One of the benefits of frequent Quicktime patching, is that each time I do it becomes easier. The last couple of times, I think I copied the MSI, tested and I was done.
With 7.2, I ran into a bit of a snag. It seems that the first time each user uses the shortcut in the start menu, Quicktime does a brief mini-install. I’m not sure if this is by design or if I’ve done something to set it off. The result of that mini-install is the desktop and quick launch icons are recreated. I see a post from over at appdeploy commenting about this issue as well.
The only way to avoid this that I’ve found is to delete the start menu items for Quicktime and recreate new shortcuts without the MSI baggage.
Archive for July 2007
Quicktime 7.2 packaging
Got Windows 2000 and want to run Quicktime? tough luck
Through reading comments over at Brian Krebs Security Fix, is found out that Quicktime 7.2 is not supported on Windows 2000. Just to verify that for myself, I tried installing on Windows 2000 and found that only XP and Vista are supported.
Windows 2000 is slowly riding into the sunset, however Microsoft still supplies security patches for the OS. I’m not sure what extra cost Apple would incur by allowing the software on Windows 2000. At this point, I think I have no other choice but to uninstall Quicktime from the remaining Windows 2000 computers.
This is getting ridiculous. Quicktime 7.2 is out.
I’ve lost track of how many times I’ve updated Quicktime this year. Over on zdnet, I believe they said this is the 5th update. I recall at the last update, I questioned whether we really needed this software or not.
Apple Security Bulletin
Multiple arbitrary code execution vulnerabilities.
Symantec Antivirus CAB decomp vulnerability
Multiple vulnerabilities have been announced today in Symantec Antivirus. The most critical of these vulnerabilities could allow arbitrary code execution.
Currently users of 10.0 and 10.1 are being advised to upgrade to 10.1.6.6000. 10.2 is not affected. Hopefully the guidance here will become more clear. During last year’s SAV vulnerability it took quite a while before MSP files were released for all supported product branches. Right now, I would have to completely upgrade the client instead of installing a small patch.
apsb07-12 – Time to upgrade Flash Again
http://www.adobe.com/support/security/bulletins/apsb07-12.html
Critical vulnerabilities have been found in Adobe (Macromedia) Flash. These vulnerabilities would allow an attacker to run hostile code if you visit a site hosting the exploit.
All users of flash need to upgrade to version 9.0.47.0.
I knew installing Firefox didn’t increase security ;)
All those people who installed Firefox and then dont use it at all have now opened themselves to a new vulnerability.
http://www.us-cert.gov/current/index.html#microsoft_internet_explorer_remote_code
US-CERT is aware of a public exploit code for a new vulnerability targeting Microsoft Internet Explorer. The public exploit code demonstrates the vulnerability using the Mozilla Firefox firefoxurl:// URL protocol. To trigger this vulnerability, an attacker must persuade a user who has Firefox installed to access a specially crafted web page with Internet Explorer.
US-CERT will provide additional information as it becomes available.
Old Flash
I’ve been wondering for some time if old versions of Flash on a computer are a vulnerability or not.
Today while looking into the vulnerability of Flash for Mozilla, I found an article from Adobe which states:
“For Internet Explorer, only one version of Flash Player can be registered for use at any time. Older files can be removed, but this is not required as part of the update.”
So that solves one mystery but I’m left with the one I was originally researching.
Flash uses a separate install for Mozilla and Opera. Those files get installed to the browser’s plugins directory. Although I have the latest version of Flash for IE installed, when I run a version test from my Firefox browser, I find that it is running an old version.
This makes me worry that the Firefox users may remain vulnerable to any Flash vulnerabilities that are not IE specific.
Quick substitute for Netstumbler on Vista
I was having some trouble with my home wireless network today. I hadn’t looked into netstumbler on vista until this evening. I was hoping to use that to see what channels my neighbors were running on. A quick search found this article:
C:\netsh
netsh>wlan show networks mode=bssid (if you like all the geeky stuff [and who doesn't?] like rates supported, channel, signal strength)
or
netsh>wlan show network (an abbreviated version with just SSID, authentication and encryption types)
Yeah, its really basic, but it was exactly what I wanted. Netstumbler says it works on XP or greater (no linux jokes please). But it doesn’t seem to actually work on Vista.
