 |
| | |
Brian's Buzz on Windows has changed its name to the Windows
Secrets Newsletter. Get the latest high-tech tricks with a free
subscription. Click here to subscribe
|
|
|
 |
|
|
|
SEPTEMBER 18, 2003 - Issue 14
MS03-032 / 822925 patch doesn't work
By Brian Livingston
Son of a patch, it happened again.
I reported in the Sept. 4 issue
of Brian's Buzz that a patch for Internet Explorer 5 and 6 that was rated
"critical" by Microsoft should be installed immediately: bulletin
MS03-032
and Knowledge Base article
822925.
After that newsletter was released, Microsoft acknowledged that the
patch does not successfully close one of the serious flaws that it was
intended to correct.
eEye
Digital Security's chief hacking officer Marc Maiffret was quoted in a
News.com article
as saying that the remaining flaw is "so easy to exploit" that it could
soon wreak havoc.
The software giant on Sept. 8 added text to its
MS03-032
bulletin saying, "Microsoft is investigating these reports and will
re-issue this bulletin with an updated patch that corrects these problems."
The Redmond company is also trying to clean up the fact that installing
MS03-032 breaks ASP.NET applications running locally on Windows XP
machines, as I described in the Sept. 4 issue. Microsoft gave no estimate
of the date when a corrected patch might become available.
The security hole that still exists after the installation of
the MS03-032 patch is critical because a PC can be taken over by a
hacker if the PC user merely views a malicious e-mail or
Web page. As eEye describes it in an
alert,
even IE users running Windows Server 2003 may be vulnerable. IE on Server
2003 cannot by default view ActiveX content, which is a feature of many
Web pages. But many users "may have chosen to reactivate the ability to
view active content," eEye says.
Until Microsoft has an updated patch available, you can disable ActiveX
content in IE to guard against hackers taking over your PCs. One way to
do this in IE involves clicking Tools, Internet Options, Security, then
selecting the Internet Zone, clicking the Custom Level button, and disabling
ActiveX.
To send me more information about this, or to send me a tip on any other
subject, visit
WindowsSecrets.com/contact.
THIS WEEK'S HOT TIPS - news of the world of Windows
Possible solutions for AmphetaDesk and Windows updates
In my Sept. 4 issue
of Brian's Buzz, I printed comments from Kevin Hemenway, the developer
of AmphetaDesk, an RSS news aggregator. He and another Brian's Buzz
reader reported that a patch that is currently being downloaded by
Windows Update (they don't know which one) prevents AmphetaDesk from
accessing localhost port 127.0.0.1:8888. This problem stops the
application from collecting feeds over the Internet.
I asked other readers to hlep. We don't exactly have a solution yet,
but Robert Chapin provided the best troubleshooting tips by sending in
the following comment:
-
"I'm not familiar with AmphetaDesk, but here are the things I'd check
if IE is taking issue with the loopback address:
#1 - Most Important. Is this software using the 'localhost'
name or the 127.0.0.1 'loopback' address? They're different, as you know,
because one of them requires only a correct routing table entry. The
other 'localhost' name requires a special entry in:
%systemroot%\system32\drivers\etc\hosts
If that entry is missing, then neither the DNS nor the WINS/NetBIOS lookup
will be successful.
Certain interactions between the DNS and LMHOSTS lookup systems could also
interfere.
#2. IIS [Microsoft's Internet Information Server] is one of those
things that really gets its fingers into every part of the OS, especially
when it comes to networking. It would be good to do a thorough check of all
IP routing, filtering, and network configuration before and after the
problem goes away.
#3. If 127.0.0.1 doesn't work, then what about 127.0.0.2? Is
127.0.0.1 responding to pings? Is IE in one of its Offline moods, or
set up to use a proxy, or other goofiness?"
|
|
SPONSORED LINKS
Price Watch
Powered by Amazon.com. Prices fluctuate daily.
Top 10 Bestselling Windows XP Books This Week
1.
Windows XP for Dummies,
Sep 2001, List: $21.99, Price: $15.39
2.
Microsoft Windows XP Inside Out,
Oct 2001, List: $44.99, Price: $31.49
3.
Windows XP Annoyances,
Oct 2002, List: $29.95, Price: $20.97
4.
Teach Yourself Visually Windows XP,
Oct 2001, List: $29.99, Price: $20.99
5.
MCSE Windows XP Professional Exam Cram 2,
Nov 2002, List: $29.99, Price: $17.99
6.
Microsoft Windows XP Professional Resource Kit, 2nd Ed.,
Jun 2003, List: $59.99, Price: $41.99
7.
Windows XP Professional Complete,
Feb 2002, List: $19.99, Price: $13.99
8.
Windows XP Home Edition: The Missing Manual,
May 2002, List: $24.95, Price: $17.47
9.
Microsoft Windows XP Registry Guide,
Sep 2002, List: $39.99, Price: $27.99
10.
Windows XP Pro: The Missing Manual,
Jan 2003, List: $29.95, Price: $20.97
Search Amazon.com
Advertise in Brian's Buzz
Circulation: over 45,000. Cost per 1000: $5 per 50 words.
Text-only ads get results.
Contact us now
|
|
|
|
I'm pretty sure AmphetaDesk is using the "localhost" name, not the "loopback"
address, but that's an interesting factor to test, certainly.
Reader Jonathan Spencer provided a comment indicating that other
applications may be running into the same problem, whatever it is:
-
"I recently installed
Spamihilator,
which uses localhost as its intermediary point for de-spamming mail. After
I recently ran Windows Update (and installed Windows 2000 SP4),
Spamihilator stopped working. I reinstalled it and it's now OK, but this
looks like it might be related to the same issue."
I'll include more information in Brian's Buzz on Windows
if and when we can determine the exact cause
of the problem and its solution. I'm sending readers Chapin and Spencer
a gift certificate for a free book, CD, or DVD of their choice for
sending me comments that I printed.
RECOMMENDED READING - my book reviews of tech topics
Windows XP Unwired: A Guide for Home, Office, and the Road
More and more people are adding wireless connectivity to their laptops,
their PDAs, and their travel habits. Windows XP Unwired is a guide
not just to the various flavors of Wi-Fi (the original 802.11b, the
faster but compatible 802.11g, and the incompatible 802.11a) but also
to Bluetooth technologies and the new wide-area, medium-speed services
that are available through cellular carriers (CDMA2000 and GPRS for GSM).
With its additional information on connecting to Wi-Fi hotspots and
ensuring the security of your signals, this book will be useful to a
lot of wireless junkies, even if they don't use Windows XP.
More info
Moving to Linux: Kiss the Blue Screen of Death Goodbye!
This is kind of a funny book for me to be recommending to readers
of a Windows newsletter, but a lot of people ask me about this topic,
so here goes. Author Marcel Gagné is a columnist for Linux Journal,
and in Moving to Linux he's prepared a step-by-step guide to
converting a Windows PC to Linux - or just trying it! The book includes
a bootable CD with a version of Linux that you can poke around in
without touching or changing anything about your Windows installation.
If your boss is asking, "What's with this Linux stuff?", Moving to
Linux is a great way to show that you know what you're talking about.
More info
WINDOWS GIZMOS - my product reviews of new stuff
New printer has 2nd tray for instant 4" x 6" photos
Why should you have to remove a printer's letter-size paper and change
all the paper guides (and switch them back later) just because you
want to print a few 4" x 6" photos? Now you don't have to change a thing.
The new Canon i860 printer (about $150 street) has a second tray that delivers
photos at the flip of a switch. It sports four separate ink tanks - one
for each color and black - plus a large, extra black tank to provide
fast document printing. Canon claims the device can produce up to 23 pages
of text per minute when it's not generating full-color pictures.
More info
FORWARDING INSTRUCTIONS - news gains value when it's shared
Please share this information with your colleagues
You're encouraged to refer your friends and colleagues to this free
newsletter. Because most e-mail programs don't correctly display a formatted
message that's been forwarded, simply call people's attention to
the permanent Web address of this issue:
BriansBuzz.com/w/030918.
HERE'S A TIP - you'll get a better newsletter if you choose the paid version
You're reading the free version of Brian's Buzz on Windows
The best and most important information I can develop appears in the paid
version of the newsletter, which is longer than the free version. Your
financial contributions allow me to conduct Windows research and keep both the
free and the paid versions of the newsletter going.
Some of the extras in the paid version this week are:
- Here comes Blaster 2.0. Microsoft has found
a new critical RPC hole, with exploit code already circulating that can
lead to an even worse round of LoveSan than last month.
- Three other serious holes. If a user opens a malicious document
in almost any Office application since 1997, it can give an attacker total
control over the PC.
- Turn off Passport harrassment. The incessant pop-ups urging you to
register for Passport can now be turned off with a single Registry change.
- More on Windows 2000 SP4. Installing SP4 breaks certain aspects
of Active Directory, but there's a simple workaround.
If you make a contribution before October 1, 2003,
you'll be sent the full, paid version of this week's newsletter.
You'll also enjoy immediate access to all previous paid content, plus personal
service if your paid newsletter happens to bounce.
To upgrade to the paid version, please visit
WindowsSecrets.com/upgrade.
Thanks in advance.
WACKY WEB WEEK - playing for you the Internet's greatest bits
USB coffee cup warmer for dummies
Way back in my March 13 issue,
I revealed a laugh-out-loud invention: a coffee cup warmer
(available only from a Tokyo site that was written entirely in Japanese)
that plugs into the USB port of your laptop. This lets you use it
where power outlets are scarce.
That sparked quite a discussion in my
April 10 issue.
Several readers reported that the mini-appliance worked only on pre-heated cans
of coffee that are sold from a special type of vending machine that's common
in Japan. No one knew of any USB coffee heaters for the rest of us.
Finally, reader Marleen Wanders has found a USB coffee mug warmer that works
with any flat-bottomed cup. The AS-1420905 (pictured above left) plugs
into any USB port and has a convenient on-off switch.
Unfortunately, the reviews I was able to find on this little gadget were
only lukewarm.
Blogger Michael Cruft found, after opening the case, that it
doesn't even have a
heating element. The gizmo's inventor apparently thought that the heat
byproduct of two voltage regulators would keep coffee warm! If you're still
interested, though, the usually reliable
Cyberguys
at least have the decency to sell the unit for only $16.95 plus shipping. At
Directron.com it's
$24.99.
But if you need to keep a beverage warm, who isn't near a power strip these
days? Unless you commonly sip your coffee while drifting on an ice floe,
I'd suggest you simply get an AC-powered warmer plate.
The best one I found - with a real ceramic base and a 3-foot cord - is at the
Vermont
Country Store for $16.95. If you'd prefer a cheap plastic one (priced
from $10 to $13), the slickest unit is at
Kitchen Etc.,
followed by
TableTools,
Home Marketplace, and
RollingPin. The Kitchen Etc. model boasts 18 watts of power, which no USB
port will ever be able to match (USB is limited to 2.5 watts).
That's the end of our "geek survival tools" discussion for today!
|
|
|
|
|
| |
|
|
|
 | |