Here are some of the most significant bugs from the past week in the BugBlog:
October 10 is Patch Tuesday, and it will be an extra special one. Microsoft has announced that there will be six security bulletins for Windows, and at least one of them is rated Critical. There will be four security bulletins for Microsoft Office, and at least one will be Critical. There will also be one security bulletin for the Microsoft .NET Framework. That one is only rated Moderate. Look for full coverage in the BugBlog Plus on Tuesday.
There is a bug in McAfee ProtectionPilot 1.1.0 and McAfee ePolicy Orchestrator 3.5.0 that may allow remote attackers to run their own code on the "protected" computer. This happens via a boundary error when dealing with long source errors. You can find links to the patches. According to at least one news story, McAfee was alerted to the bug in July, but the patch was very complex, so that it took till October to fix. Read more.
The 10/2 Mozilla JavaScript bug report was a hoax. While there is a bug that may be used to crash your browser, attackers can't use it to run hostile code on your computer. Any other claims by the two researchers, who probably won't be invited back to make any more presentations, should also be considered fraudulent. While the BugBlog often reports on what independent researchers say (and these reports also included quotes from Mozilla's security spokesman that lent some credence to their claims) rest assured that these two will no longer be considered valid sources.
When using the ATI Multimedia Center 9.15 software with an ATI multimedia card, you may sometimes get a corrupted database for the TV listings. This may prevent the TV Guide software from starting. Fix this by going to the Windows XP Control Panel Add/Remove Programs applet. Select the Gemstar GUIDE Plus+ program, and then select Repair. After repairing, when you run the GUIDE again you will need to enter your name, ZIP Code, and email address again.
Article comments