MS03-032 / 822925 patch doesn't work

Windows Secrets Newsletter • Issue 14 • 2003-09-18 • Circulation: over 400,000

Table of contents

Top Story: MS03-032 / 822925 patch doesn’t work
Insider Tricks: Possible solutions for AmphetaDesk and Windows updates
Patch Watch: MS03-039: Here comes Blaster 2.0
Insider Tricks: How to shut off the Passport reminders in XP
Wacky Web Week: USB coffee cup warmer for dummies

Top Story

MS03-032 / 822925 patch doesn’t work

Son of a patch, it happened again.

I reported in the Sept. 4 issue of Brian’s Buzz that a patch for Internet Explorer 5 and 6 that was rated “critical” by Microsoft should be installed immediately: bulletin MS03-032 and Knowledge Base article 822925.

After that newsletter was released, Microsoft acknowledged that the patch does not successfully close one of the serious flaws that it was intended to correct. eEye Digital Security’s chief hacking officer Marc Maiffret was quoted in a News.com article as saying that the remaining flaw is “so easy to exploit” that it could soon wreak havoc.

The software giant on Sept. 8 added text to its MS03-032 bulletin saying, “Microsoft is investigating these reports and will re-issue this bulletin with an updated patch that corrects these problems.” The Redmond company is also trying to clean up the fact that installing MS03-032 breaks ASP.NET applications running locally on Windows XP machines, as I described in the Sept. 4 issue. Microsoft gave no estimate of the date when a corrected patch might become available.

The security hole that still exists after the installation of the MS03-032 patch is critical because a PC can be taken over by a hacker if the PC user merely views a malicious e-mail or Web page. As eEye describes it in an alert, even IE users running Windows Server 2003 may be vulnerable. IE on Server 2003 cannot by default view ActiveX content, which is a feature of many Web pages. But many users “may have chosen to reactivate the ability to view active content,” eEye says.

Until Microsoft has an updated patch available, you can disable ActiveX content in IE to guard against hackers taking over your PCs. One way to do this in IE involves clicking Tools, Internet Options, Security, then selecting the Internet Zone, clicking the Custom Level button, and disabling ActiveX.

To send me more information about this, or to send me a tip on any other subject, visit WindowsSecrets.com/contact.

Insider Tricks

Possible solutions for AmphetaDesk and Windows updates

In my Sept. 4 issue of Brian’s Buzz, I printed comments from Kevin Hemenway, the developer of AmphetaDesk, an RSS news aggregator. He and another Brian’s Buzz reader reported that a patch that is currently being downloaded by Windows Update (they don’t know which one) prevents AmphetaDesk from accessing localhost port 127.0.0.1:8888. This problem stops the application from collecting feeds over the Internet.

I asked other readers to hlep. We don’t exactly have a solution yet, but Robert Chapin provided the best troubleshooting tips by sending in the following comment:

“I’m not familiar with AmphetaDesk, but here are the things I’d check if IE is taking issue with the loopback address:

#1 – Most Important. Is this software using the ‘localhost’ name or the 127.0.0.1 ‘loopback’ address? They’re different, as you know, because one of them requires only a correct routing table entry. The other ‘localhost’ name requires a special entry in:

#2.

#3.

I’m pretty sure AmphetaDesk is using the “localhost” name, not the “loopback” address, but that’s an interesting factor to test, certainly.

Reader Jonathan Spencer provided a comment indicating that other applications may be running into the same problem, whatever it is:

“I recently installed Spamihilator, which uses localhost as its intermediary point for de-spamming mail. After I recently ran Windows Update (and installed Windows 2000 SP4), Spamihilator stopped working. I reinstalled it and it’s now OK, but this looks like it might be related to the same issue.”

I’ll include more information in Brian’s Buzz on Windows if and when we can determine the exact cause of the problem and its solution. I’m sending readers Chapin and Spencer a gift certificate for a free book, CD, or DVD of their choice for sending me comments that I printed.

Patch Watch

MS03-039: Here comes Blaster 2.0

This month has been an exceptionally heavy period for serious new Microsoft warnings of holes and patches to close them, as you can see from the three examples highlighted in the “other bulletins” section below. But the most alarming news is that there’s another example of the same kind of hole that produced the devastating Blaster worm this summer.

According to Microsoft, a new flaw has been found in the Remote Procedure Call (RPC) protocol found in Windows NT, 2000, XP, and Server 2003. This is the same protocol that allowed Blaster to infect millions of PCs, causing many of them to reboot after a 60-second countdown, without the user even visiting a malicious Web site or previewing an e-mail. But this month’s flaw is a new, distinct one.

The security firm LURHQ Corp. announced in an alert on Sept. 16 that working hacker exploit code was already available on the Internet to use this hole to attack Windows. The advisory points out that Blaster swept the Internet in August only two weeks after exploit code first became public.

Even if you’ve installed Microsoft’s patch against Blaster (MS03-026 / 823980), you must now install MS03-039 / 824146. If you haven’t installed MS03-026, at least MS03-039 applies the earlier patch as well.

The most important other bulletins this week:

MS03-035 / 827653: A Word document can silently run malicious macros even if Word is configured not to automatically run macros.
MS03-036 / 827103: Every version of Microsoft Office, Front Page, Publisher, and Works can give an attacker control if a single document is opened.

This article is part of our paid content. Subscribe.
Already a paid subscriber? Click here to login.

Insider Tricks

How to shut off the Passport reminders in XP

Users of Windows XP know about its incessant calls for you to register for a Microsoft .Net Passport. This is an insecure and privacy-violating method for Microsoft to get your e-mail address, among other things. I’ve complained about this in previous InfoWorld columns (see Sept. 2001 and Oct. 2001), so I won’t recite a list of Passport’s problems again here.

What interests me is how to shut off the maddening reminders. Reader Scott Yorkovich heard about the secret and sent the tip to me.

A single Registry entry does the trick. In XP, you can place the following lines into a file with a .reg extension, then right-click the file and install it to disable the Passport ad pitches:

[HKEY_CURRENT_USERSoftwareMicrosoftMessengerService]
“PassportBalloon”=hex:0A,00,00,00

This trick isn’t even posted in Microsoft’s online Knowledge Base yet. The Redmond company revealed the technique in its Windows Platform News newsletter in July. That publication contains instructions that allow you to make the change manually using a Registry editor, if you prefer.

I’m sending Yorkovich a gift certificate good for a book, CD, or DVD of his choice for being the first to send me a tip that I printed.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

Wacky Web Week

USB coffee cup warmer for dummies

Way back in my March 13 issue, I revealed a laugh-out-loud invention: a coffee cup warmer (available only from a Tokyo site that was written entirely in Japanese) that plugs into the USB port of your laptop. This lets you use it where power outlets are scarce.

That sparked quite a discussion in my April 10 issue. Several readers reported that the mini-appliance worked only on pre-heated cans of coffee that are sold from a special type of vending machine that’s common in Japan. No one knew of any USB coffee heaters for the rest of us.

Finally, reader Marleen Wanders has found a USB coffee mug warmer that works with any flat-bottomed cup. The AS-1420905 (pictured above left) plugs into any USB port and has a convenient on-off switch.

Unfortunately, the reviews I was able to find on this little gadget were only lukewarm.

Blogger Michael Cruft found, after opening the case, that it doesn’t even have a heating element. The gizmo’s inventor apparently thought that the heat byproduct of two voltage regulators would keep coffee warm! If you’re still interested, though, the usually reliable Cyberguys at least have the decency to sell the unit for only $16.95 plus shipping. At Directron.com it’s $24.99.

But if you need to keep a beverage warm, who isn’t near a power strip these days? Unless you commonly sip your coffee while drifting on an ice floe, I’d suggest you simply get an AC-powered warmer plate.

The best one I found – with a real ceramic base and a 3-foot cord – is at the Vermont Country Store for $16.95. If you’d prefer a cheap plastic one (priced from $10 to $13), the slickest unit is at Kitchen Etc., followed by TableTools, Home Marketplace, and RollingPin. The Kitchen Etc. model boasts 18 watts of power, which no USB port will ever be able to match (USB is limited to 2.5 watts).

That’s the end of our “geek survival tools” discussion for today!

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Table of contents

Top-scoring articles in the past 12 months

Internet Services

Web Development

Digital Marketing

Consumer Tech