Okay, seriously, I promise this is (one of) the last time(s) we'll be talking about the upcoming Daylight Saving Time change. 
So you've got a snazzy Treo 680, but every time you whip it out to make a call or snap a photo, you realize that the battery's dead.
Microsoft is always under attack. This time around it's Powerpoint, again. Just a few days after patching bugs, PowerPoint was hit again. A Microsoft Security Program Manager was made aware of a proof of concept code that was affecting Microsoft Office 2003 PowerPoint, as well as PowerPoint 2000, and PowerPoint 2002. This hole allows for hackers to potentially execute code on a user's computer by the user opening a hacked PowerPoint file. A good idea would be to keep checking in with Microsoft, to see if a fix has been integrated by the Microsoft Security Response Alliance.
Symantec moved quickly to squash a security vulnerability in its AntiVirus Corporate Edition which was disclosed by eEye Digital Security last week, and according to CRN Australia an official fix is now being rolled out in the form of an IPS signature update. An unnamed executive from another security vendor, however, says they are "scratching their heads in disbelief" regarding the choice, because hackers could reverse-engineer the signatures and get "a blueprint of the vulnerability." It seems to me that any fix released could likewise be reverse-engineered, but it may be true that an IPS signature is easier to dissect. Let's just hope all of those Corporate users have their AntiVirus set to keep those signatures up-to-date.
I was sure we wouldn't see a
fix for this one until May's Patch Tuesday, but Microsoft has announced that the fix for the troublesome
patch released two weeks ago will be available tomorrow, April 25, halfway through its usual patch cycle. Microsoft
also has a knowledgebase article on the issue which basically
says "it's the fault of this old third party software" and gives a few registry tweaks if for some reason you
can't wait for the patch. Plus one point for fixing it out of cycle, Microsoft. Minus two for releasing a broken patch
in the first place.Microsoft's Patch Tuesday last week meant a sigh of relief for sysadmins dreading the nasty Internet Explorer
vulnerability discovered last month,
but any relief was short-lived as the round of patches has apparently led to a plague of bugs and incompatibilities. Last
week's patches are causing "causing system hangs, Windows crashes and the appearance of strange dialog boxes"
and interfering with apps from Google, HP, and even Microsoft's own Windows Media Player. One company is also saying
that the new Internet Explorer plugin behavior resulting from Microsoft's patent dispute with Eolas is
causing problems for enterprise customers, who are having to click several times to use ActiveX controls. As usual,
none of these problems will be fixed until the second Tuesday of next month.
Rather than wait two more weeks until Patch Tuesday as Microsoft has opted to do, two companies have released
their own unofficial patches for the newly-disclosed Internet Explorer vulnerability that is rapidly being exploited in
the wild. Security firms eEye and Determina have both announced the availability of unofficial hotfixes that they're
touting as temporary solutions until Microsoft gets its act together. Both companies have released the source code of
their patches for review, but installing either is still an at-your-own-risk undertaking. eEye's information and
download page can be found here, and Determina's here.
Microsoft has confirmed that a newly-discovered
vulnerability exists in Internet Explorer that the security companies are calling "significant" and
"highly critical." Of course, you won't find such scary language on Microsoft's milquetoast advisory page, but the vulnerability (for
which researchers have released proof-of-concept exploit code), allows malicious web sites to run arbitrary code on
victims' machines. No patch exists, but Microsoft says an effective workaround is to disable Active Scripting in IE and
that Outlook and Outlook Express are not vulnerable. Patch Tuesday is April 11, and it's unlikely that we'll see a fix
from Microsoft until then.
Rather than waiting until Tuesday to release a patch for the much-publicized WMF vulnerability as most have
anticipated, Microsoft got its act together and released an official patch yesterday. You can download the patch from Microsoft here or
from Windows Update. Unfortunately there's no patch for Windows NT and Windows 2000 (pre-SP4) users or Windows 98/ME
users whom, Microsoft claims, aren't really at risk. Marc Orchant over at the Unofficial Microsoft Weblog has the
details, plus an overview of what's coming in Microsoft's regular patch release on Tuesday.After a long and very uncomfortable silence, Redmond has finally spoken out about the very serious WMF vulnerability that exists in all
versions of Windows by updating their security
advisory on the issue. In the new advisory they say their "goal" is to release a patch next Tuesday and
suggest that people take the same action security experts have been recommending for a week: unregister shimgvw.dll.
This one definitely falls into the at-your-own-risk category: A beta version of Windows Live
Messenger 8, nee MSN Messenger, has been available for download from Microsoft.com for some time now, but without an
invitation to the private beta test it has been impossible to use, until now. The trick is to use a recently-released "proxy patch" to fool the MSN
network into thinking you're running version 7.5, thus allowing you to log on without being part of the private
beta. Pretty clever, but dont' blame me if it messes up your system. Once again, try it at your own risk.
Advertise with Download Squad
| # | Blogger | Posts | Cmts |
|---|---|---|---|
| 1 | Brad Linder | 85 | 12 |
| 2 | Lee Mathews | 49 | 71 |
| 3 | Jason Clarke | 23 | 1 |
| 4 | Christina Warren | 17 | 16 |
| 5 | Christina Clark | 14 | 2 |
| 6 | Jay Hathaway | 13 | 3 |
| 7 | Lisa Hoover | 5 | 2 |
| 8 | Dolores Parker | 5 | 5 |
| 9 | Todd Ritter | 3 | 2 |
| 10 | Nik Fletcher | 3 | 0 |
| 11 | Grant Robertson | 1 | 0 |
mp3 opera firefox Microblogging google-chrome free twitter photo time-waster SocialNetworking iPhone OsX search browser music portable video addons online-video bookmarks Audio image windows comments YouTube IphoneApps linux office microsoft fun itunes media flash mobile backup PDF gmail safari TimeWaster GoogleDocs chrome dvd email learning googleholic images addon shell streaming google
Other Weblogs Inc. Network blogs you might be interested in:
