Jump to content

Search the Community

Showing results for tags 'microsoft'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 917 results

  1. Microsoft’s Skype struggles have created a Zoom moment Skype is missing out to Zoom and others during the coronavirus pandemic IfIf the coronavirus pandemic had swept across the world in 2011, everyone would have been using Skype to connect over video and voice calls. Instead, rivals like Zoom and Houseparty are having a moment of huge growth in 2020 thanks to consumers looking for Skype alternatives. In recent weeks we’ve seen people across the world sheltering at home and holding virtual yoga classes, beers with friends, and even school classes all over Zoom. It’s a unique once in a decade situation that’s highlighted Microsoft’s beleaguered Skype acquisition in a big way. Microsoft originally acquired Skype for $8.5 billion back in 2011. It was the same year that Zoom and Snapchat were founded, and Apple launched its iPhone 4. Skype had more than 100 million active users back then, and 8 million of those were paying to use the service to make and receive calls using the voice over internet protocol (VoIP). Skype was the main way consumers actually talked to each other over the internet, with video calls making up 40 percent of all Skype usage back in 2011. Skype had become so big that in 2011 The Onion joked that “Skype” would be added to the dictionary. Three years later, the verb was added to the Oxford English Dictionary, highlighting how popular the service had become. But Microsoft faced some big challenges early on to transform Skype into a profitable business and keep it relevant for consumers. Microsoft’s Skype acquisition came just as chat apps like WhatsApp, Messenger, Snapchat, and WeChat were starting to gain momentum and challenge Skype’s dominance. Surprisingly, Microsoft opted to ditch its own popular Windows Live Messenger service in favor of Skype to try and ward off competition. Microsoft had one big problem to solve early on, though. The company had acquired a service that was based on peer-to-peer (P2P) technology, which made it less efficient on mobile devices. This is where a lot of Microsoft’s Skype problems began. Microsoft transitioned Skype from these P2P networks to cloud-powered servers back in 2013, in order to capitalize on Skype integration on Windows Phone and improve its mobile apps in general. Skype also became the default messaging app for Windows 8.1 back in 2013, and even shipped as part of Microsoft’s big Kinect push for the Xbox One console in the same year. Skype also appeared on the web as part of Outlook.com in 2013. All of this was powered by Microsoft’s transition away from Skype’s traditional P2P networks, but it was messy. Skype on Windows Phone. The transition lasted years, and resulted in calls, messages, and notifications repeating on multiple devices. Skype became unreliable, at a time when rivals were continuing to offer solid alternatives that incorporated messaging functionality that actually worked and synced across devices. Instead of quickly fixing the underlying issues, Microsoft spent years trying to redesign Skype. This led to a lethal combination of an unreliable product with a user experience that changed on a monthly basis. I wrote back in 2016 that Microsoft needed to fix Skype, instead of adding in useless emoji and launching and abandoning its Qik video messaging app. Microsoft didn’t really listen, though. The company went in a completely different direction with Skype in 2017, with a design that turned the app into something that looked like Snapchat. Unsurprisingly, people weren’t happy with the design and Microsoft was forced to kill off the Snapchat-like features and redesign Skype once again a year later. During this time, Microsoft also pushed Skype for Business as the replacement for its Lync (Office Communicator) enterprise instant messaging software. Skype looked like it would power the future of Microsoft’s chat services across consumers and businesses, until Microsoft Teams arrived in 2016. Teams has quickly become Microsoft’s focus for chat and communications in recent years. The company has been aggressively pushing businesses to adopt Teams, at a time when rivals like Slack are trying to win big businesses over. Microsoft Teams isn’t just for businesses anymore, either. Just this week, Microsoft announced its Teams plan for consumers. It’s part of a bigger push for Microsoft 365 subscriptions to families and consumers. Microsoft is trying to convince consumers that Teams can be used to connect to friends and family in a group chat or through video calls, and share to-do lists, photos, and other content all in one location. Microsoft thinks people who plan trips with friends or organize book clubs and social gatherings will be interested in Teams. This Teams push has taken the spotlight off Skype in recent years, though. Microsoft has used the underlying technology it has with Skype to power its video and voice calls in Teams, while rewriting the chat and messaging experience that the company struggled to get right with Skype’s Messenger transition. All of this has now led Microsoft to throw its weight behind Teams, even for consumers. Skype isn’t likely to go away anytime soon, but it’s not Microsoft’s focus anymore. “For now, Skype will remain a great option for customers who love it and want to connect with basic chat and video calling capabilities,” says a Microsoft spokesperson in a statement to VentureBeat. “With the new features in the Microsoft Teams mobile app, we see Teams as an all in one hub for your work and life that integrates chat, video calling, [and the] ability to assign and share tasks, store and share important data with your group, [and] share your location with family and friends, whereas Skype is predominantly a chat and a video calling app platform. We have nothing more to share.” Skype’s 2014 design. Skype’s 2017 design. Skype’s 2018 design. Microsoft Teams for consumers. Microsoft said in 2015 that Skype had 300 million active monthly users. The company hasn’t updated those numbers in the tumultuous period that followed. We still don’t know exactly how many people are using Skype, but Microsoft did provide some hints this week. During a press briefing, Microsoft revealed Skype is used by 200 million people, an active user count that’s based over a period of six months and not a monthly active user count. During the coronavirus pandemic, this usage has increased to 40 million people using Skype daily, up 70 percent month-over-month. That suggests that around 23 million people were using Skype daily, before the increase in demand. Microsoft is refusing to provide monthly active user counts for Skype, most likely because the company doesn’t want any obvious comparisons to competitors or the 300 million it previously revealed in 2015 when the service was still growing. 40 million daily users is still a big number, even when chat apps like WhatsApp have since passed 2 billion users, and Telegram has exceeded 200 million monthly active users. The real question is how are rivals like Zoom, Houseparty, and even Google’s Hangouts growing during this ongoing coronavirus pandemic? Houseparty and Zoom have both exploded in growth in the UK and US. Zoom currently sits at the top of the US App Store list, and second position in the UK App Store list. Houseparty is at the top in the UK, and number three in the US. Skype sits at number 75 in the US, and number 15 in the UK. Microsoft isn’t totally losing out here though, the company’s Teams mobile app is number seven in the US and number six in the UK. Katie Baki leads a yoga class over Zoom. ”Zoom does not share any numbers around users / usage, signups, or total number of customers,” says a Zoom spokesperson in a statement to The Verge. So it’s impossible to know the true number of Zoom users right now. Some estimates suggest Zoom had close to 13 million monthly active users last month, before consumers and businesses turned to the service in large numbers. One of the many reasons consumers are flocking to Zoom and Houseparty is that they’re easy to use. Zoom users don’t need an account, it’s free to use for up to 40 minutes, and you can join meetings with just a simple link or code. Skype offers a way to create video meetings with no sign ups or downloads, but you probably didn’t even know this feature existed. Instead, Zoom’s simple app approach has won people over. That ease of use has led to criticism over Zoom privacy, and the phenomenon of “Zoombombing,” where an uninvited guest uses Zoom’s screen-sharing feature to broadcast shock videos. Houseparty is equally easy to use, but it’s facing hacking rumors that the company is strenuously denying. Houseparty says it’s “investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty.” The firm is even offering to pay out $1 million to “the first individual to provide proof of such a campaign.” Even if Zoom and Houseparty won’t provide actual user numbers, it’s clear from the many stories of people using the services and anecdotal evidence that there’s some serious growth going on here. A recent App Annie report shows that Houseparty, Google Hangouts, Microsoft Teams, and Zoom are all seeing phenomenal growth for different reasons. Skype is still being used by broadcasters and in many locations worldwide, but a lot of people are turning elsewhere for video calls. Houseparty video calls. There are many reasons for Skype missing out on this key mindshare moment, but Microsoft’s missteps with Skype’s reliability and user interface are surely to blame. This is highlighted best with Skype for Windows. After years of struggling to decide between touch-friendly (Universal Windows Platform) vs. traditional desktop Skype, Microsoft is now reversing course on its Skype for Windows plans. Skype will soon migrate to an Electron-powered app, instead of UWP. It acts far more like a traditional desktop app now. “For users of the UWP app, it’s a background upgrade and we migrate your credentials, similar to what happens when updating an app on a mobile device,” says a Skype spokesperson in a statement to The Verge. “Customers will see the same Skype UI but they may see different functionality since Electron has more features than UWP.” This, alongside the Teams focus, are early signs of where Skype will end up. Microsoft wasn’t afraid of ditching the 100 million people using Windows Live Messenger years ago, and I wouldn’t be surprised to see the company try and push Skype users over to Teams in the months ahead. Like Microsoft said, “For now, Skype will remain a great option for customers who love it and want to connect with basic chat and video calling capabilities.” The “for now” part of that statement is a telling sign that Microsoft’s focus is now Teams, not Skype. Correction: Skype had around 23 million daily active users before the coronavirus pandemic, not 12 million as previously stated. We regret the error. Source: Microsoft’s Skype struggles have created a Zoom moment (The Verge)
  2. Microsoft gets ready for a new era of Windows New Windows leadership means a new vision and focus Microsoft reorganized its Windows + Devices team last month, placing Surface chief Panos Panay in charge of both Windows and hardware. While it’s still early days for Panay, we’re starting to get an idea of how things might change with Windows. That starts with a new Windows Insider leader, Microsoft’s beta program that sees millions of people testing Windows 10. “In my first 30 days as the Windows leader, as I’ve been spending time listening, learning, and working with the team to build a vision for the next era of Windows, I’ve been in awe of the Insiders group and the level of dedication and depth of knowledge they have,” explains Panay in a new blog post today. “To keep this momentum going and continue to grow and innovate in Windows, it’s clear we need the right person to lead this powerful community into the next era, which is why I’m excited to announce Amanda Langowski as the new lead for the Windows Insider Program.” Langowski is a Microsoft and Windows veteran, having worked at the company for more than 20 years. Langowski previously worked on Windows beta programs, Windows Mobile, Windows Phone, and the all-important flighting team that makes sure builds of Windows are available for engineers inside and outside of Microsoft. Langowski will now take over as the face of Windows 10 testing and lead an important feedback loop, a role that Dona Sarkar previously led for the past few years. Sarkar has taken a new role in the Microsoft Developer Relations team and remains at the company, while the previous Insider chief, Gabe Aul, left Microsoft last year for a virtual and augmented reality engineering role at Facebook. Microsoft’s Panos Panay. Photo by Tom Warren / The Verge As Panay says, Microsoft is now getting ready to build a vision for where Windows goes next. The software maker has tried a variety of ways to entice creators to Windows over the past five years, but it has walked back some of those changes. The pace of Windows 10 updates has certainly slowed over the past 12 months, leaving testers and Windows fans wondering what’s coming next. Microsoft is obviously focused on Windows 10X for dual-screen devices right now, but there will be plenty of changes coming to the desktop version, too. Panay hasn’t finalized his vision for the direction of Windows, but you can expect to see a renewed focus on the OS at Microsoft. That will no doubt include some of the pumped energy Panay is famous for, but also a focus on simplifying the operating system and cleaning up some areas that haven’t been looked at for quite some time. Microsoft CEO Satya Nadella’s bold goal was “we want to move from people needing Windows to choosing Windows, to loving Windows,” five years ago. It’s fair to say Windows 10 has certainly improved over the past five years, but a fresh vision for where it needs to go and a face for Windows is very much needed. I expect, and certainly hope, to see a bigger focus on Microsoft adapting the OS to the people who truly use it every day and rely on Windows. That’s not to say there won’t be some big new features that the company will develop, but PowerToys for Windows 10 and the Windows Terminal have been some great additions. We’re starting to see some of the simplifications for Windows show up, with new icons and even some tweaks to the Start menu. Panay celebrated a billion Windows 10 users with a teaser video last week, and it’s clear the Windows team is looking at cleaning up parts of the UI. Microsoft is ready to listen again, with new leadership involved at the top of Windows and how the company receives feedback. We’re now waiting to hear exactly what the next era of Windows will bring. Some of those answers might not be too far away. Source: Microsoft gets ready for a new era of Windows (The Verge)
  3. Microsoft: 99.9 percent of hacked accounts didn’t use MFA Only 11 percent of all enterprise accounts have multi-factor authentication enabled More than 99.9 percent of Microsoft enterprise accounts that get invaded by attackers didn’t use multi-factor authentication (MFA). This stark, though not entirely surprising, finding comes from a presentation that Alex Weinert, the tech giant’s Director of Identity Security, delivered at the RSA 2020 security conference in San Francisco in late February. Overall, only 11 percent of Microsoft enterprise accounts had MFA enabled. According to Microsoft, an average of 0.5 percent of all accounts is breached every month; in January of this year, this was equivalent to more than 1.2 million accounts. “If you have an organization of 10,000 users, 50 of them are going to be compromised this month,” said Weinert. The break-ins were facilitated by two factors. First, it was the lack of MFA deployment in applications using old email protocols that don’t support MFA, such as SMTP, IMAP and POP. The second factor involved people’s poor password hygiene, specifically their penchant for extremely simple passwords and for reusing their passwords across multiple accounts, both company and private. Around 480,000 compromised accounts, which represents some 40 percent of the total, fell victim to password spraying. Using this automated method, attackers test some of the most commonly used passwords to see if they work for breaking into large numbers of other accounts. And work they do, with Weinert noting that password spraying attacks opened the door to 1 percent of the accounts against which they were deployed in January. On average, attackers would try around 15 passwords. Roughly the same number of accounts fell victim to password replay attacks, also known as breach replay attacks. In these cases, ne’er-do-wells leverage lists of credentials spilled in data incidents and try out the same login combinations at other services. Almost all password spraying and password replay attacks took aim at common legacy authentication protocols – 99.7 percent and 97 percent, respectively. The probability of a compromise surged to 7.2 percent if SMTP was enabled, to 4.3 percent for IMAP, and to 1.6 percent for POP. What are the easiest fixes? You guessed it – choosing strong and unique passphrases, enabling MFA (also commonly known as two-factor authentication), and disabling legacy protocols. According to Microsoft, the latter measure slashes the likelihood of an account takeover by two thirds. Source
  4. Microsoft launches its Bing Coronavirus Tracker Keeping track of Coranavirus news can be quite the time-consuming process and a burden as well considering that you need to find reliable information. Microsoft just launched its Coronavirus tracker on Bing. COVID-19 Tracker provides statistics and information about the spread of the virus in the world. The startpage lists the total confirmed cases, cases by country, and each of these divided into active, recovered and fatal cases. There is also a map which highlights how individual regions are impacted by the virus. Microsoft is pulling data from several sources including CDC (Centers for Disease Control and Prevention), WHO (World Health Organization), and ECDC (European Centre for Disease Prevention and Control). A click on a country lists active, recovered and fatal cases for that country. More interesting is the news section that provides a chronological list of news bits for the selected region. If you select Italy, one of the countries hit the hardest by the virus at the time of writing, you find a list of news pieces that you may find useful. The news section is powered by Bing News; I saw German and English news articles listed by Bing and the filtering seemed to work fairly well. Chance is that you may get different languages based on the language settings of your computer. There is also a video section below the news part, powered by Bing Video, with videos about the virus and the selected country. One thing that is missing is an option to receive updates. The Coronavirus tracker site does not provide options to receive news updates, e.g. by email, RSS, or messaging service. What you can do, however, is use the Bing News or Bing Video RSS option. All you need to do is append &format=rss to the URL, e.g. turn https://www.bing.com/news/search?q=coronavirus Italy to https://www.bing.com/news/search?q=coronavirus Italy&format=rss to get a RSS feed of the filtered news. You may then subscribe to the news in a RSS feed reader, e.g. QuiteRSS or the browser extension Smart RSS Reader, or any other program, extension or service, to receive updates as they become available. Source: Microsoft launches its Bing Coronavirus Tracker (gHacks - Martin Brinkmann)
  5. Microsoft unveils full Xbox Series X specs with 1TB expansion cards Microsoft is revealing the full specs for its Xbox Series X console today, and it includes support for removable storage and much faster load times for games. The software giant will be using a custom AMD Zen 2 CPU with eight cores clocked at 3.8GHz each, a custom AMD RDNA 2 GPU with 12 teraflops and 52 compute units clocked at 1.825GHz each. This is all based on a 7nm process and includes 16GB of GDDR6 RAM with a 1TB custom NVME SSD storage drive. Microsoft is using two mainboards on this Xbox Series X compact design, and the entire unit is cooled through air being pulled in from the bottom and pushed out at the top via a 130mm fan. Developers will be using the overall 16GB of memory in two ways: there’s 10GB for fast GPU optimal memory, 3.5GB for standard memory, and 2.5GB reserved by the OS. All of this power will include the ability to expand storage through 1TB expansion cards at the rear of the console, with USB 3.2 external HDD support and a 4K Blu-ray drive. Microsoft is targeting overall performance at 4K 60fps, up to 120fps. One of the most obvious improvements that Microsoft is demonstrating with the Xbox Series X today is load times. In one tech demo (above), State of Decay 2 loads a full 40 seconds quicker on the Series X compared to the Xbox One X. That’s a massive improvement over current consoles. Microsoft is using a solid-state drive on the Xbox Series X, and the focus is on speed and load times for next-gen games. The Xbox maker is using something called “Xbox Velocity Architecture,” that is designed to improve the integration between hardware and software for streaming of in game assets. The result will be seen in large open world games, where developers can use this system to create high fidelity environments that load dynamically using the processing power and SSD of the Xbox Series X. This new SSD support will also allow Xbox Series X owners to resume multiple games instantly and even resume titles after the Series X is rebooted for a system update. Game states will be saved directly to the system’s SSD, so you can resume days or even weeks later. Microsoft is demonstrating this quick resume feature, using what looks like the existing dashboard for the Xbox One. Microsoft is also demonstrating some ray tracing aspects of the Xbox Series X today. Ray tracing will enable more realistic lighting changes to games, with improved shadows and cinematic effects. We haven’t seen enough ray-traced games on the PC side just yet, but Microsoft is showing off how the Xbox Series X can handle ray tracing in titles like Minecraft. Microsoft is also optimizing Gears 5 with higher resolution textures, fog, and particles counts, all running in 60fps in 4K. The next-gen Xbox will also support 8K gaming and frame rates of up to 120fps in games. Microsoft has partnered with the HDMI forum and TV manufacturers to enable Auto Low Latency Mode (ALLM) and Variable Refresh Rate (VRR) on the Series X as part of its HDMI 2.1 support. “The team has also been working with the industry’s leading TV manufacturers for the past two years to ensure the display ecosystem is ready for the features coming with Xbox Series X,” explains Microsoft’s Will Tuttle. All of this should reduce latency from when you press a button on an Xbox controller to when you see that movement show up on screen. Speaking of the controller, it’s now USB-C, uses AA batteries, and supports Bluetooth Low Energy. There’s also a new share button for sending clips and screenshots to friends, and existing controllers will work just fine on the new Xbox Series X. Microsoft has also confirmed the physical dimensions of the Xbox Series X. If used vertically, it measures 301mm tall and 151 mm in depth and width. Today’s spec unveiling comes ahead of Microsoft’s plans to fully detail the console to developers later this week. Microsoft is also planning to unveil more details about the games we’ll see for the Xbox Series X in June. Source
  6. Microsoft's New Coronavirus Map Lets You Track The Number Of COVID-19 Cases In Countries Around The World, And Every State In The US Microsoft's interactive map provides information about corona virus cases in every country .. Clicking on a particular country gives a break down of cases .. The map provides data on the number of active cases, recovered cases and fatal cases for every spot on the map .. Users can also click any country on the map for a list of related articles about the chosen region (although keep in mind they can be outdated, as The Verge noted .. The map also includes a breakdown of cases for every US state .. That includes the total number of active, recovered, and fatal cases .. Source
  7. Microsoft app lets you pair your Android phone with Windows To bridge the age-old gap between Android and Windows, Microsoft now has an app called Your Phone, aimed at connecting your Android smartphone or tablet to your Windows 10 computer. — dpa When it comes to sending files between devices, there are any number of ways you can share what's on your phone. Things are a bit trickier when you want to access your phone from Windows, however. To bridge the age-old gap between Android and Windows, Microsoft now has an app called Your Phone, aimed at connecting your Android smartphone or tablet to your Windows 10 computer. It allows you to do things such as transferring photos and videos between devices or typing text messages on your computer. To do so, you need to have the appropriate app installed on your smartphone, namely "Your Phone Companion – Link to Windows." Depending on the smartphone model, other features are available, such as being able to mirror smartphone apps on your computer's screen and use them using the keyboard, mouse or touchscreen on your computer. You can also make and receive phone calls on your PC. A prerequisite is that you have a Windows 10 PC running the Windows 10 May 2019 update. While direct smartphone-to-PC connections via cable are less popular and somewhat more cumbersome, they remain a reliable alternative in many cases and are often faster at transferring large files. – dpa Source
  8. Microsoft launches new WinUI website, listing the advantages of the platform Microsoft has launched a new website for the Windows UI Library (WinUI) (spotted by Rafael Rivera on Twitter) that provides more information on the various advantages of the modern libraries for the development of Windows. WinUI allows developers to access and use Fluent controls, styles, and other UWP XAML controls via NuGet packages. While earlier versions of the WinUI focused on UWP, the Redmond giant has been expanding the framework. The preview version of WinUI 3.0 brought with it support for the full Windows 10 native UI platform. The extended scope of the platform meant that developers could use WinUI XAML with their existing WPF, Windows Forms, and Win32 applications. The website terms WinUI as the modern native UI platform of Windows. The company also states that developers can future-proof their application by using WinUI, and that it is built for Windows 10 and Windows 10X. The company touts “unmatched native performance” owing to WinUI being built on a “highly optimized” C++ core. Win32 applications can be run on Windows 10X through the way of containers. With the majority of Windows apps built on this framework, it is no surprise that the company is urging developers to leverage newer technologies to increase the adoption of its modern OS. The company notes in the website that “WinUI offers a state-of-the-art UI framework for all Windows apps across both Win32 and UWP”. With WinUI, the firm’s goal is to “gradually migrate” apps built on legacy platforms to its modern offerings. Developers that wish to try out the WinUI 3.0 Alpha can head here to register for the Insider Program. You can head here for more information on the Windows UI Library. Source: Microsoft launches new WinUI website, listing the advantages of the platform (Neowin)
  9. Emergency Windows 10 Critical Security Update: Microsoft Urges Users To ‘Take Action’ Microsoft has urged Windows 10 users to apply an emergency critical security update: ASSOCIATED PRESS Just days after the monthly Patch Tuesday swathe of Windows security updates was released, Microsoft has issued an emergency "out of band" update for Windows 10 users in response to the leaking of a critical vulnerability. Microsoft issues critical out of band security update for Windows 1o users Microsoft has urged Windows 10 users to "take action" as the out of band security update for CVE-2020-0796 is released. A critical vulnerability, named as SMBGhost or EternalDarkness by various security vendors, that is both wormable and affects the Server Message Block (SMB) network communications protocol. Yes, the protocol that enables shared access to your files and printers as well as serial ports. And, yes, the same SMB protocol that was exploited by the NSA-developed EternalBlue to such devastating effect during the WannaCry attacks in 2017. Kieran Roberts, head of penetration testing at Bulletproof, said at the time of the leak that "SMB is the protocol used for sharing files, this is the same protocol that was vulnerable to the EternalBlue (CVE-2017-0144) exploit back which was weaponized into the WannaCry ransomware. It appears that this new vulnerability has several of the same hallmarks as EternalBlue. This means that this new vulnerability could result in a resurgence of ransomware attacks such as WannaCry and NotPetya, which both used the very similar EternalBlue exploit." How did the CVE-2020-0796 leak happen? The reason that SMBGhost was disclosed would seem to be a miscommunication in the patching and disclosure process that led to some vendors thinking CVE-2020-0796 would have a fix included in the Patch Tuesday updates. They then accidentally published details of it in their update round-up blogs. Although those disclosures were quickly removed, details rapidly spread across social media, especially within the online Infosecurity community. What has Microsoft said about the SMBGhost vulnerability? As I reported on March 11, the vulnerability sits in the SMB 3.0 network communication protocol, and if successfully exploited by an attacker could enable remote and arbitrary code execution and potentially take control of the system. Microsoft said that it had not yet "observed an attack exploiting this vulnerability," but recommended that users "apply this update to your affected devices with priority." There have, however, already been proof-of-concept exploits developed by security researchers. Which likely means it is only a matter of time, a very short period of time at that, before unpatched systems start being exploited by attackers. What you need to do now The good news for Windows 10 users is, assuming you have automatic updates enabled, no further action will be required as the system will apply the patch to protect against any exploit of this critical vulnerability. However, if automatic updates are disabled, then you will need to update manually and as soon as possible. Microsoft said that it's important to note that the KB4551762 update needs to be applied even if you installed the Patch Tuesday updates. Likewise, if you implemented the workaround measures to disable SMBv3 compression in Microsoft Security Advisory ADV200005, you still need to install this out of band update. If you cannot apply the update, then that workaround is still recommended for organization admins who should also block TCP port 445 at the network perimeter. Everyone else should use Windows Update to check for updates and kick-start the installation process if required or download the KB4551762 update patch directly from the Microsoft update catalog. Which versions of Windows are affected? The following versions of Windows 10 are impacted by this vulnerability: Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems And also: Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Source
  10. Windows has a new wormable vulnerability, and there’s no patch in sight Critical bug in Microsoft's SMBv3 implementation published under mysterious circumstances. Enlarge Michael Theis / Flickr 54 with 38 posters participating Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world. The vulnerability exists in version 3.1.1 of the Server Message Block, the service that’s used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory. The flaw, which is tracked as CVE-2020-0796, affects Windows 10, versions 1903 and 1909 and Windows Server versions 1903 and 1909, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren’t available, and Tuesday’s advisory gave no timeline for one being released. Asked if there was a timeline for releasing a fix, a Microsoft representative said, “Beyond the advisory you linked, nothing else to share from Microsoft at this time.” In the meantime, Microsoft said vulnerable servers can be protected by disabling compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server. Users can use the following PowerShell command to turn off compression without needing to reboot the machine: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force That fix won't protect vulnerable client computers or servers if they connect to a malicious SMB service, but in that scenario, the attacks aren't wormable. Microsoft also recommended users block port 445, which is used to send SMB traffic between machines. Now you see it, now you don’t An advisory published—and then removed—by security firm Fortinet described the vulnerability as “MS.SMB.Server.Compression.Transform.Header.Memory.Corruption.” The pulled advisory said the flaw is the result of a buffer overflow in vulnerable Microsoft SMB servers. “The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet,” Fortinet researchers wrote. “A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.” Cisco’s Talos security team also published—and later pulled—its own advisory. It called the vulnerability “wormable,” meaning a single exploit could touch off a chain reaction that allows attacks to spread from vulnerable machine to vulnerable machine without requiring any interaction from admins or users. “An attacker could exploit this bug by sending a specially crafted packet to the target SMBv3 server, which the victim needs to be connected to,” the removed Talos post said. “Users are encouraged to disable SMBv3 compression and block TCP port 445 on firewalls and client computers. The exploitation of this vulnerability opens systems up to a ‘wormable’ attack, which means it would be easy to move from victim to victim.” Microsoft’s implementation of SMBv3 introduces a variety of measures designed to make the protocol more secure on Windows computers. The update became more widely used after WannaCry and NotPetya used an exploit developed by—and later stolen from—the National Security agency. Known as EternalBlue, the attack exploited SMBv1 to gain remote code execution and move from machine to machine. Microsoft has similarly hardened Windows 10 and Server 2019 to better withstand exploits, especially those that would otherwise be wormable. It’s not clear why Microsoft released the sparse details or why both Fortinet and Talos released and then pulled their advisories. The event came on Update Tuesday, which occurs on the second Tuesday of each month, when Microsoft releases a crop of patches to fix various security vulnerabilities. Risk assessment While CVE-2020-0796 is potentially serious, not everyone said it poses the kind of threat mounted by the SMBv1 flaw that was exploited by WannaCry and NotPetya. Those worms were fueled by the public release of EternalBlue, an exploit that was so reliable it made exploitation a copy-and-paste exercise. Another major contribution to the worms’ success was the near-ubiquity of the SMBv1 at the time. SMBv3, by contrast, is much less used. SMB is also protected by kernel address space layout randomization, a protection that randomizes the memory locations where attacker code gets loaded in the event a vulnerability is successfully exploited. The protection requires attackers to devise two highly reliable exploits, one that abuses a buffer overflow or other code-execution vulnerability and another that reveals the memory locations of the malicious payload. The protection required Buckeye, an advanced hacker group that exploited the SMBv1 flaw 14 months before the mysterious leak of EternalBlue, to use a separate information disclosure flaw as well. Jake Williams, a former NSA hacker and the founder of security firm Rendition Security, said in a Twitter thread that both those factors would likely buy vulnerable networks time. “The TL;DR here is that this IS serious, but it isn't WannaCry 2.0,” he wrote. “Fewer systems are impacted and there's no readily available exploit code. I'm not thrilled about another SMB vuln, but we all knew this would come (and this won't be the last). Hysteria is unwarranted though.” It’s also worth remembering that BlueKeep, the name of another wormable vulnerability Microsoft patched last May, has yet to be exploited widely—if at all—despite dire warnings it posed a serious risk to networks around the world. The cause of the advisories being published and then pulled touched off a fair amount of speculation on Twitter. Microsoft commonly provides details about soon-to-be-released patches with makers of antivirus products and intrusion prevention systems. It’s possible Microsoft delayed release of the SMBv3 patch at the last minute, and these partners didn’t get word of it. Whatever the cause, the cat is out of the bag now. Windows users who have SMBv3 exposed on the Internet would do well to heed Microsoft’s security advice as soon as possible. Source: Windows has a new wormable vulnerability, and there’s no patch in sight (Ars Technica)
  11. Microsoft touts great performance for Windows 10 containers Windows 10X is much more than a new version of Windows 10, as it has been designed to interact with apps, files and software differently than Windows 7 or 10 do. On Windows 10X, every app runs within its own container to protect the OS from potential malware. Windows 10X comes with containers for all types of apps. For example, Win32 Container exists separately for legacy Win32 code and traditional desktops. We also have MSIX Containers that will run inside the Win32 Container. In Win32 Container, users can run system utilities, old traditional apps, and other programs designed for older versions of Windows securely. The container allows Windows 10X to remain fast and the OS won’t get slower after a particular period of time. The traditional Windows 10 also comes with containers such as Windows Sandbox, which creates a secure “Windows within Windows” and you can open browser and surf securely, download apps and run safely without impacting your main system and files. You can also use it to visit websites that you probably shouldn’t. In a new LinkedIn post, Microsoft said they are hiring a Software Engineer to significantly improve performance of Windows Sandbox and Windows 10X Containers. The employee will work with Microsoft and device manufacturers to build a kernel that will boost Windows Sandbox and containers performance. Microsoft is promising great performance for virtualization-based features like Windows Sandbox and Windows 10X containers. The company says its hardware team is also working on battery backup improvements for Surface products. In future, you can expect Windows Sandbox to run apps faster, but it’s unclear what changes are being implemented. Source
  12. MICROSOFT XBOX SERIES S CONSOLE PRICE LEAKS – IT’S QUITE CHEAP It is common knowledge that the Xbox Series X just like the Sony PS5 will have two versions. The console makers are having a hard time keeping the cost low. A recent speculation claims that these consoles would cost between $600 – $800. Of course, the popular opinion believes that the $800 price speculation is “too high”. To this end, the lower version of these consoles may be a consolation for those who can’t afford the high version. Microsoft already revealed that it is the “Microsoft Xbox Series S”. The internal codename of this device is “Lockhart”. There are reports that Microsoft will soon introduce “Lockhart” for the first time. According to speculations, “Lockhart” uses Zen + Navi architecture, GPU floating-point performance 4TFLOPS. Although this number is lower than the Xbox One X, thanks to the RDNA architecture, the actual game performance is above the X1X. MICROSOFT XBOX SERIES S MAY COST JUST $300 In addition, there are reports that the entry price of the “Lockhart” (digital version without an optical drive?) is $ 300. This might be quite interesting for some gamers considering that the Xbox One X costs $499. In addition, some reports believe that the 4GHz Ryzen APU exposed last year may be used on the Xbox Series S. It will use 16GB of RAM, 12GB of which is allocated to the graphics card and 4GB to the OS layer. Furthermore, it is worth mentioning that AMD Financial Analyst Conference will take place soon in China. At this event, Microsoft will demonstrate for the first time the Xbox Serie X hardware-accelerated ray tracing game based on the RDNA2 architecture. While we await the official arrival of these consoles, the price speculation is quite complex. However, it is important to note that all major gaming consoles will not arrive until the end of this year. Source
  13. Microsoft release Windows 10 Insider Preview Build 19577 to the Fast Ring Today Microsoft has released Windows 10 Insider Preview Build 19577 to Windows Insiders in the Fast ring. This build is a post 20H1 build and is from the active development branch of Windows 10 at Microsoft. While features in the Active Development Branch may be slated for a future Windows 10 release, they are no longer matched to a specific Windows 10 release. What’s new in Build 19577 DIAGNOSTIC DATA CHANGES IN SETTINGS As part of the Microsoft initiative to increase transparency and control over data, Microsoft is making some changes to the Settings app and Group Policy settings that will start showing up in Windows Insider builds this month. Basic diagnostic data is now known as Required diagnostic data and Full diagnostic data is now Optional diagnostic data. If you’re a commercial customer and choose to send Optional diagnostic data, Microsoft will also be providing more granular Group Policy settings to configure the data that’s collected within your organization. Microsoft will publish more specifics around the new policies when Microsoft gets closer to the retail release, and in the meantime, check out the Microsoft Privacy Report for more information around their data collection practices. Note: Please make sure your device is set to “Full” before updating to Build 19577. You will not be able to take future flights if your diagnostic level is left at “Enhanced”. AAD/Domain-joined PCs set to “Enhanced” will be blocked from taking Build 15977. MORE NEW ICONS: WINDOWS SECURITY Microsoft is continuing to roll out updated icons to many of the built-in apps in Windows 10. In today’s build, Microsoft has updated the Windows Security icon to match the new design principles outlined here from the Microsoft Design Team. Unlike many of the built-in apps in Windows 10, which can be updated through the Store, the new Windows Security icon is updated through the OS and will rollout in a future Windows 10 feature update.
  14. Microsoft finally shows off the new Windows 10 Start menu This is what it’ll look like (Image credit: Microsoft) There have been plenty of rumors and leaks recently about Microsoft overhauling the iconic Start menu of Windows 10, and now the company has officially shown off what it’s been working on. During the Windows Insider podcast, Microsoft announced the changes it was making to the Start menu, which has been designed to “visually differentiate the Start menu from something that’s chaotic color to something that’s more uniform.” Essentially, it seems like Microsoft has deemed the current Windows 10 Start menu to be too busy, so it’s going for a more understated look that’s more simple to use, and will make finding apps easier. One of the biggest changes to the Windows 10 Start menu will be to Live Tiles. These have been included with Windows 10 since the start, and are animated app icons that provide extra information depending on the app they represent. While useful on mobile device with limited screen space (such as smartphones, as Live Tiles originated in the doomed Windows Phone operating system), they made the Start menu of Windows 10 look cluttered and confusing. Not that many apps use Live Tiles any more, which led to rumors that Microsoft was preparing to ditch them altogether. From what Microsoft has now shown of the new Windows 10 Start menu, it seems that Live Tiles will be replaced with static icons that use Microsoft’s new Fluent Design style. However, Microsoft was keen to point out that Live Tiles are not getting killed off (yet), and that “those that enjoy their Live Tiles will continue to be able to do so.” Familiar looking While Microsoft appears to be keeping Live Tiles for now, albeit in a very pared-back form, their days may still be numbered. According to The Verge, Microsoft hasn’t made its mind up on what to do with Live Tiles just yet, and will be keeping an eye on feedback from people using Windows 10X, the dual-screen version of Windows 10, which has a Start menu that doesn’t feature Live Tiles. Other than that, it seems the upcoming Start menu will look quite similar to the existing one, but anything Microsoft does to make the Start menu less cluttered and easier to use is a good move in our view. We’re not sure when the new Start menu will appear in Windows 10, but it’s probably too late for it to be included in the upcoming Windows 10 20H1 (also known as Windows 10 2004) update. Source: Microsoft finally shows off the new Windows 10 Start menu (TechRadar)
  15. Amazon, Microsoft, and IBM are under pressure to follow Google and drop gender labels like 'man' and 'woman' from their AI Google's API no longer uses gendered labels for photos Microsoft, IBM, and Amazon are under pressure to stop using gender labels such as "man" or "woman" for their facial recognition and AI services. Google announced its AI tool would stop adding gender classification tags in mid-February, instead tagging images of people with neutral terms such as "person." Joy Buolamwini, a researcher who found AI tools misclassified people's gender, told Business Insider: "There is a choice... I would encourage all companies to reexamine the identity labels they are using as demographic markers." Microsoft, Amazon, and IBM are under pressure to stop automatically applying gendered labels such as "man" or "woman" from images of people, after Google announced in February it would stop using such tags. All four companies offer powerful artificial intelligence tools that can classify objects and people in an image. The tools can variously describe famous landmarks, facial expressions, logos and gender, and have many applications including content moderation, scientific research, and identity verification. Google said it would drop gender labels from its Cloud Vision API image classification service last week, saying that it wasn't possible to infer someone's gender by appearance and that such labels could exacerbate bias. Now the AI researchers who helped bring about the change say Amazon's Rekognition, IBM's Watson, and Microsoft's Azure facial recognition should follow suit. Joy Buolamwini, a computer scientist at MIT and expert in AI bias, told Business Insider: "Google's move sends a message that design choices can be changed. With technology it is easy to think some things cannot be changed or are inevitable. This isn't necessarily true." Microsoft's AI continues to classify people in images by binary gender Source
  16. Key Points The Windows 7 upgrade cycle is not as far along as it usually is this far along, Microsoft finance chief Amy Hood said on Monday. Around 23% of Windows desktop machines are still running Windows 7. Microsoft still sees plenty of opportunity to for customers to upgrade machines from Windows 7 to Windows 10, and not only because of coronavirus fallout. Usually, Microsoft sees a pronounced increase in revenue around the time it ends support for an older version of its Windows operating system as individuals and companies buy PCs with the latest from Microsoft. Then, over time, the impact tails off, making for tougher year-over-year upgrade comparisons. It's taking longer this time around, which could spread out the revenue generated from the upgrade process to additional quarters. Analysts watch Windows revenue closely, as it gives Microsoft 15% of its revenue and meaningful profit. Amy Hood, Microsoft's finance chief, indicated to analysts in January that China's public health situation and a chip shortage could be factors in the prolonged Windows refresh cycle. At the time, she issued a quarterly revenue guidance range for the business segment including Windows that was wider than usual to reflect impact from the coronavirus in particular. Then, last week, in the midst of a market selloff, Microsoft said it did not expect to reach that guidance range, sending Microsoft and other stocks lower. The cycle is not as far along as it usually is at this point in the timeline, Hood said on Monday during a conversation with Morgan Stanley analyst Keith Weiss at Morgan Stanley's Technology Media and Telecom conference in San Francisco. Microsoft ended support for Windows 7 in January. Here's what Hood said: I think, in general, these cycles tend to look similar. But what I would say is this one is certainly more complicated by a number of things that I'll talk about in a second. What is different about this is there still remains quite a bit of opportunity more than we saw at this point in the prior cycle. A lot of that exists where you would expect it to exist, which is small and medium business segment. Not unusual, but it means that we do have some room to continue to grow and likely means that the curve will look different than last time in terms of its shape. Now, then you add to it two complicating factors, one of which you brought up, which have been chip supply, which has impacted some of the growth rates over the past bit. And then, the second one which is the supply chain currently in China in terms of bindings and productions. And so those will — and as we've talked about, will impact the quarterly results. And so I'm not sure it'll look like the exact same curve in terms of the prior cycle, not just because we have a little bit more left to go than we have had in prior cycles, but also because it's been a bit more volatile due to those two issues as we work through them. Microsoft released Windows 7 in 2009. Other than Windows 10, it's the most popular version of Windows on desktop, with about 23% share in February, according to Statcounter. Windows 8 and Windows 8.1, which came out in 2012 and 2013, respectively, are less widely used than Windows 7. Microsoft said in 2018 that there were 1.5 billion Windows devices. "I feel great that we're executing well on end of support," Hood said on Monday, speaking of older versions of Windows PC licenses and other products. "It builds a great funnel for us as we think about transition to the cloud for customers and helping them on their hybrid journey." Source
  17. Universal Print makes it easy for IT departments to view and manage printers through the cloud. What you need to know Microsoft announced the private preview of Universal Print. Universal print moves Windows Server print functionality to the cloud. Universal Print allows IT departments to manage devices over the cloud. Microsoft announced that Universal Print is now available in private preview. Universal Print allows IT departments to view and manage printers through the cloud and eases printer management. Microsoft announced Universal Print and breaks down how it works in a recent post. Universal Print takes Windows Server print functionality and moves it to the Microsoft 365 cloud. As a result, organizations don't need on-premises print servers. Additionally, Universal Print makes it, so you don't have to install printer drivers on devices. Universal Print also adds security groups for printer access, location-based printer discovery, and a "rich administrator experience," according to Microsoft. IT departments can use Azure Active Directory to discover printers. Microsoft highlights that people "can continue to print from their Windows devices or Office as they always have, with no learning curve." To get the best Universal Print experience, Microsoft recommends printers that natively support Universal Print. At the moment, there are no printers that natively support the feature, though Microsoft states that it is "working with [its] partner ecosystem to bring you the latest printers with native support." Specifically, Microsoft mentions that it is "excited to be working with Canon Inc.." To use Universal Print right now, or on any printer that doesn't natively support it, you can use a Universal Print proxy application that connects printers to Universal Print. Additionally, organizations and schools need to have Windows 10 Enterprise or Education version 1903 and have an Azure Active Directory. To participate in the private preview, you need to follow the steps outlined at the bottom of Microsoft's announcement post. Source
  18. Microsoft is working on Server Message Block (SMB) over QUIC technology for use with "Windows, Windows Server, and Azure Files," according to a Monday announcement. SMB over QUIC can serve as a virtual private network (VPN) alternative for securing mobile device connections. It can optionally replace "TCP/IP and RDMA" (Remote Direct Memory Access) protocols, as well, explained Ned Pyle, a principal program manager in the Windows Server engineering group. QUIC is seen as being a more secure protocol than TCP. "Unlike TCP, QUIC is always encrypted and requires TLS 1.3 [Transport Layer Security 1.3] with certificate authentication of the tunnel," Pyle added. By using SMB over QUIC, Microsoft will just be replacing the transport protocol part. "All SMB authentication still happens normally within the TLS tunnel (as if it was a VPN) so SMB is not relying on cert-based identity or auth -- it will still use NTLM or Kerberos (with KDC proxy)," Pyle explained in the comments section of Microsoft's announcement. "This model is just swapping out the transport, SMB is unchanged." The idea behind SMB over QUIC is to prevent spoofing and man-in-the-middle attacks, including "NTLM [Windows NT LAN Manager] challenges," Pyle indicated. He also explained that the user experience won't change. TCP and RDMA get used, but QUIC transport also happens, and the end result is "seamless to the end user and their apps." Pyle said that "QUIC's already in use in Windows 10 through the Edge browser and other apps," but the arrival time for SMB over QUIC isn't yet known. He showed a demo of it, though, in the announcement. QUIC, which stands for "Quick UDP Internet Connections," was developed by Google, which has its own "gQUIC" version that's currently used in Google Chrome Web browsers, according to Wikipedia's description. The Internet Engineering Task Force (IETF) currently maintains a draft of QUIC, but "QUIC" is considered to be the name of the protocol and not an acronym, according to the IETF. Wikipedia further explained that the IETF is planning to name "the HTTP mapping over QUIC 'HTTP/3' in advance of making it a worldwide standard." Source
  19. Microsoft Edge developer plays down the reports of Edge doesn’t protect its users against malicious extensions. Eric Lawrence gave a screenshot proof that Microsoft Edge process (msedge.exe) queries periodically to extension stores for extension updates and threat updates by giving an interpretation to us that they can act on malicious extensions even if they don’t have safe browsing available. Recent times Google reportedly released a statement to press on why they’re showing alert to Edge users on Chrome Web store. According to reports, Google has told, Edge doesn’t support safe browsing, hence it may not able to detect and remove malicious extensions remotely. Edge Developer Ericlaw has recently reacted on twitter that “if someone on the Internet tries to convince you that @ MicrosoftEdge doesn’t protect you from malicious extensions …. send’em receipts”. He further reveals in the thread that Microsoft Edge process queries extension stores for updates every 2-4 hours and queries for updates to /extensionrevocation/v1/threatupdates for every 30 minutes. Microsoft promotes new Edge browser on Bing Till now in the new Edge browser, Google has shown Pop up ads and warning on Chrome Web Store to switch to Chrome and download its browser to use extensions securely. Following this, by promoting Edge on Bing it is sending the signal to users Microsoft Edge is powered by the same technology (Chromium) that is used by Chrome and supports Chrome extensions by the phrase “provides the best in class and web extension compatibility”. If you now visit Bing in any browser and search for Chrome and click other auto-filled suggestions that given below, you’ll get the “new Microsoft Edge is here” banner promoted by Microsoft. Interestingly, the search for Chrome Web Store also produces the same banner. While Bing tells it gives you results from sites you trust when you search for Google, it seems that it was shown before. Source
  20. Any love for Linux, Mac, iOS, Android, WebAssembly? Bueller? Bueller? Microsoft's roadmap for developing Windows applications is opposed by some programmers who want to see a cross-platform solution, rather than just being Windows-only. Spanish developer José Nieto this week raised an issue on GitHub, stating that WinUI, which Microsoft is positioning as “the native UI platform for Windows 10,” should target not only Windows, but also Linux, Mac, iOS, Android and WebAssembly – this last so it would also run in a web browser. This would go against the normal pattern, where a native UI platform is able to take advantage of all the features of the operating system, fits in seamlessly with its look and feel, and is optimized for performance. Supporting cross-platform is a burden that requires compromises. The "conceptual overview" for WinUI, which Microsoft says is the native UI framework for Windows 10 The situation with Windows is unusual though. The look and feel of the operating system is less consistent than it should be, thanks to lots of legacy along with the dual personality deliberately introduced for Windows 8. The modern app platform introduced for Windows 8 evolved into the Universal Windows Platform (UWP). Even in Windows 7 days, the UI was messy. Windows Presentation Foundation (WPF) was the new thing and renders using DirectX graphics, while the old Win32 API does not. While Microsoft calls WinUI the native UI in one document, in another it says that the Win32 API is “the original platform for native C/C++ Windows applications that require direct access to Windows and hardware,” and says it is “the platform of choice for applications that need the highest level of performance and direct access to system hardware.” The Fluent Design System which Microsoft is promoting to WinUI developers is itself cross-platform, described as “natural on every device,” with examples for Web, Windows, iOS and Android. Considering all these factors, perhaps the idea of a cross-platform WinUI is not so unreasonable. Nieto is an enthusiast for XAML, the XML-based presentation language used in different guises by various Microsoft frameworks. If Avalonia can use XAML for cross-platform GUI applications, why not Microsoft? The ensuing discussion is illuminating, in terms of why Microsoft has lost the loyalty of some of its developers. WPF was well liked for its power and flexibility, but UWP has not been a satisfactory replacement. “It’s not universal,” says Nieto, since the death of Windows mobile “truncated the One Windows vision.” Sandbox restrictions make it unsuitable for advanced applications, the role of the Microsoft Store is troublesome, and third-party controls are lacking, he said. Microsoft does in fact address many of these issues in WinUI, which can use the Win32 app model as well as UWP. It also has an advantage over WPF in that it easily supports languages other than C# and Visual Basic. WinUI itself is written in C++. WinUI is also, according to Microsoft, ideal as a “native Windows target for web and cross-platform frameworks,” an example being React Native. Canadian developer Mario Pintaric says that UWP is fine for everything other than “kernel level tooling,” arguing that “you have a much better user experience from multiple perspectives (security, ease of deployment, install/uninstall experience, etc). The security sandbox of UWP is an important (essential) feature. In many respects UWP is now well ahead of WPF.” Pintaric acknowledges though that Microsoft made errors with UWP, both in quality and in failing to meet the requirements of line-of-business (LOB) applications in areas like a Data Grid, and validation states for form applications. “Most of these have been addressed but it took too long,” he said, concluding that “I completely agree that developers have lost hope Microsoft will do the right thing.” Perhaps the most telling criticism comes from another developer who observes that UWP was really designed for mobile and touch control. “Most developers use UWP to develop Desktop apps, and the UI does not match that,” he said, giving examples for various controls like scroll bars and radio buttons. “The biggest problem is that things that should take 10 minutes, usually take two hours or more,” he said. How can Microsoft win back developer loyalty? The company has excellent developer tools in Visual Studio and Visual Studio Code, but the range of choices if you sit down to code a GUI application for Windows remains bewildering. It will take more than a few statements to convince developers that WinUI really is the future. A strong launch for Windows 10X, Microsoft's latest go at a modernised Windows, would help. In the meantime, developers fall back on another, and more welcome, feature of Windows: that applications built with old and enduring technology like Win32 and WPF still run fine. Source
  21. Redmond no longer expects to meet quarter guidance for personal computing unit In response to the effect of the coronavirus outbreak on Chinese suppliers, Microsoft has cut its sales forecast for Surface tablets and Windows OEM licences. In a statement to investors last night, the global software powerhouse said although it had accounted for the impact of the virus on its operations in January's second-quarter guidance, it now expects the supply chain to return to normal more slowly than predicted. "As a result, for the third quarter of fiscal year 2020, we do not expect to meet our More Personal Computing segment guidance as Windows OEM and Surface are more negatively impacted than previously anticipated," Redmond said. However, Windows sales are not a huge source of growth for Microsoft, neither is hardware, which is not being helped by reports that new Surface laptops can break at the hint of a sneeze. The software giant is a well-diversified biz – unlike a certain fruit-based phone flinger. On 17 February, Apple said the virus-related shutdown of Chinese factories had resulted in a shortage of iPhone components. The "temporarily constrained" supply of iPhones and a fall in Chinese shopper numbers meant it would fail to meet its quarterly revenue target, the company said. HP also warned that the outbreak would have an impact on company performance, resulting in a $0.08 hit on earnings per share, though CFO Steve Fieler added: "We do view the situation as a temporary situation." COVID-19 has taken out IT industry events across the globe, too. GSMA called off Mobile World Congress, due in February, as big names including Cisco, Nokia, Facebook and BT all cancelled their plans to attend. Analyst firm Forrester said the quarantine in China's Wuhan city and Hubei province would affect production of electronic components. "Some factories, including auto plants and tech production facilities, are starting to reopen but at reduced levels," it said. But for computer and communications equipment, demand in China would be delayed but recover quickly, Forrester said. "Sales of durable goods that might have occurred in Q1 2020 will resurface in Q2 or Q3 when quarantines are lifted, and production returns to normal. Of all the segments of the tech market, sales of computer and communications equipment are most likely to see this pattern." Fellow analyst IDC has predicted that China's device sales would fall between 30 and 40 per cent in the first quarter before recovering. But Antonio Wang, associate vice president at IDC China, said there would be "a positive side" as Chinese consumers become aware of the importance of access to internet information as a result of the outbreak. As Romania, Estonia and Norway report their first COVID-19 cases this morning, and Northern California reports an instance with no known contact with other virus carriers, The Register suspects it is too soon to be looking for upsides. Source
  22. Basic authentication will be OFF for Exchange Online email and other services from October 2020 Office 365 email will not support basic authentication after October 2020 Microsoft has doled out more details on forthcoming changes to the way mail clients authenticate to Exchange Online, the email service used by Office 365. In March 2018, Microsoft said that it would require Modern Authentication for Office 365 services including Exchange Online, and that this would be enforced from 13 October 2020. Microsoft referenced a 2017 statement that from this date, "Office 365 ProPlus or Office perpetual in mainstream support will be required to connect to Office 365 services." Modern Authentication means OAuth 2.0, where applications request access tokens from Azure Active Directory rather than using username and password to connect. This enables multi-factor authentication, conditional access policies and other security features. In September 2019, Microsoft stated that from the October date, it would be "turning off Basic Authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP and Remote PowerShell". The only service for which basic authentication will still be supported is SMTP (used for sending email) because of its use by "a huge number of devices and appliances". Now Microsoft has posted a further update. Although Exchange Online already supports modern authentication, this does not yet apply to the POP and IMAP services used by generic email clients. Microsoft said it is "rolling out Modern Auth support for POP and IMAP in Exchange Online now". It is worth noting that while in one sense Microsoft gave plenty of notice, it is not allowing much time for admins to test and deploy changes that it is only now getting around to making available. The situation with PowerShell, used for scripting Office 365 admin tasks, is even worse. "We're still working hard on the code," said Microsoft, "and will have more to say on this in the next couple of months." The issue, particularly in the case of email, is that not all email clients support modern authentication. Appliances like scanners and copiers are the worst, though mostly these send rather than receive email so can still use SMTP. "If you do have devices polling for mail, and the vendor has long gone or can't update the devices to support Modern Auth for POP and IMAP, then we're sorry… but they will hit issues," said Microsoft, adding that "these devices are often a weak link in your security chain … they have credentials stored on them, no one ever changes the password." Older versions of Outlook for Windows and Mac are affected. Outlook 2013 can use modern authentication but requires a registry change. Outlook for Mac got the feature in a 2016 update. The Android mail app is also an issue. "The elephant in the room here is that disabling Basic Authentication for Exchange ActiveSync will break almost every Android phone connecting to Office 365 that is using the native Mail app – with the exception of Samsung devices, which support modern authentication," one user commented. Microsoft said: "We're strongly recommending you switch to Outlook for iOS and Android in favour of the native apps. There are many security and business benefits over native apps when connecting to Exchange Online." Another factor is that Office 365 tenants created before August 2017 have modern authentication disabled for some services including Exchange. Admins need to enable it via a PowerShell command. In order to assist admins with a change that "can be disruptive", Microsoft has an updated Azure AD sign-in report – provided that you have a premium version of Azure AD. Even if you have an enterprise Office 365 tenancy, such as E3, you cannot get the report without spending a bit more. If you qualify, though, you can view sign-ins and filter them to show which connections, if any, are using basic authentication. Microsoft's handy sign-ins report requires premium Azure AD Microsoft is right. Basic authentication can be a security vulnerability, and having Office 365 credentials stuffed into photocopiers and the like, often behind default passwords to access the settings, is a terrible idea. In small businesses we have even seen global admin credentials there. Disabling basic authentication will improve security, for this and other scenarios. There is stuff that will break, though, and the company is late in getting all of its services ready. Source
  23. vissha

    WUMT Wrapper Script 2.3.5

    WUMT Wrapper Script is used to launch Windows Update MiniTool and disable Windows Updates until you run it again avoiding unwanted reboots. The script auto-elevates and makes sure the Windows Update service is running, then runs the correct version (x86 or x64) of Windows Update MiniTool in "auto-search for updates" mode. After you close Windows Update MiniTool, it stops and disables the Windows Update service, and it won't run again until you run WUMT Wrapper Script next time. With the Windows 10 Anniversary Edition, Microsoft has once again removed Group Policies and registry tweaks on Windows 10 Pro and Windows 10 Home to protect Windows Updates from being disabled, among other things. As you're well aware, Windows Updates are important so this script, and the Windows Update MiniTool should be used by advanced users. This is distributed as text that you place in Notepad and save as a .cmd. Then you need Windows Updates in the same folder. We have done all of this for you, so all you need to do is download WUMT Wrapper Script.zip, extract to a folder and run Windows Update MiniTool.cmd as needed. Author's Desc + Script + Install Notes v2.3.5: Changes WUMT Wrapper Script 2.3.5 portable and installer. Changelog since 2.3.4: Finally finished the to-do list on code improvements and installer. May 30, 2018 WUMT Wrapper Script 2.3.4 portable and installer. Changelog since 2.3.3: Fixed issue of Configurator not keeping correct settings if wrapper script is updated (installed on top of itself) under certain conditions. Configurator now tells you the state of the Windows Update Service before you make a change. Readme and script documentation updated. May 29, 2018 WUMT Wrapper Script 2.3.3 portable and installer. Changelog since 2.3.2: Improved installer. Now lets you install as portable installation. Also includes just the portable script folder for those who prefer that. Code cleanup. If you installed version 2.3.1, install v2.3.2 immediately or you can't update! Sorry about that! May 27, 2018 WUMT Wrapper Script 2.3.2 portable and installer. Delete your previous script folder contents and shortcuts and install using the installer or manually put the files in a folder since some file names have changed since version 2.3.0 To uninstall completely only use the uninstall shortcut in the start menu, or run Uninstaller.cmd in the script folder. Changelog since 2.3.1: Improved installer. Fixed serious bug with Windows Update not opening in Settings App. Disabling usocore.dll in 2.3.1 was the problem. v2.3.2 re-enables usocore.dll and leaves it enabled. May 26, 2018 WUMT Wrapper Script 2.3.1 portable and installer. Delete your previous script folder contents and shortcuts and install using the installer or manually put the files in a folder since some file names have changed. To uninstall completely only use the uninstall shortcut in the start menu, or run Uninstaller.cmd in the script folder. Changelog since 2.3.0: Added usocore.dll to disabled files. Now all task and related file creation from main script is done by module.vbs. Homepage Changelogs WUMT Wrapper Script @ Majorgeeks.com Download from Majorgeeks - WUMT Wrapper Script[Only latest build] + Windows Update MiniTool MajorGeeks - Mirror 1 MajorGeeks - Mirror 2
  24. Microsoft SQL Server/Express 2019 (x64) x64 | Languages:English | File Size: 2.18 GB Description: Software Microsoft SQL Server is a management system relational database (Relational Database Management System briefly RDBMS that kind of DBMS (short for Database Management System and means management system database) that is provided by Microsoft and developed. This tool, complete environment to to store, manage and retrieve data and information requested by the various software provides the model (Client / server) will follow; in this case, requests from client to server and by the review and analysis goes further, processes required, the information stored , The database is done and the results will be sent to the client. This is the basic version and as a 16-bit program in 1989 and the 2000 version was widely used by programmers. Facilities and software features of Microsoft SQL Server : -Store and manage databases and database types - Manage database with two OLTP (OnLine Transaction Processing stands and means of online transaction processing) and OLAP (OnLine Analytical Processing stands and means of online analytical processing) -Ability to work with very large databases -high security storage and retrieval -Backup easily and with low volume -Ability to speed up searches FullText -Full compatibility with cloud services -Ability to thousands of users simultaneously access databases -Full reporting capabilities and advanced System Requirements: OS:Windows 10 TH1 1507 or greater/Windows Server 2016 or greater CPU:x64 Processor: 1.4 GHz/2.0 GHz or faster Processor Type:x64 Processor: AMD Opteron, AMD Athlon 64, Intel Xeon with Intel EM64T support, Intel Pentium IV with EM64T support Memory RAM:512/1GB Space:SQL Server requires a minimum of 6 GB of available hard-disk space. Resolution:SQL Server requires Super-VGA (800x600) or higher resolution monitor. Hardware: SQL Server 2016 (13.x) RC1 and later require .NET Framework 4.6 for the Database Engine, Master Data Services, or Replication. SQL Server setup automatically installs .NET Framework. SQL Server 2019 (15.x) requires .NET Framework 4.6.2. Requires:Windows 8.1, and Windows Server 2012 R2 require KB2919355 before installing .NET Framework 4.6. Whats New Screenshots: Homepage: https://www.microsoft.com/ Download From workupload: Site: https://workupload.com Sharecode: /start/hubrf4UJ Download From Yandex.Disk: Site: https://yadi.sk Sharecode: /d/KbKyMMnNRDrinw
  25. Spammers hijack Microsoft subdomains to advertise poker casinos. Many other subdomains have been vulnerable for years. A security researcher has pointed out today that Microsoft has a problem in managing its thousands of subdomains, many of which can be hijacked and used for attacks against users, its employees, or for showing spammy content. The issue has been brought up today by Michel Gaschet, a security researcher and a developer for NIC.gp. In an interview with ZDNet, Gaschet said that during the past three years, he's been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either been ignoring reports or silently securing some subdomains, but not all. Researcher: Only 5%-10% got fixed Gaschet says he reported 21 msn.com subdomains that were vulnerable to hijacks to Microsoft in 2017 [1, 2], and then another 142 misconfigured microsoft.com subdomains in 2019 [1, 2]. Further, the researcher also privately shared with ZDNet another list of 117 microsoft.com subdomains that he also reported to Microsoft last year. Of all the reported misconfigured subdomains, Gaschet told ZDNet that Microsoft only addressed a few. The researcher puts the number at somewhere between 5% and 10% of all the subdomains he reported. Blame DNS misconfigurations Gaschet told ZDNet the OS maker usually fixes big subdomains, like cloud.microsoft.com and account.dpedge.microsoft.com, but leaves the other subdomains exposed to hijacks. The researcher said that most of the Microsoft subdomains are vulnerable to basic misconfigurations in their respective DNS entries. The researcher says this 2014 blog post from Detectify explains the problem in depth. "The root cause/mistake is a forgotten DNS entry pointing to something that doesn't exist anymore, or never existed, like a typo in the DNS entry content," Gaschet told ZDNet. Subdomain hijacks lead to spam on microsoft.com But until now, these misconfigurations have never caused Microsoft any problems or headaches, despite being an attractive attack surface. In a hypothetical scenario, an attacker could hijack one of these subdomains and host phishing pages to harvest login credentials for Microsoft employees, business partners or even its end-users. The scenario is not something that has not been seen before. Luckily, no dangerous threat groups have noticed this problem. Sadly, others have. Today, Gaschet pointed out on Twitter that at least one spam group has figured out they could hijack Microsoft's subdomains and boost their spammy content by hosting it on a reputable domain. Gaschet says he spotted ads for Indonesian poker casinos on at least four legitimate Microsoft subdomains. These include portal.ds.microsoft.com, perfect10.microsoft.com, ies.global.microsoft.com, and blog-ambassadors.microsoft.com. "The issue disclosed involving ad spam has been mitigated," a Microsoft spokesperson told us after ZDNet reached out to the company. Microsoft also recommended that users exercise caution when clicking on links or opening unknown files that may lead them to malicious sites, although it did not address how come these sites end up being hosted on its domain, or other issues Gaschet raised in a Twitter thread today. On Twitter, Gaschet guessed that one of the reasons why Microsoft is not prioritizing fixing these issues is because "subdomain takeovers" are not part of the company's bug bounty program, which means any reports are not getting prioritized, even despite the severity of the issues being reported. Gaschet, who is a developer for NIC.gp, the official registrar for the Guadeloupe .gp top-level domain, urged Microsoft to revamp how it manages its DNS records, which he said are the source of most of these misconfigurations. Source
  • Create New...