Azure App Service

Microsoft Azure App Service

Azure App Service

Microsoft Rolls out a Patch for Leaked SMBv3 Vulnerability


Microsoft is rolling out a patch for the SMBv3 vulnerability it let slip earlier this week. The ‘wormable’ bug was inadvertently revealed in the lead up to March’s Patch Tuesday, despite no mitigation rolling out with the updates.

Summaries of the bug were posted by Cisco Talos and Fortinet, who were given early access to the information and published it after a miscommunication. Attackers can exploit the bug by sending a specially crafted packet to a target SMBv3 server, allowing them to take complete control of vulnerable systems.

According to Microsoft, the issue exists int he way SMBv3 handles certain requests and is classed as a buffer overflow. To make use of the bug, an attacker would have to configure a malicious SMB server in a certain way and convince them to connect to it.
The vulnerability has raised particular concern due to the use of SMB by ransomwares WannaCry and NotPetya. Several security researchers said it took them no more then five minutes to find the bug’s location in SMB code after the advisories were published. Some have also developed proof of concepts, suggesting it won’t be too long until we see this in use in the wild.
Thankfully, researchers think this won’t have as big of an impact as the aforementioned ransomware. In the case of WannaCry, the exploit fell in SMBv1, which sees much wider usage. Rendition Security’s Jake Williams also said there may be some kernel mitigation.
“Core SMB sits in kernel space and KASLR is great at mitigating exploitation,” he tweeted. “Assuming this is kernel space, any unsuccessful exploitation results in [the blue screen of death] BSOD. Even with trigger code, you still have to remotely bypass KASLR (not an easy task). If you need proof, look at BUCKEYE. They had the EternalBlue trigger, but had to chain it with another information disclosure vulnerability to gain code execution. This isn’t easy.”

Source Winbuzzer

read more
Azure App Service

Microsoft PowerShell 7 Becomes Generally Available


Microsoft yesterday announced the release of PowerShell 7, which is available in full general release. The latest version of Microsoft’s cross-platform automation solution comes with some interesting new features, such as pipeline parallelization.

PowerShell 7 has been in preview for over a year. It expands the capabilities of the tool that gives users a command-line shell and solution for managing scripts and modules.

“Today, we’re happy to announce the Generally Available (GA) release of PowerShell 7.0,” Microsoft’s Joey Aiello writes in the announcement. “We’d like to thank our many, many open-source contributors for making this release possible by submitting code, tests, documentation, and issue feedback. PowerShell 7 would not have been possible without your help.”
PowerShell 7 is once again built on .NET Core. As we have previously reported, the service is also available on Mac and Linux.
“We believe that this could be occurring because existing Windows PowerShell users have existing automation that is incompatible with PowerShell Core because of unsupported modules, assemblies, and APIs,” explains Steve Lee, principal software engineer for PowerShell said at the time.
Among the new features bundled into the PowerShell 7 package. Microsoft has added an easier way to see errors and new operators to the shell. Furthermore, a new compatibility layer for importing modules is also available, although only in Windows.
Other new features include automatic notifications for new versions, alongside APIs and bug fixes.
You can get PowerShell 7 across a range of platforms. On the Windows side, the tool is available on Windows 7, 8.1, and 10, Windows Server 2008 R2 or newer. Other supported platforms include macOS 10.13 or newer, and several Linux variants, including Alpine Linux 3.8+, Debian 9+, Fedora 29+, openSUSE 15+, Red Hat Enterprise Linux/Cent OS 7+, and Ubuntu 16.04+.

Source Winbuzzer

read more
Azure App Service

Leaked Surface Duo Video Shows New “Peek” Feature


We have known about the Surface Duo since it was announced by Microsoft in October. However, the company made it clear the Android smartphone was a prototype and would not launch until holiday season 2020. As such, information about how the Duo will perform and what features it has is scarce.

While some Microsoft patents shed a little light on the Surface Duo, we really know little about it. Today, a video leaked online shows a new feature that Microsoft is introducing on the Duo. Reported by WalkingCat, the feature called “Peek” allows users to see notifications without unfolding the Duo.

As you probably know, the Surface Duo is a twin-screen smartphone. Both screens are located on the inside of a book-like shell form factor. Both 5.6-inch displays are separated by a middle (albeit small) bezel. However, they can be extended into an 8.3-inch tablet screen. With a 360-degree hinge, the Surface Duo will be hugely functional in numerous modes.
That said, it won’t be very functional when it is closed. In fact, it will be a hard shell on both sides with no access to the screens. This is where the Peek feature will be important as it will allow users to interact with the handset without opening it.

Interacting with A Closed Phone

How to allow users to interact with a closed shell device is something other smartphone manufacturers have dealt with. Samsung and Motorola with their folding screen devices have placed a secondary small notification on the outside.

Microsoft is seemingly not taking this approach. Instead, Peek will allow the users to only open the Surface Duo marginally to see the notification.

I am not sure how productive this feature is. On paper, it seems pointless as if you open the Duo a little, you may as well open it the whole way.

Microsoft’s video shows that the UI will be slick but does little to convince me a screen on the outside would not be a better option.

Source Winbuzzer

read more
Azure App Service

Nvidia’s GeForce Now Takes on xCloud with Free Game Streaming Tier, $5 a Month Premium Deal


After years in closed beta, GeForce Now is finally available to the masses. After years of free testing, Nvidia’s full launch is even more generous than anyone expected. You can utilize the app free of charge today, so long as you’re okay with starting a new session every hour. Alternatively, priority access to GeForce servers, 6-hour sessions, and RTX capabilities costs just $5 a month. This includes a 90-day free trial.

I’ve been using GeForce Now personally for around 8 months now. Though I own a gaming PC, it’s proved invaluable while traveling or at LAN parties. An Android client also means you can start it up on your phone, much like xCloud.

It’s going to be extremely interesting to see how Microsoft’s xCloud and Google Stadia respond to this. Stadia currently costs £119 just to get on board with its premier edition, and you have to purchase titles again from its very limited library. In comparison, GeForce Now lets you play most titles you already own on Steam, UPlay, and the Epic Store. With this, Stadia is essentially dead in the water if it doesn’t make any changes.
However, it’s worth noting that xCloud has a slightly different value proposition. Unlike its competitors, it really is more of a ‘Netflix for Games’. Microsoft’s subscription will bundle its first-party titles, those on Game Pass, and other Xbox titles at no extra cost. If it can keep the price down to $10, that could easily be worth it.
If you want raytracing, though, Nvidia is your only option right now. Microsoft doesn’t currently have RTX-powered consoles and its current beta is based on the Xbox One S. Still, it’s worth noting that Nvidia is assumedly planning to up its pricing at the end of 2020. What exactly that will be is unclear at this point, but it calls the current $4.99 “discounted”.

Source Winbuzzer

read more
Azure App Service

Microsoft News On iOS Receives US Election 2020 Update


Microsoft has sent out an update for its Microsoft News application on Apple’s iOS platform. With Version 3.2.33, the company has focused on the US Election 2020. Microsoft News readers will receive special coverage, including in-depth access to the primaries and caucuses.

Microsoft News will deliver this information through special feeds and direct notifications on iOS. This will start with the ongoing Democratic primaries, including the ongoing debate season. As we move further into the year, the app will deliver content on the Presidential Election.

Of course, with political news, the danger of fake news is real. Microsoft says its News service combats fake news better than rivals. In December, Darren Laybourn, Corporate Vice President of Microsoft News described how the company prevents fake news on its service.
According to the executive, Microsoft uses a team of 800 employees located around the world to curate content. Laybourn says the company uses machine learning and AI solutions to help with finding fake news.
Avoiding Fake News
Because of this system, he says Microsoft News has not faced an issue with fake news. Part of that system revolves around the closed nature of the service. Microsoft can avoid fake news publishers by simply not selecting them.
Microsoft launched News last year as a replacement for MSN News. By leveraging its AI and machine learning, News gives users more personalization tools. The app can deliver news based on location, preferences, and interests. The app will take this information from other Microsoft services.
You can download Version 3.2.33 of the News app here from App Store.

Source Winbuzzer

read more
Azure App Service

Chrome and Firefox Clamp Down on Web Extensions


The two largest web browsers have taken a tough stance against nefarious browser extensions. Google Chrome and Mozilla Firefox are actively clamping down on extensions that conduct bad actions, such as stealing user data.

Many people leverage browser extensions to enhance the functionality of Chrome and Firefox. Most extensions are useful or entertaining, such as weather widgets, language translation, email notifiers, and tab tools. Of course, ad blockers are also available and are among the most popular extensions.

However, some people use extensions as a way to attack users and systems. Bad actors can develop extensions that are intentionally filled with malware, or they can attack legitimate extensions and make them dangerous.
On Chrome, Google has decided to disable all extensions that have a payment system. All extensions that require payment or provide in-browser transactions have been closed. Of course, many of these add-ons are legitimate. Google says the measure is temporary but did not say when the restriction will be lifted.
“Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users,” the said in a notice, issued Friday. “Due to the scale of this abuse, we have temporarily disabled publishing paid items. This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse.”
Google added, “We are working to resolve this as quickly as possible, but we do not have a resolution timeline at the moment. Apologies for the inconvenience.”

Mozilla Firefox
As for Firefox, Mozilla says it is being more selective in its approach and dealing with extensions on a case-by-case basis. So far, the company has disabled 187 add-ons for what is deems bad conduct. Among those extensions were tools that were secretly running remote code-execution attacks.
2Ring seems to be the biggest offender, with the developer having 129 extensions shuttered. This company provides business-to-business tools for contact centers. It is worth noting the developer is a preferred partner of telecommunications giant Cisco.
Of course, the removal does not mean 2Ring was intentionally running malicious services. Instead, Mozilla’s terns point out that any extension that fetches code from another source (legitimately or not) is in violation of its security policy.

Source Winbuzzer

read more
Azure App Service

Google Cuts App Maker, Its PowerApps Rival


Google has announced the end of its App Maker platform. According to the company, the low-code development platform suite will close its doors on January 19, 2021. With the shuttering, Microsoft’s similar PowerApps platform has a free swing at the sector.

Launched in 2016, Google App Maker provided IT developers with a platform for building apps within the G Suite low-code service.

Google says it has decided to discontinue the platform last year, while I would argue it was dead on arrival. The company says App Maker apps will continue to work for the next year but development of the platform has already ceased.
On Jan. 19, 2021 all apps on the service will stop working, while from April 15, 2020 users will not be able to create new apps. In other words, using App Maker is now mostly pointless.
Google is not offering any solution for migrating apps, so any developments you have on App Maker will soon be lost. That said, the company says developers wishing to continue creating on a no-code environment should use AppSheet.
Of course, Microsoft has a ready-made alternative in PowerApps. With Google removing itself, Microsoft’s platform is now arguably the richest low-code development platform available.
PowerApps allows developers and businesses create applications without needing to use coding, and it is now available in public preview.
There are now over 100 integrations within PowerApps, with this update bringing tighter integration with Azure Functions.
The service is a part of Microsoft’s Power Platform alongside Flow and Power BI.

Source Winbuzzer

read more
Azure App Service

Microsoft’s Applied Cloud Stories Asks Customers to Share Their Technical Azure Experiences


Microsoft has launched Applied Cloud Stories, an effort to get Azure customers to share technical stories about a scenario or workload on the cloud platform. The aim is to provide content to inspire other engineers, generate ideas, and share how to solve specific problems.

Of course, it also works as good marketing. Participants can submit an article or video across six categories, which will be reviewed by a committee of Azure engineers. They’ll vote on a limited number of stories to feature and highlight one winning story per category.

Featured stories will, of course, be published across the company’s platforms, from Medium to its Azure Dev and Open-Source Microsoft blog. A link back to the original content will be provided, while winners will get to chat with the Azure engineering team and get the Recognized Community Contributor title. They’ll also receive a non-monetary prize, such as custom art by committee member Ashley McNamara.
“We are grateful for every single story we will receive, as each story will contribute to the efforts of raising awareness of practical, in-depth, and innovative approaches to relevant, emerging, uncovered, advanced use cases and scenarios in the industry,” said Microsoft.
Stories must be no more than 1800 words or 5-7 minutes. They have to be new material published between January 20 and March 15, with in-depth technical information, useful code, and relevant, advanced, or innovative use cases/scenarios or apps on Azure.

Source – Winbuzzer

read more
Azure App Service

Microsoft Azure Will Continue to Dominate AWS in Public Cloud Services Suggests Survey


A new survey from financial giant Goldman Sachs shows IT executives are increasingly preferring Microsoft Azure over cloud rivals. As organizations shift to Azure, the platform could take market share from cloud leader Amazon Web Services (AWS).

Amazon’s AWS leads the cloud market with 47.8%, according to Gartner data for 2019. Microsoft Azure is next with 15.5%, while Google Cloud took just 4%.

However, Azure is the preferred choice for public cloud solutions and dominates that sector. The survey from Goldman Sachs shows Microsoft’s position will likely be enhanced over the next three years.

In a survey of over 100 IT execs from Global 2000 companies, the company found 97 are already using Azure in their organization. 58 said they were using AWS. However, Azure growth seems guaranteed over the coming years as 66 said their companies will embrace the platform during that time.
“Respondents expect today’s top vendors to continue to dominate the rankings in three years. Microsoft remains the clear leader, with 22% of the votes today and in three years respectively,” the analysts wrote.
Continued Growth
There are some things worth noting. Firstly, this is a relatively small survey, but it does include execs from major companies. Secondly, the survey specifically focused on cloud infrastructure and platform as a service (PaaS).
Microsoft has led both these sectors for a few years, with much of Amazon’s success coming from database solutions.

Source – Winbuzzer

read more
Azure App ServiceAzure NetworkAzure SQLMicrosoft Teams

Ericsson Teams with Microsoft Azure to Power ‘next-Generation’ Connected Cars


Ericsson plans to build its Connected Vehicle Cloud on Microsoft’s Connected Vehicle Platform. Though similar in name, the two are distinctly different, Microsoft offering backbone elements like infrastructure, AI, navigation tech, and IoT Edge, while Ericsson provides a branded service.

The Swedish 5G and IoT provider says its Connected Vehicle Cloud connects more than 4 million vehicles across 180 countries worldwide. That’s 10% of the connected vehicle market, now linked with the Azure cloud.

“Together with Ericsson, we intend to simplify the development of connected vehicle services to help car makers focus on their customers’ needs and accelerate the delivery of unique, tailor-made driving experiences,” said Peggy Johnson, executive vice president, business development, Microsoft.

Shared Partners

Integrating the two services will let Ericsson enable global offerings like fleet management and over the air software updates in a cheaper and faster way. This is on top of its current implementation, which Ericsson says offloads the complexity for vehicle manufacturers by providing 24/7 operations and lifecycle management for connected vehicles.

Volvo already has a deal with both Microsoft and Ericsson. It made the deal with Microsoft back in 2017 and signed a 5-year contract with Ericsson more recently. As ZDNet’s Mary Jo Foley points out, Volkswagen acquired Volvo’s connected car unit in late 2018 and has its own strategic partnership with Microsoft. As such, integration of the two connected vehicle solutions will provide significant value for their customers.

“Our integrated solutions will help automotive manufacturers accelerate their global connected vehicle solutions and offer a better experience for drivers and passengers,” said Ericsson’s Åsa Tamsons, Senior Vice President and Head of Business Area Technologies & New Businesses. “This is an exciting new offering with great benefits for the automotive industry, leveraging Ericsson and Microsoft’s technology leadership in connectivity and cloud.”

source – Windbuzzer

read more
1 2
Page 1 of 2