Wednesday, November 22, 2006

Apple Archive May Mean Adobe Activation Again

According to Apple, if you do an Archive and Install of a Mac OS X 10.4 computer, and you have Adobe software installed, you might have to re-activate the software. To find the various ways that activation of Adobe software might screw you up, see http://www.adobe.com/support/techdocs/331418.html.

Adobe Has Another Flash Update

Adobe has an updated Flash Player 9.0.28.0 that patches a security bug that affects Flash Player 7.x, 8.x, and 9.x. The bug lets remote attackers modify HTTP headers which could then lead to HTTP Request Splitting attacks. Users of Flash Player 7-9 should get the latest player at http://www.adobe.com/go/getflashplayer. Note that Microsoft also issued a security bulletin on the same day about Flash Player -- but this bulletin was about a bug in Flash Player 6, a bug fixed by Adobe two months earlier.

Microsoft Agent Bug

Microsoft says that their Microsoft Agent software technology has a critical bug that may allow a hostile website to completely control your computer. To fall victim, you would need to visit a website that links to a malicious .ACF file. This is a Critical bug for Windows 2000 and Windows XP, and a Moderate bug for Windows Server 2003. There is information on a temporary workaround, plus links to a permanent fix, at http://www.microsoft.com/technet/security/Bulletin/MS06-068.mspx. If you really aren't that familiar with Microsoft Agent (I wasn't) you can learn about it at http://www.microsoft.com/msagent/default.asp.

Cisco Secure Desktop is Insecure

Cisco says their Cisco Secure Desktop (CSD) 3.1.1.33 and earlier software has three bugs that lessen security. One bug may leave information from an Internet browsing session using SSL VPN (Secure Socket Layer on a Virtual Private Network) on a computer after the session ends. Another bug will let users leave the Secure Desktop when they shouldn't, and then third lets local users gain extra privileges. Cisco has fix information at http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml.

Less Importing in Office 2007

Microsoft eliminated a number of file import filters for some really old file formats. According to Microsoft, Excel 2007 won't be able to open or save in these formats: WK1 (1-2-3), WK4 (1-2-3), WJ3 (1-2-3 Japanese) (.wj3), WKS (1-2-3) WK3 (1-2-3), WK1,FMT(1-2-3), WJ2 (1-2-3 Japanese) (.wj2), WJ3, FJ3 (1-2-3 Japanese), DBF 2 (dBASE II), WQ1 (Quattro Pro/DOS), WK3,FM3(1-2-3), Microsoft Excel Chart (.xlc), WK1,ALL(1-2-3), WJ1 (1-2-3 Japanese) (.wj1) WKS (Works Japanese) (.wks). Chances are, if you've been plugging away on a DOS version of Lotus 1-2-3, I guess you aren't the type of computer user contemplating a jump to Office 2007.

Tuesday, November 14, 2006

Mozilla Patches Digital Signature Bug

There is a bug in the way that Mozilla Firefox, Thunderbird, and SeaMonkey handle RSA digital signatures. If the signatures use a low exponent, they could be forged. Mozilla fixed this in Firefox 2, but the fix was incomplete in Firefox 1.5.0.7. They have come out with a bug fix release, Firefox and Thunderbird version 1.5.0.8, and SeaMonkey 1.0.6, to take care of this and a few other bugs. Mozilla credits Ulrich Kuehn for finding this bug.
f you are a WordPress blogger, (hmm, maybe I shouldn't mention that here at Blogger) it's time to upgrade. WordPress has released WordPress 2.0.5, which has around 50 bug fixes. Some of the fixes tighten security, including in the wp-db-backup plug-in. You can get the upgrade at http://wordpress.org/download/.

Microsoft XML Bug

Microsoft has issued a Security Advisory about a bug in the XMLHTTP 4.0 ActiveX Control. This control is part of Microsoft XML Core Services 4.0 on Windows, which should be present on Windows 2000, Windows XP, and Windows Server 2003 computers, even if the users don't know it. However, Windows Server 2003 users running with Enhanced Security Configuration on will not be vulnerable. An attack could be mounted if you browse to a maliciously designed page, resulting in hostile code running on your computer. Microsoft is working on a patch which will be coming in a future Patch Tuesday. Read the details at http://www.microsoft.com/technet/security/advisory/927892.mspx.

MacBook Cure for "Random System Shutdown"

There is a new SMC firmware update for Apple MacBooks running Mac OS X 10.4.7 and 10.4.8. This update is supposed to improve stability and also cure unexpected shutdowns, what outsiders (but not Apple) refers to as "random shutdown syndrome." Get the update at http://www.apple.com/support/downloads/macbooksmcfirmwareupdate11.html.

Monday, November 06, 2006

IE 7 Causes Problems for McAfee Updates

McAfee reports that after you upgrade to Microsoft Internet Explorer 7, you will have problems updating McAfee Consumer 2006 products. By their count, you will see nine different yellow Information Bar warnings before you will be able to update their products. If you need help, McAfee has a 25 step workaround listed at http://ts.mcafeehelp.com/faq3.asp?docid=410052.

IE 7 Plays Havoc With Windows XP Repair

Once you have installed Microsoft Internet Explorer 7, you must take special precautions before you do a Windows XP repair installation. If you don't, you will break Internet Explorer. (Probably because the repair installation will write a whole bunch of older IE 6 DLL files.) Microsoft says you must uninstall IE 7 before doing the repair installation -- assuming your computer is functioning well enough for that. After the repair, you can reinstall IE 7. Read the details from Microsoft at http://support.microsoft.com/kb/917964/.

xBox 360 May Not Like Windows Media Player 11

If you first install Microsoft Windows Media Player 11 on a Windows XP computer, and then you try to authorize your Microsoft Xbox 360 to use it with Windows Media Connect, you may get an error message and the authorization won't take place. Microsoft has a workaround for this listed at
http://www.microsoft.com/windows/windowsmedia/player/11/readme.aspx#ErrorwhensettingupXbox360softwareafter
WindowsMedi