follow the link to the patch for your version of Windows at http://support.microsoft.com/kb/931836.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Sun Microsystems.

2/11/2007 Can a PC Guy Become a Mac Guy?

It's time to do some computer shopping.

2/11/2007 Hibernation Interrupts iPod Charging

If you are charging your iPod by plugging it into a desktop or laptop computer, and that computer goes into standby, hibernation, or sleep, then the iPod will stop charging. That's by design, so Apple suggests you make sure the computer stays awake during the charging.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Mozilla.

2/9/2007 A Big Patch Tuesday

If all you computer nerds don't have big Valentine's Day plans, not to worry. The day before is Patch Tuesday, and Microsoft says they will be releasing 12 security bulletins. That means you'll not only have plenty to do on the 13th, but the activity will probably spill over to the next day, too. There will be five bulletins for Windows, at least one of which is deemed Critical. Two bulletins for Microsoft Office, at least one of them is Critical. (Maybe they will finally fix all the zero-day bugs in Word.) There's one Critical bulletin for Microsoft Data Access Components; one Critical bulletin that affects Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint; there's one Important bulletin that affects both Word and Office; one Important bulletin for Step-by-Step Interactive Training; they will also update the Microsoft Windows Malicious Software Removal Tool.

2/8/2007 Vista and Cisco PIX 515E Firewalls

The encryption that Windows Vista uses for communicating with secure web pages via SSL (Secure Socket Layers) is not compatible with the encryption used by Cisco PIX 515E firewalls. Try to use Internet Explorer 7 on Vista from behind one of these firewalls, and you may see this error message with secure pages: Internet Explorer cannot display the webpage Microsoft says the Cisco firewall can only use the weaker DES. They have a workaround at http://support.microsoft.com/kb/929708 that weakens security. They also prod Cisco on that page to provide an update.

2/7/2007 Firmware Update for MacBooks

Apple has a firmware update for MacBooks. The MacBook SMC Firmware Update v1.1 is supposed to fix some bugs that were causing unexpected shutdowns, otherwise known as crashes. You'll need to be updated to Mac OS X 10.4.8 to be able to see the SMC Update. Find out more at http://docs.info.apple.com/article.html?artnum=304308.

Today's BugBlog Plus has eleven more bugs and fixes for Apple, Google, Microsoft, Red Hat and Trend Micro.

2/6/2007 Zero-Day Bug for Microsoft Excel

Microsoft has issued a security advisory about a zero-day attack against Excel 2000, Excel XP, and Excel 2003, as well as Excel 2004 for the Mac. The attack occurs if you open a maliciously-designed Excel spreadsheet. There's no fix yet (and we are one week away from Patch Tuesday), so for now add this bug to the four unpatched zero-day bugs for Microsoft Word. See the details at http://www.microsoft.com/technet/security/advisory/932553.mspx.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Novell, and NVIDIA.

2/5/2007 Adobe Acrobat Wins the Bug of the Month

The Acrobat plug-in and Acrobat Reader are on almost everyone's computer.

2/5/2007 Vista Problems with iTunes Store Purchases

Apple says that iTunes 7.0.2 "may work" with Windows Vista on a typical PC. Their official stance is to wait for the next version of iTunes, which is promised for a few weeks after the official Windows Vista release. One of the compatibility problems is with digital rights management -- you may not be able to get iTunes store purchases to play on a Vista computer. See more at http://docs.info.apple.com/article.html?artnum=305042

Today's BugBlog Plus has six more bugs and fixes for Apple, Ipswitch, Microsoft and Red Hat.

2/3/2007 IE 7 Protected Mode Printing Problems

If you are using Internet Explorer 7 on a Windows Vista computer with protected mode enabled, you won't be able to use a shared printer within IE 7. Microsoft says this is because protected mode locks down parts of the Registry that are needed for the shared printer. There are two workarounds if you want to print. Either turn off protected mode, or use the Add Printer Wizard to connect to the printer. See http://support.microsoft.com/kb/927842 for details.

Today's BugBlog Plus has five more bugs and fixes for Apple and Microsoft.

2/2/2007 FireWire Problems for Windows Vista

If you have a FireWire (or IEEE 1394) device hooked up to a Windows Vista computer, the computer may be very cranky when you try to wake it from sleep. It may give you this error message:
STOP 0x0000009F DRIVER_POWER_STATE_FAILURE
Microsoft has an update to fix this. Get it at http://support.microsoft.com/kb/929762

2/1/2007 Red Hat Has a New Kernel

Red Hat has updated the kernel for Red Hat Enterprise Linux 4. The update patches a number of Important and Moderate bugs, most of which would allow local users to trigger denial of service attacks or escalate their privileges. Get the update at https://rhn.redhat.com/errata/RHSA-2007-0014.html.

1/31/2007 Reliability Update for Windows Vista

Microsoft already has a reliability update for Windows Vista. It fixes a number of USB problems, including bugs that cause devices such as fingerprint readers or Windows Media Center remote controls to stop working. It will also fix a problem that prevents you from reconnecting a USB device after you use the Safely Remove Hardware option to turn it off. Get the update 925528 at http://windowsupdate.microsoft.com.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Cisco, IBM, and Microsoft.

1/30/2007 TomTom is BadBad

A couple of viruses hitched a ride with TomTom Go 910 satellite navigation devices. TomTom says it was a "small number" of devices manufactured during September-November 2006. The devices have hard drives, and the win32.Perlovga.A Trojan and TR/Drop.Small.qp malware managed to sneak on. These are Windows malware, and while the Go 910 are Linux devices, you can connect them to your computer for backup and updates. TomTom says that antivirus software will work on the infected units. TomTom talks about it at http://www.tomtom.com/support/index.php?Language=1&FID=5327, while ZD Net covers the issue at http://news.zdnet.com/2100-1009_22-6154198.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Sun Microsystems.

1/29/2007 Vista Special Report

Should you upgrade to Windows Vista? In the words of a famous philosopher, Dirty Harry, "It all depends, do you feel lucky?" The BugBlog has gathered up all the Vista items from the past two months and added them to the Vista Special Report, which will be updated daily.

 

 

Google
 
Web www.bjkresearch.com

 

 

 

 

Copyright 2003-2007 BJK Research LLC

 

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

BugBlog archives:

May 07
April 07
March 07
Vista Special Report
February 07
January 2007
December 06
November 06
October 06
September 06
August 06
July 06
June 06
May 06
April 06
March 06
February 06
January 06

See the Site Map for BugBlog archives back to 2002