Patch to a patch of a patch needs patching

In the latest incident of a now-chronic problem that has been bugging Microsoft all year, a recent security patch now causes IE6 to crash in Windows XP…again.
In a classic Tim Conway comedy sketch, he plays a corpse being prepared for a funeral by mortician Harvey Korman. But one limb of Conway’s body simply insists on sticking up in the air, and whenever Korman finally retracts it, another one pops up elsewhere. This morning, Microsoft must know what it was like to have been one of Carol Burnett’s regulars, as the Internet Explorer team admitted that a chronic problem that was supposed to have been cumulatively updated by last Patch Tuesday’s round of updates, causes a new problem: Internet Explorer 6 will crash on systems running Windows XP Service Pack 2.

News Source: BetaNews

“This might occur while navigating to a website,” reads a post by IE security program manager Terry McCoy yesterday, “hosting considerable media content (for example: [Link]) resulting in Internet Explorer displaying a dialog that states ‘Internet Explorer has experienced a problem and needs to close.”‘
Last February, URLMON.DLL was at the crux of another code instantiation vulnerability. After the fix was applied that month, a new form of the same problem cropped up in June.
The February vulnerability cropped up following a patch to a problem in URLMON.DLL that turned up in August 2006, after some users installed a previous patch and discovered that their IE6 would crash.
While Microsoft didn’t provide specifics of today’s problem up front in its latest messages to customers, it was the nature of the workaround it suggests in its security bulletin this morning that revealed another instance of the same old problem: One of IE’s principal libraries, URLMON.DLL, has been patched periodically throughout the year to address issues with possible malicious remote code instantiation. The library’s purpose is to provide an interface to IE’s communications protocols using the Windows Component Object Model, and it’s designed so that other programs can extend this interface for new protocol functions — for instance, security routines.
Not just any component should be able to plug into the IE protocols, which is why filters are typically applied. Those filters are currently enrolled in the Windows System Registry, and this morning’s workaround would effectively turn some of those filters off…which in the long run may not be a very good idea.
Nevertheless, McCoy is strongly recommending IE6 users to go ahead and apply the patch which causes the crash for security purposes, and then apply the workaround which could very well open up a new rash of problems.
Unlike the great Harvey Korman, some users out there may not be laughing hysterically.

Windows XP Service Pack 3 RC ‘Refresh’ Released

Just a week after releasing Windows XP Service Pack 3 RC1 (3244) to the public, Microsoft have released a slightly newer Refresh build (3264). This update, like the original, is available to anyone and can be obtained via the Microsoft Download Center.

A full list of changes can be found via Microsoft Connect, or in the XP SP3 whitepaper below.

View: Windows XP Service Pack 3 Overview
Download: Windows XP Service Pack 3 RC (Build 3264)
News Source: JCXP

Microsoft Readies Zune Firmware Update 2.3

The Microsoft Zune team released firmware version 2.3 for the portable multimedia device. The update is not a major one, meaning no new features will be added. It does, however, address a battery issue that a minor amount of Zune 30 and Zune 80 users have been experiencing. More specifically, the problem occurs when users suspend their Zune hard drives by holding down the play/pause button – in some cases the battery continues to drain. The firmware update will also reportedly improve device recognition as well as stability and reliability during syncing (both wirelessly and while connected to a PC).

The update is available through Zune software now.

Settings>Device>Device update

Vista SP1 Release Candidate Public

On 12 Dec 2007, Microsoft made available the public release of Windows Vista Service Pack 1 Release Candidate 1.

Service Pack 1 includes several improvements to the operating system, including stability and performance fixes as well as many new features and enhancements. As with most service packs, this release also includes all updates previously released for the operating system.

The service pack can be downloaded via Microsoft Download Center or via Windows Update after applying a system patch (see links below).

As this is a pre-release, there is an evaluation period. If you install the service pack, it will expire after June 30th, 2008. However, the final version of Service Pack 1 is expected to be released in January.

Note: If you are running a 64-Bit edition of Windows Vista, the service pack can only be downloaded from Windows Update.

Download: Vista SP1 RC1 via Windows Update
Download: Vista SP1 RC1 via Microsoft Download Center

Source: JCXP

MacWorld 2008

Okay, nobody thnks that this MacWorld will have as big of an annoucement as the iPhone, but reports have surfaced online that Apple has already sold 5 Million iPhones around the world, halfway to their goal of 10 million by the end of 2008.

A newer iPhone model is also expected to be released with a higher speed for internet (see last post about iPhone for the rest of the features expected)

Along the line of new things from Apple, people are also anticipating a new slimmer, iMac that will rethink the way we talk about laptops…

After the MacWorld 2008, I will write another post about what was announced so look out for it

Asus announces U2 hotness

We’re not sure why Asus damned its hot new laptop by announcing it prior to CES (unlike its predecessor, the U1) — and on a Saturday, no less — but you can’t question the quality: Core Duo ULV or Centrino, 802.11a/b/g, Vista (from Basic to Ultimate), 11.1-inch 1366 x 768 LED-backlit display, 32GB SSD option, up to 4GB RAM in a 2.75 pound 1.1-inch thick footprint. We’ll spare you the Bono ref or jokes about the lack of Edge data.

Nokia’s N96 spotted in the wild?

That, friends, is an N96. Or, at least we’re led to believe so. Judging by five mysterious images that surfaced over at Mobile-Review, it appears that Nokia’s N96 (which looks like a jazzed-up version of the N81, actually) has leaked out, and while no specifications are available, it looks as if this thing is packing a 5-megapixel camera (with the obligatory Carl Zeiss lens), a dual LED flash and a $@&# black motif. Check out one more look after the jump.

[Via IntoMobile]

 

Panasonic showing a 150-inch plasma at CES?

The CES game of HDTV one-upsmanship is officially on, as Matsushita (Panasonic) is apparently planning to bring a 150-inch plasma to that epic Las Vegas tradeshow in January. According to The Yomiuri Shimbun’s sources, the prototype PDP is expected to launch in 2009 with a price that “greatly exceeds” the largest model currently available, measuring a mere 103-inches. Anyone want to guess when we’ll hear about a 151-inch screen from Sharp or Samsung?

DIY’er build electronic rock-paper-scissors game, kills hours upon hours

Granted, you could go out and drop ten bones to grab a pre-fabricated electronic rock-paper-scissors game, but seriously, where’s the fun in that? The real elation comes when you actually build the thing yourself, or at least that’s the idea followed by one particular DIY’er. Needless to say, the actual functionality here is self-explanatory, but if you’re interested in concocting one of these for personal use (you know, for times when none of your buds are tired / inebriated enough to participate), head on over to the read link.

SAFA rolls out another forgettable PMP

Sure, SAFA’s latest portable media player is impressively small (and thin), and at least it looks like it was engineered in more than five or six minutes, but it’s still nothing to phone home over. The all-black (or red, or white) player features a 1.8-inch LCD and plays nice with MP3, WMA, WAV, APE and FLAC file formats, and apparently, it also comes with a few built-in games in case the jams get stale. Moreover, there’s a voice recorder, image viewer and a rechargeable Li-ion good for up to eight hours of playback, but we still don’t see this thing bringing us too much joy after dropping between ₩89,000 ($95) and ₩109,000 ($116), depending on capacity.