Here's some of the hot topics in the world of computer bugs and security for this week.
The big news is that Windows XP Service Pack 2 has officially been RTM'ed. That means Released to Manufacturing. It has been sent out to the Microsoft Developers Network, meaning the OEM computer manufacturers such as Dell, and the megacustomers with thousands of licenses, have it now. It will be made available over the Automatic Update feature of Windows XP first. Later it will be available on CD. The stricter security standards in this release should make Windows safer. It may also cause problems with third party software vendors, who will need to upgrade their own products so that they don't run afoul of the stricter security.
There is a buffer overflow in the AOL Instant Messenger (AIM) chat application. Because of this bug, an attacker may be able to run their own programs on an AIM computer. This bug was found by iDefense and reported to AOL. Users of the program should go to http://www.aim.com/help_faq/security/faq.adp?aolp= for the latest safety tips and workarounds. While there is no fix yet, they do have a Registry edit for a workaround. Users may also want to read US-CERT's report at http://www.kb.cert.org/vuls/id/735966.
The latest version of the Bagle or Beagle worm is causing additional problems. This version, named W32.Beagle.AO@mm by Symantec (slightly different naming by other companies) has some additional twists. It tries to disguise itself as Microsoft Internet Explorer, for one thing. Another disguise, according to BugBlog reader Roseman, is that it buries itself up to ten levels deep in a Zip file. This is deeper than many AV programs scan by default. Symantec's writeup is at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html, InfoWorld has a news story at http://www.infoworld.com/article/04/08/09/HNnewbagle_1.html for further details.
Serious bugs were uncovered in graphic files using the PNG (Portable Network Graphics) format. At least one PNG bug could trigger buffer overruns. This file format is common to both different browsers, different graphics programs and different operating systems, and thus may have a wide scope. You can read a news story at http://zdnet.com.com/2100-1105_2-5298999.html. Follow-ups to this bug will be done with individual products that are affected. The Mozilla browser has already been patched.
For continuing coverage of bugs, incompatibilities, and other things that can go wrong with your computer, see the BugBlog.
Article comments