close

Business Technology

Business Technology

Unofficial Micropatch Arrives for Windows 10 Zero-Day

download (39)

How to manage Windows Security Tamper Protection feature on Windows 10

Microsoft has yet to fully fix a zero-day vulnerability in Windows 10 that gives escalated privileges to successful attackers. However, 0Patch has developed an unofficial micropatch that aims to solve the problem.

The bug is known by Microsoft and known as CVE-2021-34484. The company already issued a fix during August Patch Tuesday earlier this year. According to the company, the flaw is an arbitrary directory-deletion problem.

Microsoft deems is a low priority because a threat actor would need to have local access to exploit a system. Even so, with that access the attacker would only be able to delete folders.

However, security researcher Abdelhamid Naceri later found that the flaw could also be a gateway to privilege escalation. This would give the threat actor access to system resources, servers, and other parts of a network. Although, they would still need local access to start the chain.

Nacero also found that Microsoft’s fix didn’t really work because attackers can bypass it. In a blog post, 0Patch confirmed this is the case:

“The vulnerability lies in the User Profile Service, specifically in the code responsible for creating a temporary user profile folder in case the user’s original profile folder is damaged or locked for some reason,” says 0Patch’s Mitja Kolsek.

“Abdelhamid found that the process (executed as Local System) of copying folders and files from user’s original profile folder to the temporary one can be attacked with symbolic links to create attacker-writable folders in a system location from which a subsequently launched system process would load and execute attacker’s DLL.”

Fix

0Patch wrote its own micropatch to cover Microsoft’s tracks and close the vulnerability. The company says the patch protects all affected Windows versions: Windows 10 (versions 20H2, 2004, and 1909) and Windows Server 2019.

Microsoft has not said when it will roll out an official patch. It is likely the company still sees this as a low priority issue because of the local access. That could mean the next fix will arrive in December Patch Tuesday next month.

Tip of the day: Did you know that Task Manager lets you set CPU affinity to claw back some resources from running apps and give selected apps higher priority. Our tutorial shows how you can use this helpful feature.

Source Winbuzzer

read more
Business Technology

Windows 10 Phishing Attack Targets App Installer Process

download (38)

Security-Cyber-Lock-Pixabay

A new Windows 10 phishing scam has been described by security firm SophosLabs. In a twist, the problem was found when the threat actors’ email found its way into the Sophos inbox.

According to the company, it received strange emails in an obvious phishing attack. Unlike increasingly sophisticated phishing emails that look to copy legitimate companies, these emails were written poorly, badly formatted, and the obvious prompt to click a link.

“The messages themselves were very short, but they were crafted with an understanding of the human psychology behind the adrenaline-rush of fear, and had been personalized with both the name of the recipient and the targeted organization in both the subject line and the body. The spam trope here – a complaint, filed against you, and the insinuation that you’ve been attempting to cover it up.”

Clicking the link takes users to a website where they are asked to preview an “important” PDF. Of course, the PDF is not important and is in fact dangerous. Opening it forces the user into clicking a link with ms-appinstaller, which brings app Windows 10 AppInstaller.exe.

This in turn will start a download and run file that will install the BazarBackdoor malware, which aims to steal user credentials and data.

Avoiding Attacks

Sophos says this is a new way of attacking the Windows 10 App installer process. However, the attack itself is well known as phishing continues to be a major threat. These attacks rely on users to interact with what is sent. Microsoft has since blocked the websites.

That means the golden rules to avoid becoming a victim of phishing is to ignore emails you do not know the source of, and never click links in unknown emails. While it is relatively simple, phishing is one of the leading causes of attacks against individuals and organizations.

Tip of the day: Fast startup (a.k.a hiberboot, hybrid boot, hybrid shutdown) is a power setting that adjusts Windows’ behavior when it starts up and shuts down. Though it is unlikely fast startup will seriously harm your computer, there are a few reasons you might want to disable it following our tutorial.

Source Winbuzzer

read more
Business Technology

Microsoft Stopping Windows 10 Version 2004 Support Next Month

download (37)

Windows-10-Laptops-Microsoft

Microsoft is urging users to upgrade from Windows 10 version 2004 or risk being left behind without security patches or feature updates. The company will end support for the April 2020 Update on December 14, 2021.

That means December 2021 Patch Tuesday will be the last security patch for Windows 10 version 2004. So, after that anybody who sticks with the version will be left with a system that is open to attacks.

“On December 14, 2021, all editions of Windows 10, version 2004 and Windows Server, version 2004 will reach end of servicing. After that date, devices running these editions will no longer receive monthly security and quality updates containing protections from the latest security threats.”

Now that it is time to upgrade, Microsoft has two options: The Windows 10 May 2021 Update (version 21H1) or the upcoming Windows 10 November 2021 Update (version 21H2). Microsoft has confirmed the latter, but it still has not been rolled out in full release.

Windows 11

Of course, the other option is to upgrade form Windows 10 entirely and move to Windows 11. Microsoft newest generation of Windows has been available since last month and is rolling out right now.

However, it is worth checking your device compatibility before attempting to upgrade to Windows 11. You can use the Microsoft PC Health Check app to see if your hardware meets requirements such as CPU and TPM 2.0.

As for Windows 10, if you want to stay on the older platform that is fine. Microsoft says it will continue to support Windows 10 until 2025. Of course, you will still need to upgrade version numbers when the company sends our updates.

Tip of the day: Fast startup (a.k.a hiberboot, hybrid boot, hybrid shutdown) is a power setting that adjusts Windows’ behavior when it starts up and shuts down. Though it is unlikely fast startup will seriously harm your computer, there are a few reasons you might want to disable it following our tutorial.

Source Winbuzzer

read more
Business Technology

Microsoft Announces Strategic Global Partnership with IT Giant Kyndryl

Kyndryl-and-Microsoft-establish-global-strategic-partnership

Nadella-Build-2017-Own

Microsoft has announced a major global strategic partnership with Kyndryl, the world’s biggest IT infrastructure service provider. Under the terms of the deal, the two companies will combine their services to provide solutions for enterprise customers.

Kyndryl has recently become a public company, and this is the first partnership the company has struck since that transition. If you are unfamiliar with Kyndryl, it builds, designs, and manages mission-critical information systems for organizations around the world.

Microsoft and Kyndryl will develop innovative solutions together that will be rolled out onto Microsoft Cloud services.

Together the companies will bring to market state-of-the-art solutions built on the Microsoft Cloud that will accelerate hybrid cloud adoption, modernize applications and processes, support mission critical workloads, and further enable modern work experiences for customers.

“As an independent company, we’re investing in our partner ecosystem to support the success of our customers, and we’re focused on expanding our market opportunity across cloud, data, security, and intelligent automation,” said Martin Schroeter, Chairman and CEO of Kyndryl. “In this landmark relationship with Microsoft, Kyndryl is matching our deep expertise in mission-critical IT systems with the benefits of Microsoft Cloud to be at the heart of progress for our global customers.”

Exclusive Partnership

The companies say the partnership is long term and will allow Kyndryl to access new customers across Microsoft markets. Importantly, Microsoft is the only Premier Global Alliance Partner, giving Microsoft exclusive access to Kyndryl’s services.

“The case for digital transformation has never been more urgent, and more clear,” said Satya Nadella, Chairman and CEO, Microsoft.

“As Kyndryl’s only premiere global alliance partner, with the power of the Microsoft Cloud we will help customers across every industry manage and modernize their business for the era ahead. We are looking forward to partnering with Kyndryl to serve our shared customers, building on its expertise and understanding of mission-critical IT systems, as well as the company’s deep relationships with enterprises around the world.”

Tip of the day: Fast startup (a.k.a hiberboot, hybrid boot, hybrid shutdown) is a power setting that adjusts Windows’ behavior when it starts up and shuts down. Though it is unlikely fast startup will seriously harm your computer, there are a few reasons you might want to disable it following our tutorial.

Source Winbuzzer

read more
Business Technology

Microsoft 365 Feedback Community Now in Preview

download (33)

Microsoft-Feedback-Portal

A couple of weeks ago, we reported on Microsoft’s new Feedback community hub preview for Microsoft Teams. This week, the company is announcing the concept is expanding to cover all Microsoft 365 apps and also Microsoft Edge.

According to Microsoft, Feedback will also eventually come to Windows and other services. Back in March, the company announced it was planning to close its UserVoice forums, which was finalized in May. Microsoft used the third-party platform for all its feedback but promised a move to a first-party solution.

Since the closure of the UserVoice forums, Microsoft 365 users have been without a way to provide feedback on services. The new Feedback community is the answer, and fulfils Microsoft’s promise of an in-house feedback system.

New Portal

As with the Teams preview, the wider Microsoft 365 Feedback Community is built on Microsoft Dynamics 365 Customer Service software. Users can sort by feedback platforms across categories, including new feedback, old feedback, most votes, most/fewest comments, and sharing feedback.

“The new Feedback portal will allow users to submit their own feedback, browse other publicly submitted ideas, track official Microsoft responses, see our top voted customer ideas, upvote the feedback they agree with, and comment on feedback that matches their own. Top known feedback items remain available in the new portal”.

Microsoft 365 Feedback is available on mobile and desktop, and available across platforms. Furthermore, the hub will be integrated directly into applications.

There are currently 33 feedback forums covering M365 services such as To-Do, OneNote, Teams, SharePoint, PowerPoint, Word, and more.

Tip of the day: Did you know that Windows now has a package manager similar to Linux called “Winget”? In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.

Source Winbuzzer

read more
Business Technology

Microsoft Viva Connections Reaches General Availability

download (32)

Microsoft-Viva-Connections-Microsoft

Back in September, Microsoft Viva Connections reached public preview, bringing the component of the company’s employee experience to more users. Now Microsoft is going a step further and says Viva Connections is now expanding to general availability.

Viva Connections acts as a bridge between companies and their employees. It is a part of Microsoft Teams and allows a connection to give employees access to important content. Connections is available on the web (feed and dashboard), mobile, and on desktop:

  • “Viva Connections mobile app experience – This is the first look at the mobile experience for Viva Connections. It introduces the dashboard, feed, and resources tabs and brings these experiences together into a personalized and actionable employee home base. Once enabled, the Viva Connections app is available for your employees right from within the Teams app, both on mobile and desktop.
  • Viva Connections desktop – This updated version of the desktop experience streamlines installation and deployment for admins in the Microsoft Teams admin center. The new dashboard and feed web parts enable customers to have consistency across the mobile and desktop experiences. For organizations using the existing version of Viva Connections desktop, learn about the differences and how to upgrade to this version.
  • Dashboard web part – In the dashboard, employees can find useful resources and actionable tasks, like submitting expense reports, accessing benefits, requesting time off work, or verifying health checks to return to the office.
  • Feed web part – The feed provides a single, personalized view where employees can explore news and join conversations from across the organization, keeping people connected. It aggregates relevant news and discussions across Microsoft 365 services to keep people informed and make it easy for people to participate, add value, and share their unique perspective and expertise.”

    Microsoft Viva

    Viva Connections is just one component of the platform, which also so far includes Viva Topics, Viva Learning, and Viva Insights. Back in February, Microsoft debuted Viva Learning and at Ignite 2021 in March, Microsoft said Viva would arrive in preview soon.

    At the Ignite November event earlier this month, Microsoft revealed it is also allowing customers to get Microsoft Viva as a single suite. This will combine all the – so far individual – modules of the Viva experience into a single experience.

    The suite includes Topics, Insights, Learning, and Connections. Microsoft is also adding a new module in the future based on its recent acquisition of Ally.io.

    Tip of the day: Did you know that Windows now has a package manager similar to Linux called “Winget”? In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.

    Source Winbuzzzer

read more
Business Technology

Microsoft HoloLens 2 Devices are Bricking Following Faulty Insider Build

download (31)

Microsoft says there is a problem with HoloLens 2 headsets running the Insider preview build 20346.1466 of Windows Holographic. According to the company, this build is causing headsets to completely brick.

Users have confirmed this is happening to them. This not just a problem where the HoloLens 2 crashes, but instead actually bricks. While it is not happening to everyone installing build 20346.1466, the problem stems from a failed update process.

Microsoft has provided the following details that allow users to check if their HoloLens 2 headset is affected:

  1. “Reboot – Hold down the power until the LED’s step down.
  2. Power up.
  3. Confirm you see the Windows flag at the beginning of the boot and it goes black shortly after that.
  4. Connect your HoloLens2 to your PC with USB and run Advanced Recovery companion.
  5. Select the HoloLens.
  6. If the version says you are running the 20346.1466 build, you likely hit this issue.”

Details

If your HoloLens 2 does brick because of the update, Microsoft says the device will require a reflash. Microsoft is pushing this as the workaround to the problem for affected users. It is worth noting the company says a reflash would normally only be done under “extraordinary situations”.

Either way, there is an Advanced Recovery Companion (ARC) app that helps users who need to reflash their device.

While this is annoying, it is also part of the deal with Insider builds. The whole point of pre-release builds is that they are unstable and problems could happen. Users trade getting access to new features ahead of time with testing unstable builds and allowing Microsoft to iron out any issues.

Tip of the day: Did you know that Windows now has a package manager similar to Linux called “Winget”? In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.

Source Winbuzzer

read more
Business Technology

Microsoft To-Do Now Integrates with IFTTT

Microsoft-To-Do-Microsoft

Microsoft-To-Do-Microsoft

Microsoft To-Do went through a spell a couple of years ago when Microsoft was rolling out features on a monthly basis. That was because of a transition of abilities from Wunderlist. Since then, To-Do has fallen into a more modest update schedule. However, this week it is getting one of the biggest features in some time.

Specifically, IoT automation platform IFTTT is now supporting Microsoft To-Do. This means Microsoft’s task management app is directly integrated into IFTTT. It can also link with other services on the platform, such as Google Tasks, Slack, and more.

If you are unfamiliar with IFTTT, it is essentially an intermediary service that connects apps together. Users create applets that let them automate tasks across their favorite services.

Applets

Microsoft confirmed To-Do’s integration into IFTT on Twitter. There was also a link to Microsoft To-Do connecting applets. While this is limited at the moment, expect it to grow in the coming weeks and months.

Here are some applets that caught our attention:

  • Apple’s iOS Calendar: When an event that matches your search is added to your iOS Calendar, a new task will be added to your Microsoft To Do list.
  • Slack: Whenever a Microsoft To Do task in your specified list is completed, send a message in a Slack channel.
  • Amazon Alexa: When a new task is added to your Amazon Alexa list, this Applet will add a new item to your Microsoft To Do list.”

As always in IFTTT, users can create custom applets, so it is worth playing around to see if you can come up with some individual combos.

Tip of the day: Hard drives are getting faster and more affordable every day, but unfortunately, their moving parts will always make them loud and mean their power draw isn’t insignificant. This can be a particular issue for those with laptops, leading many to wonder how to turn off a hard disk after it reaches an idle state. In our tutorial we are showing you Windows 10: How to Turn off Hard Disk after Idle to Save Power .

Source Winbuzzer

read more
Business Technology

Microsoft Reveals Azure VMs will Now Use New AMD EPYC Processor

download (30)

Microsoft-Azure-VMs-AMD-EPYC-Milan-X-Performance-Gains-Gen-3

Microsoft and AMD are long-time partners who collaborate on various projects. The latest is a combination of AMD’s latest VM architecture with Microsoft Azure.

Specifically, AMD has unveiled its third generation EPYC processors with 3D V-Cache. The silicon is in development under the codename Milan X. Alongside the announcement, Microsoft revealed a preview for its Azure HBv3 virtual machines (VMs), which use the 3rd Gen AMD EPYC.

Microsoft says the EPYC enhancement in Azure HBv3-series VMs will offer considerable performance gains over the current generation. For example:

  • “80 percent higher performance for CFD
  • 60 percent higher performance for EDA RTL
  • 50 percent higher performance for explicit FEA
  • 19 percent higher performance for weather simulation”

“For memory bandwidth-bound workloads to run at an appropriate scale, the net effect of the larger L3 cache is an up to 1.8x increase in effective memory bandwidth. This means an HBv3 VM that today offers 350 GB/s (as measured by STREAM-TRIAD) will soon perform more like a VM with greater than 600 GB/s of memory bandwidth.”

Microsoft will now upgrade all its global HBv-3-series VMs to run on AMD’s Milan-X processors. The company points out the upgrade will be free for existing customers.

Ongoing Partnership

As mentioned, Microsoft and AMD are becoming increasingly close. The companies are reportedly working on a new ARM processor that would be proprietary for Microsoft and run on Surface and Windows 11 machines.

It is believed the configuration of the Microsoft and AMD chip will include the Cortex-X1 core, 8 compute units, 5G connectivity courtesy of a Samsung Exynos modem, and a mRDNA 2 GPU.

Tip of the day: Did you know that your data and privacy might be at risk if you run Windows without encryption? A bootable USB with a live-linux distribution is often just enough to gain access to all of your files.

If you want to change that, check out our detailed BitLock guide where we show you how to turn on encryption for your system disk or any other drive you might be using in your computer.

SourceWinbuzzer

read more
Business Technology

PowerShell 7.2 Arrives with Microsoft Update Support

PowerShell-7.2-Microsoft

PowerShell-7.2-Microsoft

Almost a year on from the release of PowerShell 7.1, Microsoft is back with its successor. The company is now rolling our PowerShell 7.2, complete with new features and improvements. One of the big announcement for the automating and scripting language platform is it now integrates with Microsoft Update.

This is important because it means PowerShell 7.2 and newer will get servicing updates automatically, including bug fixes and security patches.

“The MSI installer will automatically enable updating PowerShell 7 as well as enabling Microsoft Update,” explains Microsoft.

In its announcement blog post, Microsoft also points to various other changes coming with the latest version of PowerShell. Furthermore, users are now able to run preview and stable versions of the platform together. This means user can still embrace new features will maintaining a stable versions.

New Features

“Enhanced ANSI support

ANSI escape sequences are an industry standard way to provide text decoration support (among other capabilities in the terminal) between the console and a supported terminal. Use of these decorations is a common way for command-line tools and shells to highlight or distinguish information.

Predictive Intellisense with PSReadLine

This is a feature in PSReadLine 2.1 which ships with PowerShell 7.2. To make the interactive console more productive, particularly with repetitive tasks, we’ve added a feature to use your history to predict what you may be typing. This feature must be enabled and you can also customize the colors used for the predictive text.”

Alongside the new features, Microsoft has also squashed bugs and made general improvements to the PowerShell platform. Any features that didn’t make the cut here will be available in PowerShell 7.3. Microsoft says it will share details on the next update in early 2022.

Tip of the day: Did you know that your data and privacy might be at risk if you run Windows without encryption? A bootable USB with a live-linux distribution is often just enough to gain access to all of your files.

If you want to change that, check out our detailed BitLocker guide where we show you how to turn on encryption for your system disk or any other drive you might be using in your computer.

Source Winbuzzer

read more
1 2 3 4 5 18
Page 3 of 18