Jump to content

Search the Community

Showing results for tags 'microsoft'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 999 results

  1. Microsoft has started testing the new Window 10 Controlled Feature Rollout feature with Windows Insiders in the Slow ring. This feature allows Microsoft to slowly roll out new features without releasing entirely new builds. Earlier this month, Microsoft announced that starting with Windows 10 Insider 19H2 builds, Microsoft would be testing a new feature called Controlled Feature Rollout or CFR. Using this feature Microsoft can ship builds with disabled features that are gradually enabled by Microsoft to small groups of users. This allows Microsoft to test these new features against smaller groups to get better feedback, bug reports, and an overall better build quality. On July 15th, Microsoft released Windows 10 19H2 build 18362.10006 to Windows Insiders in the Slow Ring. This build included four new features that were disabled by default, but would be enabled at a later date using the CFR feature. Windows containers require matched host and container version. This restricts customers and limits Windows containers from supporting mixed-version container pod scenarios This update includes 5 fixes to address this and allow the host to run down-level containers on up-level for process (Argon) isolation. A fix to allow OEMs to reduce the inking latency based on the hardware capabilities of their devices rather than being stuck with latency selected on typical hardware configuration by the OS. Key-rolling or Key-rotation feature enables secure rolling of Recovery passwords on MDM managed AAD devices upon on demand request from in-tune/MDM tools or upon every time recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users. A change to enable third-party digital assistants to voice activate above the Lock screen. In a July 17th update, Microsoft stated that they have started to rollout build 18362.10006 that enables these features for a small subset of users who installed the previous build. "Today we have released 19H2 Build 18362.10006 for a subset of Windows Insiders that turns on the features delivered as part of Build 18362.10005 (noted in the below blog post) earlier this week. Please note that Build 18362.10006 is only going out to a subset of Insiders in the Slow ring. That means not everyone in the Slow ring will get this update." As you can see, the overall build number of 18362 is the same for both the original build and the new build with the enabled features. The subversion, though, went from 10005 to 10006. This indicates that for users on CFR releases, the subversion number will increment to reflect the new build with features enabled for that group. Unfortunately, at this time there is no known policy or method that can be used to control CFR or even disable it entirely. BleepingComputer has asked Microsoft for more information when the feature was first announced, but was told there was no further information available at the time. Furthermore, the recent release of the Administrative Templates (.admx) for Windows 10 May 2019 Update (1903) does not appear to contain any related policies. Source
  2. Most of the attacks came from state-sponsored hacking groups in Iran, North Korea, and Russia. Microsoft said that over the past year it notified nearly 10,000 users that they'd been targeted or compromised by nation-state hacking groups. The company didn't just blast out random statistics, but also named names. Microsoft said most of the attacks came from state-sponsored hackers from Iran, North Korea, and Russia. More precisely, the Iran attacks came from groups Microsoft calls Holmium and Mercury, the North Korean attacks came from a group called Thallium, and the Russian attacks came from groups called Yttrium and Strontium. Who are some these groups? Some of these codenames are new, but some describe years-old state-sponsored groups. For example, according to this Google spreadsheet that keeps track of all the different nation-state hacking group names, Holium is the codename of Iran's APT33. This is one of the most infamous cyber-espionage groups around, and is responsible for creating the dangerous Shamoon data-wiping malware. At the start of July, US Cyber Command published a security alert about new APT33 attacks aimed against US targets, and using an old Outlook vulnerability. In addition, Strontium is the codename for APT28, also known as Fancy Bear. This group of Russian hackers is responsible for a long list of attacks in the last decade. They've targeted the White House, the Pentagon, NATO members, EU governments, they've breached the DNC, they've created the NotPetya ransomware and deployed it in Ukraine, and they've also set up the VPNFilter router botnet. Microsoft has been engaged in a long battle against this group. Over the last summer, Microsoft took control over several domains operated by APT28, which the company said the group was using to target parties involved in the 2018 US midterm elections. In February 2018, Microsoft exposed new APT28 attacks, this time targeting parties involved in the 2019 European Parliament election. Nation-state hackers also targeted electoral entities Microsoft said that around 84% of the nearly 10,000 nation-state attacks it detected targeted its enterprise customers, and only 16% of these attacks were aimed at home consumers and their personal email accounts. Furthermore, Microsoft also said it detected nation-state attacks against political organizations involved in the electoral process. These stats came from Microsoft's AccountGuard technology, a free security service the OS maker has been providing for nearly a year to political campaigns, parties, and democracy-focused nongovernmental organizations (NGOs) across 26 countries. According to Tom Burt, Microsoft Corporate Vice President, Customer Security & Trust, Microsoft sent out 781 notifications to organizations enrolled in AccountGuard over the past year. Around 95% of these 781 notifications were sent to US-based organizations, Burt said. But besides revealing the extent of nation-state attacks, yesterday was also a big day for Microsoft. The company also demoed a new product, part of its Defending Democracy Program. Called ElectionGuard, this is a free software kit for cryptographically securing voting machines. Microsoft only demoed ElectionGuard voting machines in Aspen, Colorado, but does not have plans to sell commercial voting machines. The OS maker plans to open-source the software behind them on GitHub, later this year, and has already partnered with some voting machine vendors to help them roll out more secure voting systems in the future. Source
  3. By Ed Bott for The Ed Bott Report Four years after the debut of "Windows as a service," Microsoft continues to tweak the Windows Update for Business rules. And if you don't know how to play the game, you're likely to be surprised with unexpected updates. We are days away from the fourth anniversary of Windows 10's initial release, which also marks the beginning of the "Windows as a service" era. By this time, you'd think Microsoft would have settled on an easy-to-understand set of rules that IT pros can follow for managing updates. Think again. For 2019, Microsoft has changed the rules you painstakingly mastered last year. And if you're not paying attention, you could end up with a network full of update headaches. Effective with version 1903, which is now rolling out via Windows Update, Microsoft is no longer supplying updates on separate channels for consumers and business customers. Instead, the initial public release goes to the Semi-Annual Channel, with no more Semi-Annual Channel (Targeted) option. (And even those names represented changes from the original November 2015 designation of Current Branch and Current Branch for Business.) For anyone administering Windows 10 PCs in a business who used the older Windows Update for Business settings to manage feature updates, these latest changes require immediate action. On systems where the Branch Readiness Level is set to Semi-Annual Channel and no additional deferral is specified, Microsoft says your devices will begin updating to Windows 10, version 1903 in one week, on Tuesday, July 23, 2019. Or at least that's when they'll be eligible to receive that update. Exactly when each device will receive the update is an AI-driven mystery. Some devices, including Microsoft's top-of-the-line Surface Book 2 models that contain a discrete Nvidia GPU, are currently blocked from receiving the update automatically. (For details, see "Microsoft blocks major Windows 10 update for Surface Book 2 after bug makes GPU vanish.") PCs that were previously blocked from updating because an external USB device or SD card was attached are no longer prevented from doing so, in a change that was documented just a few days ago. For a list of other known issues with this and other updates, see the official Version 1903 Release Information page. As I wrote in a column nearly two years ago, the ever-changing rules governing Windows Update for Business sometimes feel like a game of Calvinball, from Bill Watterson's classic "Calvin & Hobbes" comic strip. In Calvinball, you make up the rules as you go. And it doesn't matter if you start with an organized sport. "Sooner or later," says Calvin, "all our games turn into Calvinball." Over the past four years, the deferral periods have changed, from eight months to 180 days and then to 365 days. There were two branches, which became two channels, and then became a single release period. Earlier this year, Microsoft formalized an 18-month support deadline for Windows 10, which trumps the deferral periods you might have set. The only rule that matters for people who have to support PCs in business is simple: "No surprises." For large organizations that use central update management tools such as Windows Server Update Services or System Center Configuration Manager, that's possible. For everyone else, including the enormous population of PCs in small businesses, the only way to prevent unexpected updates is to manage the process aggressively. That means setting deferral periods of roughly 180 days (to avoid being surprised when a Windows version reaches its end-of-support deadline) and then scheduling manual updates for a date shortly before the end of that deferral period. When I wrote that Calvinball column, one Microsoft product manager told me I was being too harsh, that the company was simply responding to feedback from customers. Two years later, I think Calvin and I were right. Source
  4. By Mary Jo Foley for All About Microsoft Microsoft is starting to automatically update Windows 10 Home and Pro users on versions 1803 to 1903 using Windows Update, as officials said would happen. Microsoft officials said last month that they were putting AI algorithms in place that would automatically update those on older variants of Windows 10 to 1903, the May 2019 Update via Windows Update. Today, July 16, is the day when this auto-updating process is kicking off, according to the Windows Update Twitter account. As of today, Microsoft is starting to initiate the Windows 10 May 2019 Update (1903) for those with devices "that are at or nearing end of service and have not yet updated their device," Microsoft's documentation says. Microsoft officials said back in May that the company planned to do this starting in June, 2019. "Based on the large number of devices running the April 2018 Update, that will reach the end of 18 months of service on November 12, 2019, we are starting the update process now for Home and Pro editions to help ensure adequate time for a smooth update process." Note: The reason many devices are still on the April 2018 Update is at least in part because the Windows 10 18H2 Update (1809) was a buggy mess. Microsoft's July 16 note says this process will be staggered, with officials prioritizing those devices "likely to have a good update experience and quickly put safeguards on other devices while we address known issues." Windows 10 Home and Pro users who get the 1903 update pushed to them will still have the ability to pause the update for up to 35 days, Microsoft notes. As my ZDNet colleague Ed Bott noted today, business users who use the Semi-Annual/Semi-Annual Targeted options for updating, Microsoft will begin pushing to some business customers on older versions of Windows 10 the 1903 release next week, Tuesday July 23, 2019. As is the case with Windows Update, the business updating process will be staggered, with certain devices blocked if Microsoft determines the update experience may go bad. Confused? You're not alone. The Windows 10 updating system is still messy and complicated. But unfortunately this may be -- at least in the near term, as TechRepublic notes -- as good as it gets. Source
  5. A Linux kernel developer working with Microsoft has let slip that Linux-based operating systems have a larger presence on Microsoft’s Azure cloud platform than Windows-based ones. The revelation appeared on an Openwall open-source security list in an application for Microsoft developers to join the list, and was apparently part of an evidently credible argument that Microsoft plays an active-enough role in Linux development to merit including the company in security groups. The overwhelming prevalence of Linux on Microsoft’s cloud platform may come as a surprise when viewed in isolation, but it makes complete sense from a business perspective. To start with, it’s simply cheaper to run Linux on Azure, as Microsoft’s own price calculator illustrates as clear as day. In this respect, Microsoft basically forced its own hand in terms of monetizing OS licensing into a consistent revenue stream, since Windows 10 Home is essentially free (if you don’t count the “Windows tax“) and Windows 10 Pro works out to a one-and-done revenue opportunity with many enterprise customers. The fact that Linux conforms closely (enough) to the Unix structure and philosophy also makes Linux instances easier to manage. Because Unix is so prolific, basically any system administrator will instantly be at home in the Linux file system, and the saved time and headaches translate pretty quickly into saved dollars and cents, not to mention fewer complications posed by downtime. Linux’s dominance also fits perfectly in the context of its gradual, deliberate integration into Microsoft’s long-term development and innovation vision. When Microsoft first proclaimed its love for Linux in 2014, many industry professionals, especially in the open-source sphere, were skeptical, but from that point on, Linux has been rolling steadily ahead at Microsoft. Initially, Microsoft’s embrace of Linux manifested as the Windows Subsystem for Linux, a curiosity mostly aimed at developers. Last year, though, the company announced Azure Sphere, a cloud-connected platform for internet of things (IoT) devices which includes Azure Sphere OS, an in-house headless Linux-based operating system. This was a masterstroke for Microsoft — even a stripped-down Windows OS is far too bloated to run on practically any IoT device, but most IoT manufacturers could benefit from a secure, off-the-shelf IoT solution to replace their own ill-conceived attempts. Azure Sphere was designed specifically to fill this void. Taken together, it’s easy to see how the numerous Linux options Microsoft offers on Azure alone — to say nothing of the deeper integration Linux is getting on the Windows 10 desktop — outflanks the comparatively more limited options and higher cost associated with running Windows on Azure. At the rate at which the company finds new and inventive applications for Linux, this trend looks set to continue, and Microsoft seems just fine with that. Updated on July 15, 2019: Revised with additional information from Microsoft regarding Azure Sphere. Source
  6. Users have such fond memories of XP, they seem to be replicating its death This is bald Sooty. This is a bunny MICROSOFT IS sitting on a Windows timebomb, and the fuse is lit. In six months' time, on 14 January 2020, Windows 7 will reach its natural End of Life (EoL), meaning no more security updates and the whole circus of panic that goes with it. It'll have had a damn good innings, nine-and-a-half years in fact, but the tiresome truth is that a lot of customers still aren't confident enough in Windows 10 for an upgrade, or their machine isn't capable of running it, thanks to Microsoft's draconian rules about what chipsets it supports. The free upgrade offer that let Windows 7 and 8.1 users update to Windows 10 for nowt was supposed to stop this exact thing happening, but uptake was finite, and even now, three years on, a whopping 35.38 per cent of users are still running Windows 7 (Windows 8.x is another 5.2 per cent). In fact, totting up all versions of Windows, there are almost as many users not running Windows 10 as running it. More worrying is that figure has hardly shifted from last month - Windows 7 has lost 0.06 per cent market share. Year on year, it's only dropped about six per cent. At that rate, we'd still be faffing about with this issue in the mid-2020s. The bulk will be organisations who haven't yet made the leap with their networks. This could be because of money, the need to run bespoke apps that don't play nicely on Windows 7, and yes, in some cases it could be ignorance. The fact remains, though; that's a lot of machines that aren't on a version of Windows with a future. The last remaining version to be supported beyond January 2020 will be Windows 8.1 (if you're running Windows 8 you can, nay should update to Windows 8.1 for free, from the Microsoft Store, as soon as possible - that's been EoL for ages). Organisations who really can't be ready in time can apply for extended support for up to three years, but its charged per seat, which, in a big organisation could be thousands of machines. Oh yeah, and that price per seat doubles every year. If you're an individual using Windows 7, you've got no options - this date has, after all, been in the calendar for years and Microsoft won't make any money out of your complaining - buy a copy of Windows 10 by 14 January, or you're screwed. The fact that it's only a few years ago that there was all the kerfuffle with Windows XP's EoL, which, lest we forget carried on for years including a spectacular fail during the Wannacry ransomware incident, you'd hope that Microsoft would be better arming its users for what is to come. Alas, however, it seems that if you're not running a network of Windows 7 machine, Microsoft isn't that fussed about telling you what you need to do. That said - it's all fun and games ‘till the nag screens start. And they will. On the plus side, we'll get to say 'we told you so' and we know you know how much we love doing that. Source
  7. Windows 10 May 2019 Update (version 1903) is currently gradually rolling out to compatible hardware. As the rollout advances, new bugs are getting acknowledged by Microsoft. A new issue that Microsoft is currently investigating causes a black screen in Windows 10 Remote Desktop windows. As reported earlier, some users with outdated hardware or graphics drivers complained that Windows 10’s remote connections to their devices end up with a black screen. Windows 10 version 1903 with RDP causes a black screen on all connections, including LAN and restarting the device obviously doesn’t help. It’s also worth noting that the problem was first reported in late May, shortly after Windows 10 May 2019 Update rollout. In the community forum, a Microsoft program manager acknowledged the problem and advised users to update or disable the affected driver. In a support doc, Microsoft has officially confirmed the black screen bug hitting Windows 10 May 2019 Update’s Remote Desktop connection. Microsoft says that Remote Desktop connection causes a black screen if the device has some older GPU drivers. “Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU),” Microsoft explains. The bug affects both Windows 10 version 1903 and Windows Server version 1903. Microsoft is working on a resolution and a fix will be shipped with an upcoming cumulative update, but an exact timeframe is not available at the moment. Source
  8. Last month we reported that Surface Book 2 is having issues with the latest Windows 10 1903 update. At the time of reporting, we had noticed complains on Reddit and Twitter surrounding the GPU on Surface Book 2. Microsoft has acknowledged the issue and as a result, the 1903 update has been suspended for Surface Book 2 owners. Microsoft has updated its support document (via Windows Latest) to reflect the change and has marked the GPU issue as a known issue. The bug affects only the Surface Book 2 with Nvidia’s discrete Graphics Processing Unit (dGPU). For users who have already updated their laptops, head to the Device Manager and click on ‘Scan for hardware changes’ to fix the issue. If that doesn’t solve the problem then rollback to 1809 until the issue has been resolved. Microsoft hasn’t provided us with a timeline so we can’t comment on when it will be solved but the company has requested users not to force the update using Media Tool or other means until the issue is solved. Source
  9. Microsoft’s classic Windows games will be discontinued on January 2020. Announced through a Microsoft forums post, six games for Windows XP, ME and 7 will be rendered unusable on January. These games are: Internet Backgammon (XP/ME, 7) Internet Checkers (XP/ME, 7) Internet Spades (XP/ME, 7) Internet Hearts (XP/ME) Internet Reversi (XP/ME) MSN Go (7) All of these games will be killed first on Windows XP and ME. Come July 31st, 2019 all of the Windows games will be unplayable. Windows 7 users will have a tad longer: January 22, 2020. “We truly appreciate all the time and passion you’ve put into Microsoft Internet Games. This has been a great community.” Microsoft said. “However, the time has come for us, along with our hardware and software partners, to invest our resources towards more recent technologies so that we can continue to deliver great new experiences. “Current players may enjoy the games until the dates above when game services will cease, and the games listed will no longer be playable.” For those who still play these classic internet Windows games, we’re very sorry for your loss. Source
  10. It’s a bad sign when companies answer complaints and concerns with corporate doublespeak. For many years, Microsoft has struggled to get the way it updates Windows right — and mostly got it wrong. But a month ago, I wrote about how Microsoft finally got a piece of it right, by giving people control over whether to install the twice-annual feature updates, such as the recent Windows 10 May 2019 Update. Boy, was I ever off-target. Over the past few weeks, Microsoft has done little more than sow confusion about how and when Windows will be updated. It did this by issuing Orwellian statements and putting out a preview release schedule whose logic is undiscernible. Clearly, Microsoft’s system for updating Windows is as broken as broken can be. And there are no signs it will ever be fixed. To see why, you need to understand a bit about how Microsoft tests its twice-a-year feature updates, like the recent May 2019 Windows Update. People who want to test the updates before they’re released can join the Windows Insider program, which lets them download preview versions for months leading up to the update. In return for being essentially guinea pigs, these businesses and consumers get to see each step in building the next iteration of Windows, which can help them prepare for it. There are various “rings” Insiders can sign up for: the Fast ring, which installs preview updates the moment they’re publicly released; the Slow ring, which installs them later, after they’ve been tested a bit; and the Release Preview ring, which installs them only after they’re essentially fully tested. There’s also a “Skip Ahead” program that lets an Insider skip an entire Windows version to the next one beyond. Back in February, while Microsoft was testing the May 2019 Windows Update, it announced it was releasing an early Windows Preview build into Skip Ahead. But instead of releasing a build that would come out in the fall of 2019 (code-named 19H2, for being released in the second half of 2019), it was releasing one that was two versions ahead, due in the spring of 2020 (code-named 20H1, for the first half of 2020). (Until then, Microsoft had only released into Skip Ahead builds one release ahead, not two releases ahead.) Microsoft explained in its post: “Some things we are working on in 20H1 require a longer lead time. We will begin releasing 19H2 bits to Insiders later this spring.” It was certainly confusing that Microsoft was publicly testing a build not due for more than a year, while not testing one due out in not much more than six months. For enterprises and individuals that need to prepare for any Windows 10 update, this testing sequence made no sense. Why should they be preparing for 20H1 when they hadn’t even seen 19H2? At least they were promised 19H2’s first builds in the spring, at which point a more normal sequence should be re-established. They would then know whether the next version of Windows 10 would bring a lot of new features, or be not much more than a rollup of minor changes. But the spring came and the spring went. Silence from Microsoft about 19H2. The 20H1 builds kept coming, but no 19H2 builds were released. So people started asking Microsoft spokesperson Brandon LeBlanc on Twitter why no builds had been released in the spring as promised. His Twitter answer, in part: “Our definition of ‘spring’ doesn’t necessarily match to exactly when spring ends and summer begins. It’ll happen when we’re ready.” It was an answer reminiscent of George Orwell’s critique of the abasement of language by bureaucracies. In his novel 1984, Orwell put Newspeak in the mouths of government bureaucrats, but it was just as arrogant and disorienting coming from this corporate spokesperson. How different is “Spring is when we say it is” from Big Brother’s “Freedom is slavery”? Well, we now know Microsoft’s definition of spring: July 1, when it finally released the first 19H2 build. Maybe the Insiders, Microsoft’s unpaid beta-testers, could make that work — if Microsoft hadn’t chosen that moment to suck all the logic out of its preview release schedule. It released 19H2 into the Slow ring, and then moved 20H1 into the Fast ring. That means that people who were expecting to test the next version of Windows in the Fast ring would in fact be testing a version of Windows not due until approximately a year from now. Only Slow ring testers would get a preview of the Windows version due this fall. Confused yet? You should be. And it only gets worse. The 19H2 version of Windows due this fall won’t be installed the way such twice-a-year updates have long been installed. It will be installed like a normal Windows monthly update. With no significant new features, it will be little more than what Microsoft used to call a service pack, which rolls up a number of minor updates together. Microsoft tried to explain all this in a blog post, “Evolving Windows 10 servicing and quality: the next steps.” The post is full of gobbledygook, corporate doublespeak and acronyms like “CFR.” It is, to put it mildly, laughably incomprehensible. The upshot of all this? Windows Update is broken and needs to be fixed. Microsoft owes it to its customers to be upfront about what to expect from the next versions of Windows, especially because it is using many of them — the Windows Insiders — as guinea pigs. Enterprises in particular need to know what will be in Windows updates, so that they can decide whether and how to prepare for them. Enterprises are Microsoft’s lifeblood. Microsoft should make its update procedures logical — preferably just one significant one a year, and perhaps a second minor service pack. And it should be clear and transparent about exactly what it’s doing. That means it shouldn’t declare that July 1 is spring and it shouldn’t issue blog posts that read as if they were written by a committee made up of adherents of 1930s-style Marxism — by which I mean a combination of the Marx Brothers and Soviet apparatchiks. Source: / Preston Gralla @ Computerworld
  11. Researchers from the Microsoft Defender Advanced Threat Protection Research Team have issued a warning to confirm that a notorious credential-stealing malware threat is targeting Windows users. What makes this one so dangerous is that it uses an "invisible man" methodology by only running files within the attack chain that are legitimate system tools and so hides in plain sight. The Astaroth Trojan can employ many techniques, including keylogging and clipboard monitoring, to steal login credentials. However, it is the way that it exploits living off the land binaries (LOLbins) that has created a certain level of infamy for the malware. In the case of the threat campaign that the newly published Microsoft report confirms, it was the Windows Management Instrumentation Command-line (WMIC) that was the LOLbin in question. Andrea Lelli, part of the Microsoft Defender ATP Research Team and author of the report, notes that the victim still has to click on a malicious link in an email to initiate the attack chain via a file that runs an obfuscated batch file. This batch file, in turn, runs the legitimate WMIC system tool in such a way that an obfuscated JavaScript file runs automatically. Now, this is where things get necessarily complicated, involving more obfuscated JavaScript code and more legitimate system tools running. The most important in the attack-chain being the Background Intelligent Transfer Service (Bits) admin tool that is used (actually, multiple instances of Bitsadmin are used) to download additional payloads. These kinds of fileless attacks, as they are known, run the malicious payloads "directly in memory or leverage legitimate system tools to run malicious code without having to drop executable files on the disk," Lelli explained. Eli Salem, a security researcher at Cybereason who uncovered another Astaroth attack earlier in the year, told me that these attacks are considered challenging to detect as "the full process of the deployment and execution of the malware" is by way of those Windows LOLBins. "To an average person, this activity can seem like a legitimate Windows activity," Salem says "because it's being executed by Windows processes." However, "using invisible techniques and being actually invisible are two different things," Lelli explained. Because some of the techniques used were so "unusual and anomalous," Microsoft Defender ATP, the commercial version of the Windows Defender Antivirus component that is included free of charge with Windows 10, was able to spot the Astaroth attack. If you are not using Defender ATP, however, then Salem advises Windows users to be extra careful "when opening anonymous or new .lnk and .zip files that came from suspicious mail attachments." I also spoke to Kevin Reed, the CISO of Acronis, this afternoon who says that as fileless malware is a very efficient technique, avoiding detection by many existing anti-malware products, users should choose a solution "that employs advanced malware detection techniques such as memory scanning, stack trace analysis, and system call-based detection as these will expose malware residing in PC memory only." One thing is for sure, and that is I doubt it is the last we will hear of Astaroth and fileless malware. According to a recent WatchGuard threat intelligence report, "fileless threats appeared in both WatchGuard's top 10 malware and top 10 network attack lists. On the malware side, a PowerShell-based code injection attack showed up in the top 10 list for the first time, while the popular fileless backdoor tool, Meterpreter, made its first appearance in the top 10 list of network attacks too." Corey Nachreiner, CTO of WatchGuard Technologies, said at the time that "it's clear that modern cybercriminals are leveraging a bevy of diverse attack methods," and I have yet to see anything to think he's wrong. As Sergeant Phil Esterhaus used to say in every episode of cop drama Hill Street Blues back in the 1980s: "Hey, let's be careful out there." Source
  12. Linux developers recognize Microsoft's contributions to Linux and security -- by letting the company's Linux developers in its closed linux-distro security list. Most open-source development work, like the name says, is done in the open. The exception is the first stages of security work. Unpatched security holes, however, are discussed and fixed behind closed doors. Now, Microsoft has been admitted to the closed linux-distro list. Microsoft wanted in because, while Windows sure isn't Linux, the company is, in fact, a Linux distributor. Sasha Levin, a Microsoft Linux kernel developer, pointed out Microsoft has several distro-like builds -- which are not derivative of an existing distribution -- that are based on open-source components. These are: Azure Sphere: This Linux-based IoT device provides, among various things, security updates to deployed IoT devices. As the project is about to step out of public preview into the GA stage, we expect millions of these devices to be publicly used. Windows Subsystem for Linux v2: A Linux based distro that runs as a virtual machine on top of Windows hosts. WSL2 is currently available for public preview and schedule for GA early 2020. Products such as Azure HDInsight and the Azure Kubernetes Service provide public access to a Linux based distribution. In addition, Levin asked in, because: "Microsoft has decades long history of addressing security issues via [the Microsoft Security Response Center] MSRC. While we are able to quickly (<1-2 hours) create a build to address disclosed security issues, we require extensive testing and validation before we make these builds public. Being members of this mailing list would provide us the additional time we need for extensive testing." All of which makes good sense. Besides, Levin revealed in a follow-up note to the discussion: "The Linux usage on our cloud has surpassed Windows, as a by-product of that MSRC has started receiving security reports of issues with Linux code both from users and vendors. It's also the case that issues that are common for Windows and Linux (like those speculative hardware bugs)." As David A Wheeler, an open-source security expert, pointed out, the purpose of the list is to enable "everyone to coordinate so that users get fixes." That includes Linux users on WIndows and Azure. So, he supported Microsoft being allowed into the private list. Greg Kroah-Hartman, the Linux stable branch kernel maintainer, supported Levin. "He is a long-time kernel developer and has been helping with the stable kernel releases for a few years now, with full write permissions to the stable kernel trees," he said. Indeed, Kroah-Hartman had "suggested that Microsoft join linux-distros a year or so ago -- when it became evident that they were becoming a Linux distro." Alexander "Solar Designer" Peslyak, security developer and founder of the open-source Openwall security website, announced Microsoft would be subscribed to the list. While some people -- almost all outside the list -- hated this idea because, in their minds, Microsoft is still The Evil Empire, Peslyak wrote that was "irrelevant per our currently specified membership criteria." Source
  13. Users taken off-guard as Microsoft rolls out 1980s-era logos and imagery across its Windows social media accounts Microsoft has launched a video teasing the launch of “Windows 1.0” on social media, causing users to wonder what might be in store. “Introducing the all-new Windows 1.0, with MS-Dos Executive, Clock, and more,” Microsoft said on Twitter. The video features a 1980s pop soundtrack that plays as Windows logos from the present day back to 1985, the year of Windows 1.0’s launch, scroll past. The 1985 logo curiously resembles the current Windows icon, with a flat array of squares in the same light blue tone as is used today. ‘Gnarly’ In responses to users’ queries, Microsoft administrators on Twitter used 1980s slang terms such as “gnarly” and “stoked”. Microsoft posted the video on its official Windows Twitter account and on the Windows Instagram account, after deleting all its past Instagram posts. It is also using the 1985 logo on the Twitter and Instagram accounts, while the Twitter account features a 1980s-style promotional image. Microsoft declined to fill users in on its plans for the “launch”, telling them only to “stay tuned” and to “wait for updates”. A number of industry watchers, however, noted that this week sees the debut of the third season of the popular Netflix television programme Stranger Things, which is set in 1985, the year of Windows 1.0’s launch. The programme’s previous seasons, taking place in 1983 and 1984, have been structured around 1980s-style science-fiction imagery and pop culture references, with the show’s creators disclosing that the upcoming series incorporates references to the 1985 film Back to the Future. Reversi.exe Windows 1.0’s premiere in the same year may therefore also be featured. The Windows news site Windows Central also speculated that Microsoft may be preparing to open source Windows 1.0, as it has done with MS-DOS and the Windows Calculator, both of which are hosted on Microsoft-owned GitHub. Microsoft’s comments on Twitter made repeated references to the game Reversi, which was included with Windows 1.0, something onlookers said may be a further reference to Stranger Things, with its pair of ordinary and “Upside Down” universes. Reversi typically features pieces in inverse colours, such as black and white. Source
  14. Microsoft says that some Macs running Windows 10 may be blocked from updating to Windows 10 version 1903 because of a compatibility block triggered by older software or hardware. Apple Macs "introduced before 2012 or newer Mac devices with older versions Apple Boot Camp or Windows Support Software drivers installed" will not be able to install the Windows 10 May 2019 Feature Update according to a new support document published by Redmond. The Mac users who will be blocked from updating to Windows 10 version 1903 will get a "Mac HAL Driver - machaldriver.sys: Your PC has a driver or service that isn't ready for this version of Windows 10" error message. More to the point, all Macs with a MacHALDriver.sys from September 24, 2011 01:57:09 or older within the \Windows\system32\drivers folder are impacted by this issue. As the message displayed during the Windows 10 Setup says, the update will be offered to all Mac users affected by this compatibility block as soon as the issues behind the block will be resolved by Microsoft. Workarounds for Mac compatibility hold Microsoft also provides a workaround for users affected by this compatibility block, explaining that updating the Apple Boot Camp Windows Support Software drivers may allow them to install Windows 10 May 2019 Update. "You may be able to check for updated Windows support software, in macOS, choose Apple menu > App Store, then install all available updates," states Microsoft. As an alternative, users affected by the issue can also follow the detail instructions provided by Apple on this support page about installing Windows Support Software manually. Microsoft also says that a resolution for this compatibility hold is currently being under development, with a possible solution for the issue to be published during late July. Windows 10 version 1903 compatibility blocks still in place Various Windows 10 devices with compatibility issues are still blocked from installing the Windows 10 May 2019 Update, with several update blocks being in place to prevent incompatible computers updating to the latest feature update. At the moment, there are still eight compatibility update blocks preventing Windows computers from receiving the Windows 10, version 1903 feature update: • Loss of functionality in Dynabook Smartphone Link app • Unable to discover or connect to Bluetooth devices • Display brightness may not respond to adjustments • Audio not working with Dolby Atmos headphones and home theater • Intel Audio displays an intcdaud.sys notification • Cannot launch Camera app • Error attempting to update with external USB device or memory card attached • Intermittent loss of Wi-Fi connectivity Microsoft also provides a support document to help customers troubleshoot problems while updating Windows 10 for all users who experience issues while trying to install updates. Users who experience problems while installing the latest updates can also follow this guided walk-through with all the steps needed to fix the errors. Source
  15. Microsoft is no stranger to the use of "Fear, Uncertainty and Doubt" in the pursuit of monopolistic goals; the company perfected the tactic in the early 1990s as a way of scaring enterprise customers away from GNU/Linux; today, the company shows off its mastery of FUD in its filings to the Federal Trade Commission condemning proposals for Right-to-Repair rules. In its comments, Microsoft argues that allowing third-party repairs of Microsoft products could compromise its DRM systems, including dual-purpose security systems like the "Trusted Platform Module" (TPM) that are used to lock out rival operating systems as well as malicious actors. Luckily, we have Securepairs, a coalition of security experts devoted to debunking claims from repair monopolists who claim that opening repair markets will pose a security threat. Microsoft submitted its comments ahead of the FTC's "Nixing the Fix" workshop on Right to Repair, arguing that "If the TPM or other hardware or software protections were compromised by a malicious or unqualified repair vendor, those security protections would be rendered ineffective and consumers’ data and control of the device would be at risk. Moreover, a security breach of one device can potentially compromise the security of a platform or other devices connected to the network." As Securepairs writes in rebuttal, this is undeniably true, as are the following: "If you invite someone into your home to repair your dishwasher they could, instead, pilfer your jewelry and credit cards," and "If you hire a managed service provider to do your network security they could, instead, compromise your network and steal your intellectual property." That is: "In other words: the provisioning of repair or any other commercial service – requires trust between the customer and the service provider. There is, actually, no way to get around this, though you can use contracts to make your expectations clear and impose penalties for bad behavior. You can also use insurance to hedge your risk. Welcome to capitalism." From the standpoint of a right to repair advocate, I actually think Microsoft’s argument about needing to preserve the integrity of its devices is mostly besides the point. There’s plenty of hand waving and portentous talk there to scare FTC folks, which is probably what they intended. Substantively, though, their arguments don’t really undermine the core argument being made by right to repair advocates. In short: if Microsoft wants to make devices that nobody can service and repair without breaking their security model, they’re entitled to do that. They can make Surface Pros so hardened and tamper proof that merely opening them will destroy them. What they can’t do is make devices that are repairable, and then lock out everyone but their own service technicians. In short: if its safe and possible for a Microsoft authorized technician to service a Surface Pro, then it is safe and possible for an owner of the device to do so, or an independent repair technician. Full stop. In other words, Microsoft can’t have its repair cake and eat it too: it can’t argue that it designs hardware to be long lived and repair-able, then arbitrarily constrain the rights and ability of its own customers to service their own property, using security and safety as their argument. Conversely, it can’t argue in good faith that its devices are just too sophisticated, tamper proof and secure for owners to service, but then make tools, diagnostic codes and schematics available to their authorized techs to service them. Read more at :Microsoft tells FTC Repair poses a Cyber Risk. It doesn’t. [Securepairs] Source
  16. Many years ago, when the Surface brand was just getting started, Microsoft was using Intel and ARM-based chips for its products. While the long-term winner was Intel, as they have been supplying the chips for all Surface devices for the past couple of years, that may change, starting this fall. This fall, it is expected that Microsoft will host an event with Surface at the focus. The company will announce updates to its products but the bigger changes may be under the hood, rather than physical appearance. In previous years, we had seen Microsoft make bets on upcoming Intel chips with Cherry Trail and Skylake. With Skylake, Microsoft got burned by the immaturity between Windows and the chips which resulted in faulty hardware and a serious black eye to the brand’s high-quality reputation. Even though Microsoft and Intel have worked together for decades, insiders at Microsoft have described that the company’s relationship with Intel as being on shaky ground. And when it comes to next-generation devices, look for the company to start to diversify away from a purely-Intel lineup. This means a move to testing the waters with AMD and an ARM chip; the company currently has prototype devices using these types of components. On the laptop side, Microsoft is experimenting with using an AMD Picasso SoC which is of the 12nm flavor for a variant of their Surface Laptop. On the Pro side, Microsoft currently has prototypes of a Surface Pro with a Snapdragon chip inside as well. The Pro device with an ARM chip inside is a device that is being developed on-campus in Redmond. Previous devices, like the Surface Go, are sometimes outsourced to ODM (Original Device Manufactures). The interesting bit about the ARM Pro is that Microsoft is developing a custom SoC code-named Excalibur. Unlike previous attempts with ARM, I am told that Microsoft worked extremely closely with Qualcomm to build this chipset, based on their own specifications, to design a chip that would work better with Windows 10. This new SoC may be used as a reference device for other OEMs who are looking to use the 8cx (or similar) in upcoming products. But the company isn’t going to drop fully drop Intel; the brand power behind the Intel name will still help to move hardware and the company will have new flavors of the Book, Pro, and other devices that still using chips from that manufacturer. Such as the Pro 7, which will retain a similar design to the Pro 6 but will finally include a USB-C port, I don’t expect it to include Thunderbolt 3. Microsoft has a redesigned Surface Pro device code-named Carmel that does feature an updated look that was previously expected to launch this year. Insiders at the company are saying that this design has been punted until next year. Earlier this week, Forbes posted what they believed will be the specs for the upcoming Centaurus device. The hardware, which features two displays that are connected with a hinge, has multiple configurations currently, some have an ARM processor but others are based on Intel. While Microsoft could show off the device, I don’t expect it to ship this year and further, the business justification for the hardware has yet to materialize; Microsoft doesn’t yet have a compelling reason to sell the device. One thing that is clear, Microsoft needs to show leadership in the ARM space with its own first-party hardware and with the 8cx becoming commercially available this fall, if Microsoft doesn’t ship a device with the chip, or a derivative of the chip, why would anyone take this new attempt to ship Windows-on-ARM seriously? In October, Microsoft is targeting a hardware event that will likely include new Surface goods but there may also be a software story to tell. The company’s ‘Teams for Life’ or the consumer version of Microsoft 365, may also make an appearance around this time. Source
  17. Microsoft and Intel Promise They Won’t Abandon Huawei Devices Running Windows An executive order signed by United States President Donald Trump in mid-May bans Huawei from working with American companies and using their products, including here both hardware and software. With Huawei using Android and Windows to power its phones and PCs, many wondered whether existing customers would still be receiving any updates following the company getting blacklisted in the United States. And while the ban did not concern models already on the market, some companies turned to decisions that pointed to an at least uncertain future for Huawei devices, including laptops running Windows 10. Microsoft originally pulled all Huawei computers from the Microsoft Store, but the software giant overturned this decision a couple of weeks later explaining that the existing inventory can go back on sale. “We have been evaluating, and will continue to respond to, the many business, technical and regulatory complexities stemming from the recent addition of Huawei to the U.S. Department of Commerce’s Export Administration Regulations Entity List. As a result, we are resuming the sale of existing inventory of Huawei devices at Microsoft Store,” Microsoft said.Software updates won’t be stoppedNow the software giant expresses its full commitment to Huawei products in a statement for PCWorld, and it emphasizes that updates would continue to be offered. “We remain committed to providing exceptional customer experiences. Our initial evaluation of the U.S. Department of Commerce’s decision on Huawei has indicated we may continue to offer Microsoft software updates to customers with Huawei devices,” the company said. Intel also confirmed for the cited source that Huawei devices will continue to receive security updates and drivers just like before the company got banned by the US government. Meanwhile, the bigger question is how Huawei plans to handle the release of new products, which according to the executive order should no longer use Windows. The Chinese tech giant is already working on its own in-house operating system to replace Windows, but the priority seems to be mobile rather than the PC market. Source
  18. Microsoft confirms that Huawei devices will continue to be upgraded and supported Despite concerns regarding the future of Huawei hardware due to government regulations, Microsoft confirms that Huawei devices will continue to receive updates and support. What you need to know Microsoft confirms that Huawei devices will continue to receive updates and support. Concerns have arisen regarding the future of Huawei hardware in response to U.S. government regulations. Huawei stated that its devices would continue to be supported last week. Microsoft confirmed that Huawei devices will continue to receive updates and support in a recent statement to PC World. Concerns have arisen regarding the future of Huawei devices following Huawei being placed on the U.S. entity list. Being on this list bans U.S. companies, including Microsoft and Intel, from trading with Huawei. While the entity list could have implications regarding devices being released in the future, a Microsoft spokesperson clarified the status of Huawei devices going forward regarding updates and support: We remain committed to providing exceptional customer experiences... Our initial evaluation of the U.S. Department of Commerce's decision on Huawei has indicated we may continue to offer Microsoft software updates to customers with Huawei devices." Huawei made a similar statement last week in an FAQ on their website, stating "All Huawei smartphones, tablets, and PCs will continue to receive security patches, Android updates and Microsoft Support." While current laptops are confirmed to receive updates and support going forward, the government regulations could affect future hardware releases. Huawei already had to delay the launch of a laptop due to the restrictions. Source
  19. Of the five biggest tech companies in the U.S., Microsoft is the only one that isn't currently in the crosshairs of U.S. antitrust authorities. The software giant already took its turn through the regulatory wringer starting two decades ago, a years-long confrontation that resulted in the finding that the Redmond, Washington-based company had illegally maintained its monopoly for personal-computer operating-system software. The case dealt with the company's moves to kneecap the Netscape web browser by bundling its own product, Internet Explorer, into Windows, the dominant PC operating system. A federal judge ordered the company split in two in 2000, a fate Microsoft avoided when an appeals court reversed that part of the ruling and the company eventually settled. That 2002 settlement led to nine years of court supervision of the company's business practices and required Microsoft to give the top 20 computer makers identical contract terms for licensing Windows, and gave computer makers greater freedom to promote non-Microsoft products like browsers and media-playing software. Because observers and legal pundits almost uniformly agree the software giant did virtually everything wrong in the course of the investigation -- which had its start as early as 1990, followed by a 1998 Justice Department lawsuit -- in retrospect its story serves as a useful instruction manual of what not to do. While no formal inquiries have yet been opened, the Federal Trade Commission and Justice Department carved up the territory of big tech -- Amazon.com, Apple, Google and Facebook -- as they prepare to dig in on antitrust issues. The Department of Justice will look at Google, which dominates the online search and advertising spaces, and Apple, whose pervasive App Store is likely to be under examination. The FTC drew Facebook, with its behemoth social networking and messaging apps and a slew of recent privacy missteps, and e-commerce giant Amazon, which has been pushing into areas like grocery and health. As these companies build their legal teams and prepare strategies for the fight ahead, here are several lessons that Google, Amazon, Apple and Facebook can learn from Microsoft's battle with the feds. - Don't deny the obvious. Or don't even put up a fight about whether you have a monopoly. Microsoft, whose Windows software accounted for about 90% of the market for PC operating systems, opted to argue that the space was actually competitive. Parts of the argument included videos where Microsoft employees offered a straight-faced marketing pitch for the benefits of rival Linux programs with a tiny share of the market. The impulse is understandable -- monopoly sounds like a dirty word. But U.S. antitrust law doesn't expressly forbid having a monopoly; it outlaws doing certain things to establish, maintain or extend one. That led some legal scholars to argue that Microsoft would have been better served by copping to the Windows monopoly and establishing a legal beachhead against the idea that it did anything illegal to gain it or keep it. Arguing against something so self-evident via the company's very first witness strained credibility and started the case off on a bad footing.It's easy to imagine a similar issue applying to Google, which has more than 84% of the web-search market and controls 82% of mobile-phone operating systems. In the app-store business, Google and iPhone maker Apple together control more than 95% of all U.S. mobile app spending by consumers, according to Sensor Tower data. It could be more effective for these companies not to start by denying that leadership position -- if you have 80% or 90% percent of a market, arguing that you don't really dominate isn't the hill you want your legal reasoning to die on. - Don't resort to spin. Microsoft's credibility with the press was no higher, hurt by constant counterfactual statements and spin. Each day, after a bruising in court as government lawyer David Boies poked holes in executive testimony and Judge Thomas Penfield Jackson alternated between chuckling at the witnesses and chastising them, Microsoft deployed a hapless PR person to the steps of the courthouse to recite the words, "Today was another good day for Microsoft." It never was. - Assume everything will be made public. Among the list of horrifying moments for Microsoft in court was the public showing of parts of the 20 hours of depositions of co-founder and Chief Executive Officer Bill Gates. The tapes (yes, they were tapes -- this was the 90s) showed an ill-lit, evasive and combative Gates engaging in Clintonian word-wrangling, such as asking about the definition of the word "definition" and arguing what "market share" meant. Microsoft claimed it had been assured the tapes would never be shown in court, or the company would have taken greater care with Gates's appearance and manner. During their playback in court, the judge laughed at several points -- not the impression the software giant wanted to make on either Jackson or the public. Jackson told New Yorker reporter Ken Auletta that Gates came off as "arrogant" in the depositions. Just as bad for Microsoft, an array of internal emails were read aloud in court that contradicted the testimony of its executives, which further angered Jackson. The takeaway? Assume everything will be aired in the court of public opinion. If it was true 20 years ago, it's even more apparent in the current era of oversharing, thanks to the tech companies' own services. - Don't be condescending about the technology. Most lawyers, judges and regulators don't appreciate being told or having it implied that they lack the ability to comprehend certain tech concepts. Or that the reason they think there's been an antitrust violation is because they just don't "get" the technology. It was true that Jackson and Boies seldom used a computer at the time. But it didn't require a computer science doctorate to divine the legal merits of the case. At the height of Microsoft's hubris (or carelessness, or both), the company sent Windows chief Jim Allchin to the stand with a doctored video that purported to show how computing performance would be degraded when the browser was removed from Windows on a single PC. It was actually done on several different computers and was an illustration of what might happen rather than a factual test, as the company initially claimed -- a fact that came to light only after several days of the government picking through every inconsistency in the video. Microsoft remade the simulation several times in an effort to save the testimony. The company seemed to think it could get away with baldy stating a technological claim and mocking up something that backed it up, perhaps reasoning that no one would know the difference, but it miscalculated badly. - Choose your lawyers wisely. Microsoft took on the U.S. government led by a combative Gates and an equally aggressive general counsel, Bill Neukom. Gates, the son of an attorney, was outraged, frustrated and convinced the company was being unfairly targeted. One of the company's outside lawyers, from the firm Sullivan & Cromwell, said the company could put a ham sandwich into Windows if it wanted to. And throughout, Neukom not only failed to tamp down his executives' worst impulses, he seemed to amp them up. His legal style led observers to point out that his last name -- pronounced `nuke 'em' -- was quite fitting. The U.S. government's latest antitrust targets should take heed: If your top executive's style tends towards waving a red flag in front of a bull, you may be wise to consider a top lawyer with a more conciliatory style. Google's top executives have already raised the ire of lawmakers for refusing to appear before Congress, and no one has ever accused Jeff Bezos of being afraid of a fight. At Facebook, where Zuckerberg regards Gates as a mentor and observers see similarities in their styles and temperaments, this lesson might be particularly important. - There are many different ways to lose. Right now, the companies are only at risk of an inquiry -- the agencies are deciding what, if any, action to take. But even at this stage, they should keep in mind that a loss doesn't only mean a full-scale breakup or forced divestiture. Companies can avoid that extreme fate and still find, as Microsoft did, that the years of distraction from the fight have hampered their business and sucked up executive time and mental energy. In an interview last year at the Code Conference, Microsoft President and Chief Legal Officer Brad Smith lamented the distraction the case caused, and cited it as a reason the company missed out on the search market -- the business that fueled the runaway success of Google, now under the microscope itself. Others have pinned Microsoft's abysmal performance in mobile computing partially on constraints and distractions from the case. Some of the company's business missteps can fairly be attributed to poor execution and strategic errors that had nothing to do with the government dispute. Still, the notion that merely fighting an antitrust battle may do almost as much harm as losing one brings us to our last point. Consider settling early. It's hard to say with certainty what the late 1990s and early 2000s might have looked like for Microsoft had it found a way to settle with the government earlier than 2002. Still, for the government's current targets, it's worth weighing a settlement against the impact of several years of investigation, a possible loss in court and potentially harsher restrictions or remedies. Amazon, Apple, Facebook and Google probably have a pretty good idea of what regulators may object to, and it's worthwhile for them to consider ways to assuage those concerns while keeping the core of their businesses and future ambitions intact. The alternative is years of investigations, possibly damaging evidence and testimony, and ample distraction, all leading up to what could be a devastating loss in court. Source
  20. (Reuters) - Dell Technologies Inc, HP Inc, Microsoft Corp and Intel Corp on Wednesday opposed U.S. President Donald Trump’s proposal to include laptop computers and tablets among the Chinese goods targeted for tariffs. Dell, HP and Microsoft, which together account for 52% of the notebooks and detachable tablets sold in the United States, said the proposed tariffs would increase the cost of laptops in the country. The move would hurt consumers and the industry, and would not address the Chinese trade practices that the Trump administration’s office of the U.S. Trade Representative (USTR) seeks to remedy, the four companies said in a joint statement posted online. Implementing the proposed tariffs would increase U.S. prices for laptops and tablets by at least 19%, or around $120 for the average retail price of a laptop, the companies said, citing a recent study by the Consumer Technology Association. “A price increase of that magnitude may even put laptop devices entirely out of reach for our most cost-conscious consumers,” the companies said, noting that the price hikes would occur during peak holiday and back-to-school seasons. In a separate statement, Microsoft, along with video game makers Nintendo of America Inc and Sony Interactive Entertainment LLC said the tariffs on video game consoles could stifle innovation, hurt consumers and put thousands of jobs at risk. The USTR kicked off seven days of testimony from U.S. retailers, manufacturers and other businesses about Trump’s plan to hit another $300 billion worth of Chinese goods with tariffs. The hearings will end on June 25 and the tariffs will not come into effect until after July 2, when a seven-day final rebuttal comment period ends. Source
  21. While Microsoft has focussed much time and energy on its successful Office 365 service, that hasn't stopped the company from also dabbling in the hardware space by bringing back the Classic Intellimouse in 2017 and, more recently, the Pro Intellimouse. Of course, for years the company has had a range of keyboards available for sale, including its rather distinctive Natural and Sculpt Ergonomic Keyboards. Aside from its unique shape, the Natural Keyboard was also the first to introduce the Windows key back in 1994 as a more convenient way to access the Start Menu compared to the Ctrl + Esc key combination. At the same time, Microsoft also included the menu key, designed to trigger the context menu otherwise invoked by clicking the right mouse button on an object in Windows 95. Now, it appears that the ongoing existence of menu key could perhaps be under threat. According to prolific leakster, @WalkingCat, Microsoft has been conducting a trial involving a new "Office key" and the Windows 10 May 2019 Update, with the test covering a range of keyboard shortcuts leveraging the new key. The survey also asks respondents whether or not they would like to see the Office key on a laptop and if other shortcuts could be added, particularly if they "are cross-app, don't have a shortcut today, and/or speed up a multi-step task". Given the relatively low usage of the menu (mouse right click) key on keyboards or, in some cases, complete omission of the key, it might make sense for Microsoft to repurpose the menu key or at least its physical real estate for a potentially more functional and relevant one. Of course, only time will tell if an Office key will hit the mainstream and supplant its menu-invoking cousin. Source
  22. Microsoft is buying Pull Panda and immediately making all subscriptions to its tools available for free in the GitHub Marketplace. Microsoft has acquired GitHub tool vendor Pull Panda for an undisclosed amount, the company announced on June 17. Microsoft plans to use Pull Panda's technology to improve code-review workflows on GitHub, officials said. The year-and-a-half old Pull Panda provides Pull Reminders, Pull Analytics and Pull Assigner to improvde the code-review process. Pull Reminders allow developers to notify developers that a collaborator needs their review. Pull Analytics can provide stats on everything from wait times to top contributors. And Pull Assigner helps automatically distribute code across teams. All three of these Pull Panda tools are available as of today for free in the form of a single GitHub Marketplace application called Pull Panda. Microsoft is discontinuing Enterprise plan subscriptions but will continue to offer existing Enterprise plan customers support through Pull Panda's on-premises offering. Microsoft officials said they plan to integrate these features into GitHub, with no timeline or further details available at this time. Source
  23. Microsoft issued a warning over the weekend about an active Linux worm that is targeting a recently disclosed Linux Exim mail server vulnerability. Though existing mitigations exist to block the worm functionality of this infection, Microsoft states that Azure servers can still be infected or hacked through this vulnerability. Exim is a very popular mail server software, or message transfer agent (MTA), that is used to send and receive email for its users. Recently, the CVE-2019-10149 vulnerability was discovered in Exim 4.87 to 4.91 that allows an attackers to remotely execute commands on a vulnerable server. Last week, Amit Serper of CyberReason discovered an active worm utilizing this vulnerability to infect Linux servers running Exim with cryptocurrency miners. The worm would then utilize the infected server to search for other vulnerable hosts to infect. In an article posted Saturday, the Microsoft Security Response Center (MSRC) confirms that they have detected this worm targeting Azure customers. "This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91," stated a blog post by  JR Aquino, a Microsoft manager in Azure Incident Response. "Azure customers running VMs with Exim 4.92 are not affected by this vulnerability. " Exim update timeline from RiskIQ Mitigations exist that block worm functionality In order to stop spam being sent through Azure servers, Microsoft created new restrictions on how servers can send outbound email. These restrictions have also provided mitigation towards the worm capabilities of this infection. Microsoft warns, though, that even though the worm functionality is being mitigated, it does not mean that vulnerable Azure server are protected from the remote code execution vulnerability and could still be infected or hacked. "Azure has controls in place to help limit the spread of this worm from work we’ve already done to combat SPAM, but customers using the vulnerable software would still be susceptible to infection," stated Aquino. Microsoft suggests that Azure customers utilize Network Security Groups (NSGs) to filter or block traffic to their servers. Aquino warns, though, that if the NSG contains a list of IP addresses that are permitted to access the server, these IP addresses could still be used to remotely execute commands on a vulnerable server. Due to this, Microsoft strongly recommends all Azure users upgrade installed Exim mail servers to version 4.92, which contains a patch that fixes this flaw. This is the second weekend in a row that Microsoft has issued a warning about known malware threats. The previous warning was about a spam campaign using the Microsoft Office and Wordpad CVE-2017-11882 vulnerability, which was fixed in 2017. Source
  24. Four of the flaws are publicly known but none have been listed as under active attack. Microsoft today patched 88 software vulnerabilities and issued four advisories as part of its monthly Patch Tuesday update. Four are publicly known; none have been seen exploited in the wild. The June fixes released today cover a broad range of products and services including Microsoft Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore, Skype for Business, Microsoft Lync, Exchange Server, Azure, and SQL Server. Twenty-one patches were deemed Critical in severity, 66 are categorized as Important, and only one is ranked Moderate. While none of the bugs patched this month are under active attack, this is an especially large batch of fixes. Here are some of the noteworthy bugs in Microsoft's June roundup. Publicly known vulnerabilities were disclosed by security researcher SandboxEscaper via Twitter last month: CVE-2019-1053 (sandboxescape) is a flaw in the Windows Shell that could allow elevation of privilege on affected systems by escaping a sandbox; it affects all Windows operating systems. CVE-2019-1069 (BearLPE), an elevation of privilege vulnerability in Windows Task Scheduler, exists in the way Task Scheduler Service validates some file operations. Other publicly known bugs include CVE-2019-0973 (InstallerBypass), which occurs when the Windows Installer fails to properly sanitize input, leading to an insecure library loading behavior. An attacker could exploit this to run malicious code with elevated privileges. CVE-2019-1064 (CVE-2019-0841 BYPASS) could also be used to elevate privileges on target systems. Exploits for all of these were posted on GitHub by the researcher, who had published zero-days in the past. When the bugs were publicly disclosed in May, researchers predicted the likelihood of danger was low; still, there remained a chance the code would be integrated into malware. Even though the proof-of-concept code was posted online, this didn't happen. Remote code execution (RCE) vulnerabilities were common. Three Critical vulnerabilities patched were Hyper-V RCE bugs (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722). This stood out to Jimmy Graham, Qualys' senior director of product management. All would let an authenticated user on a guest system run arbitrary code on the host. While Microsoft says exploitation is less likely, he says "these patches should still be prioritized for Hyper-V systems." Also patched today were CVE-2019-1019, a Windows Security Feature Bypass Vulnerability, and CVE-2019-1040, a Windows NTLM Tampering Vulnerability. Both were reported by Preempt. Greg Wiseman, senior security researcher with Rapid7, calls CVE-2019-1019 a "nasty-looking" bug that could enable an attacker to steal a session key using a specially crafted NETLOGON message; in doing so, they could access other systems by posing as the original user, he says. Researchers found that although domain controllers would deny requests if the expected machine name was different from the one that established the secure channel, the controllers would accept requests if the computer name field was missing, they explain in a blog post. As for CVE-2019-1040, Preempt researchers bypassed the Message Integrity Code protection in NTLM authentication and could change any field in the NTLM message flow. The bypass could let attacker relay authentication attempts which have negotiated signing to another server, while removing the signing requirement. All servers that don't enforce signing are vulnerable. Source
  25. Microsoft warns about email spam campaign abusing Office vulnerability Dangerous spam campaign targets European users with backdoor trojan. Microsoft's security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target European users, as the emails are sent in various European languages. "In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload," the Microsoft Security Intelligence team said. The final payload is a backdoor trojan, Microsoft said. Fortunately, the trojan's command and control server appears to have gone down by Friday, when Microsoft issued its security alert. However, there is always the danger of future campaigns that may exploit the same tactic to spread a new version of the backdoor trojan that connects to a working server, allowing crooks direct access to infected computers. CVE-2017-11882 VULNERABILITY The good news is that users can be completely safe from this spam campaign. The initial infection vector relies on an old Office vulnerability that Microsoft patched back in November 2017. Users who applied the November 2017 Patch Tuesday security updates should be safe. The vulnerability is tracked as CVE-2017-11882. This is a codename for a vulnerability in an older version of the Equation Editor component that ships with Office installs, and used for compatibility purposes in addition to Microsoft's newer Equation Editor module. Back in 2017, security researchers from Embedi discovered a bug in this older component that allowed threat actors to execute code on users' device without any user interaction whenever a user would open a weaponized Office file that contained a special exploit. Because Microsoft appeared to have lost the source code for this old component, and after the discovery of a second Equation Editor bug in 2018, Microsoft decided to remove the older Equation Editor component altogether from the Office pack in January 2018. However, it is known that many users and companies often fail or forget to install security updates in a timely manner. CVE-2017-11882, ONE OF TODAY'S MOST POPULAR VULNERABILITIES Malware operators have jumped on this exploit and have weaponized it ever since the end of 2017, knowing they'll have ample time to take advantage of forgetful users who don't bother with security updates. And they did. They used the exploit over and over again, numerous times. A Recorded Future report ranked the CVE-2017-11882 as the third-most exploited vulnerability of 2018, and similar Kaspersky report also ranked it at the top of the list. The exploit itself is a godsend, as it needs no user interaction, unlike most other Office exploits, which require that users enable macros or disable various security features via popups. While Microsoft has warned this week that CVE-2017-11882 is being used for mass-spam campaigns, the exploit is also very popular with hacker groups engaged in very targeted attacks, such as economical espionage or intelligence gathering. For example, this week, in two different reports [1, 2], FireEye said CVE-2017-11882 was shared among different Chinese cyber-espionage groups. The fact that several Chinese state-sponsored hacking groups are using this exploit stands testament to its efficiency and another reason why users need to be aware of it and apply the necessary patches. Source
  • Create New...