Archive | October 8, 2004

Microsoft Patches ASP.Net Problem in Record Time

Microsoft Patches ASP.Net Problem in Record Time. Two days after it acknowledged a potential security problem with its ASP.Net Web-development platform, Microsoft quietly posted to its Web site for download a fix for the problem. [Microsoft Watch from Mary Jo Foley]

Bravo.

Dell laptop power adaptors 1998 – 2002 recall

Millions of Dell power adapters recalled. The Taiwan-made AC adapters sold with Dell notebooks can overheat, posing risk of fire and electrical shock. [CNET News.com]

Hot stuff. Mine says “Made in Thailand” but by Delta Electronics and with the correct part number. When I went to visit http://www.delladapterprogram.com/ to check if my machine was affected, I got a “Server not available” and “Server Application Unavailable” Perhap Windows 2000 wasn’t a good choice of OS for the inevitable SlashDotting

Windows server at FAA crashes every 49.7 days unless ‘maintained’ (rebooted)

Doc Searls asks “Did the air traffic control center really have a “Microsoft server crash”?. This looks like an incredible use of a 32-bit counter of milliseconds that overflows every 49.7 days, without a built-in feature to reset it. The “neglected maintenance” is likely a reboot of the system. Now ask yourself: Do you really want to be at 35,000 feet when they reboot the air traffic control system?

The list of Microsoft Knowledge base articles that refer to various (or the same) incarnation of this bug are scary:

SNMP SysUpTime Counter Resets After 49.7 Days

Computer Hangs After 49.7 Days

“PING -T” Stops Timing Out After 50 Days

Print Spooler Stops Scheduling Print Jobs

The Rpcss.exe process consumes 60 percent of CPU time and performance is affected

X-Duration Values Are Larger Than Expected in Windows Media Server Log

Windows 2000 Terminal Services Time-Out Setting Limits

Contents of the Microsoft Windows 98 System Update

List of Bugs Fixed in Windows NT 4.0 and Terminal Server Edition Service Pack 4 (Part 1)

You might be able to spot Microsoft the Windows 95 and 98 systems; who would have ever expected 50-day reliability out of those systems? NT 4.0 is a little more worrisome, as the bug had been documented for some time before the release of NT 4.0, I think. But for Windows 2000? The RPCSS and print spooler bugs are not documented as fixed in a later service pack, but only a hot fix, although this may be a documentation issue. That is truly disturbing if such a known issue is still sitting around to bite programmers.

I’d really like to know how and why Harris Corporation was allowed to replace UNIX machines that did not have these problems with Windows machines where this was a known issue, and roll them out into the FAA’s production systems, no less. That this was a documented issue is not an acceptable excuse, as the incident last month demonstrated, fortunately without the loss of life.

Security flaw in older versions of MS Office…

[CNET News.com]
is reporting Flaw found in older Office versions.

“A security company warned Thursday that a flaw in Microsoft Office could allow a denial-of-service attack to be executed on systems running somewhat older versions of the popular productivity suite.

Secunia issued an advisory saying a buffer overrun flaw has been found in Office 2000, and potentially also in Office XP, that could allow hackers to take over a user’s system. The company rated the flaw as “highly critical.”

The security firm said that vulnerability is caused by an error in the way Microsoft Word manages input when parsing document files. It said the flaw could be exploited through a specially-crafted document and recommends that, until a fix is found, users only open trusted Word documents. “

Reminder: only open trusted attachments. Reminder 2: there are no trusted attachments.

Never open a document you are not expecting. Confirm all unexpected documents with the sender before opening.

Better yet, send documents as text or RTF if the recipient really doesn’t need all the features of a word processing document.

I wonder how OpenOffice.org would work with one of these broken documents…

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.