USER-MADE PATCH LETS OWNERS OF NEXT-GEN CPUS INSTALL UPDATES ON WINDOWS 7 AND AMP; 8.1
2017-04-18 17:20:00       Slashdot
An anonymous reader quotes a report from BleepingComputer: GitHub user Zeffy has created a patch that removes a limitation that Microsoft imposed on users of 7th generation processors, a limit that prevents users from receiving Windows updates if they still use Windows 7 and 8.1. This limitation was delivered through Windows Update KB4012218 (March 2017 Patch Tuesday) and has made many owners of Intel Kaby Lake and AMD Bristol Ridge CPUs very angry last week, as they weren`t able to install any Windows updates. Microsoft`s move was controversial, but the company did its due diligence, and warned customers of its intention since January 2016, giving users enough time to update to Windows 10, move to a new OS, or downgrade their CPU, if they needed to remain on Windows 7 or 8.1 for various reasons. When the April 2017 Patch Tuesday came around last week, GitHub user Zeffy finally had the chance to test four batch scripts he created in March, after the release of KB4012218. His ...

LATEST EXPLOIT DUMP BY SHADOW BROKERS CONTAINS EASY-TO-USE WINDOWS EXPLOITS, MOST ALREADY PATCHED BY MICROSOFT
2017-04-17 06:22:46       TechDirt

The Shadow Brokers -- having failed to live up to half their name -- released more NSA exploits last week when it became apparent no one was willing to purchase the exploits from them. This dump was far more interesting than previous releases, as it contained a large number of Windows exploits and -- for some -- a very handy, easy-to-use front end for malware deployment.

This dump probably ruined a few Easter weekends at Microsoft, but not nearly as many as was first presumed. While the exploits targeted older versions of Windows , they would have caused trouble for government and corporate networks still relying those versions. Those targeting unsupported versions are the most dangerous, as those holes will never be patched. They`re also the ones with the smallest user bases, so that mitigates the damage somewhat. As Marcy Wheeler points out, the NSA had plenty of time to warn Microsoft about unpatched holes prior to the Shadow Brokers` latest dump. ...

NEW PROCESSORS ARE NOW BLOCKED FROM RECEIVING UPDATES ON OLD WINDOWS
2017-04-13 17:20:00       Slashdot
halfEvilTech writes: Last year, Microsoft announced they were planning on blocking OS updates on newer Intel CPU`s, namely the 7th Generation Kaby Lake processors. Ars Technica reports: `Now, the answer appears to be `this month.` Users of new processors running old versions of Windows are reporting that their updates are being blocked. The block means that systems using these processors are no longer receiving security updates.` While Windows 7 has already ended mainstream support, the same can`t be said for Windows 8.1 which is still on mainstream support until January of next year...

WINDOWS VISTA IS NOW OFFICIALLY DEAD. AND GOOD RIDDANCE
2017-04-12 03:32:11       The Register
Support ended on Tuesday and Microsoft`s not offering even a single strand of safety net
Farewell, Windows Vista, we hardly knew ye. But as of now * you`re out of support and even-more-unloved than was previously the case.

BOOBY-TRAPPED WORD DOCUMENTS IN THE WILD EXPLOIT CRITICAL MICROSOFT 0DAY
2017-04-08 16:27:19       incidents.org

MICROSOFT FORMALLY BANS EMULATORS ON XBOX, WINDOWS 10 DOWNLOAD SHOPS
2017-04-07 16:40:00       Slashdot
Microsoft is officially banning emulators from Windows Store. The company has updated the Windows Store policy to announce the changes. The new rules bar any applications that emulate pre-existing game systems, resulting in the removal of a popular program that supported games from Nintendo and Sega and other consoles. From a report on ArsTechnica: An affected developer was notified of the change on Tuesday when its product, Universal Emulator, was delisted from the Windows Store. While no proof of a letter or notice from Microsoft was published, the developers at NESBox linked to relevant changes in the Windows Store application rules, dated March 29, which now include this line: `Apps that emulate a game system are not allowed on any device family.` This list of general Windows Store rules, written for developers, received a massive update to its `Gaming and Xbox` requirements; these used to contain only one sentence, and it referred hopeful Windows Store game developers to the ID...

MICROSOFT FINALLY REVEALS WHAT DATA WINDOWS 10 REALLY COLLECTS
2017-04-05 11:20:00       Slashdot
Starting today, Microsoft is updating its privacy statement and publishing information about the data it collects as part of Windows 10. From a report: `For the first time, we have published a complete list of the diagnostic data collected at the Basic level,` explains Windows chief Terry Myerson in a company blog post. `We are also providing a detailed summary of the data we collect from users at both Basic and Full levels of diagnostics.` Microsoft is introducing better controls around its Windows 10 data collection levels in the latest Creators Update, which will start rolling out broadly next week. The controls allow users to switch between basic and full levels of data collection. `Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure,` says Myerson. `As a result, we have reduced the number of events collected and reduced, by about half, the ...

VERIZON TO FORCE `APPFLASH` SPYWARE ON ANDROID PHONES
2017-03-29 21:25:00       Slashdot
saccade.com writes: Verizon is joining with the creators of a tool called `Evie Launcher` to make a new app search/launcher tool called AppFlash, which will be installed on all Verizon phones running Android. The app provides no functionality to users beyond what Google Search does. It does, however, give Verizon a steady stream of metrics on your app usage and searches. A quick glance at the AppFlash privacy policy confirms this is the real purpose behind it: `We collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device. [...] AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within ...

ABOUT 90% OF SMART TVS VULNERABLE TO REMOTE HACKING VIA ROGUE TV SIGNALS
2017-03-29 18:00:00       Slashdot
An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel`s method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV`s background processes, meaning users won`t notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA`s Weeping Angel toolkit, which makes his work even more impressing...

CONSUMER BROADBAND PRIVACY PROTECTIONS ARE DEAD
2017-03-28 18:25:33       TechDirt

Last week, the Senate voted 50-48 along party lines to kill consumer broadband privacy protections. That vote then continued today in the House, where GOP lawmakers finished the job, apparently happy to advertise how ISP campaign contributions consistently, directly manifest in anti-consumer policy with a 215 to 205 vote (you can find a full vote breakdown here ). The rules, which were supposed to take effect this month, were killed using the Congressional Review Act -- which not only eliminates the protections, but limits the agency`s ability to issue similar rules down the road.

The broadband industry`s effort to kill the rules is one of the uglier examples of pay-to-play government in recent memory. The protections, originally passed last October by the FCC , have been endlessly demonized by the broadband industry, despite the fact that they`re relatively straight forward. The rules would have simply required that ISPs are transparent about what they collect (...

CLASS ACTION LAWSUIT LAUNCHED OVER FORCED WINDOWS 10 UPGRADES
2017-03-26 20:19:00       Slashdot
Slashdot reader AmiMoJo quotes The Register: Three people in Illinois have filed a lawsuit against Microsoft, claiming that its Windows 10 update destroyed their data and damaged their computers. The complaint, filed in Chicago`s U.S. District Court on Thursday, charges that Microsoft Windows 10 [installer] is a defective product, and that its maker failed to provide adequate warning about the potential risks posed by Windows 10 installation -- specifically system stability and data loss... The attorneys representing the trio are seeking to have the case certified as a class action that includes every person in the U.S. who upgraded to Windows 10 from Windows 7 and suffered data loss or damage to software or hardware within 30 days of installation. They claim there are hundreds or thousands of affected individuals. Microsoft responded that they`d offered free customer service and other support options for `the upgrade experience,` adding `We believe the plaintiffs` claims are ...

MICROSOFT DELIVERS SECURE CHINA-ONLY CUT OF WINDOWS 10
2017-03-24 21:25:00       Slashdot
Earlier this week, CEO of Microsoft Greater China, Alain Crozier, told China Daily that the company is ready to roll out a version of Windows 10 with extra security features demanded by China`s government. `We have already developed the first version of the Windows 10 government secure system. It has been tested by three large enterprise customers,` Crozier said. The Register reports: China used Edward Snowden`s revelations to question whether western technology products could compromise its security. Policy responses included source code reviews for foreign vendors and requiring Chinese buyers to shop from an approved list of products. Microsoft, IBM and Intel all refused to submit source code for inspection, but Redmond and Big Blue have found other ways to get their code into China. IBM`s route is a partnership with Dalian Wanda to bring its cloud behind the Great Firewall. Microsoft last year revealed its intention to build a version of Windows 10 for Chinese government users in...

WEAPONIZED WORD DOCUMENT TARGETS MACOS, WINDOWS
2017-03-23 10:26:37       incidents.org

DOUBLEAGENT ATTACK USES BUILT-IN WINDOWS TOOL TO HIJACK APPLICATIONS
2017-03-22 17:06:20       Net-Security
Security researchers from computer and network security outfit Cybellum have revealed a new zero-day code injection and persistence technique that can be used by attackers to take over applications and entire Windows machines. They demonstrated the attack on antivirus solutions, and ultimately dubbed it DoubleAgent, as it turns the antivirus security agent into a malicious agent. The DoubleAgent attack “DoubleAgent exploits a legitimate tool of Windows called Microsoft Application Verifier which is a tool included … ...

MICROSOFT DELIVERS SECURE CHINA-ONLY CUT OF WINDOWS 10
2017-03-22 04:26:05       The Register
There`s Reds under the Windows! And that`s the way China`s government wants it
Microsoft`s supremo for China has told state-owned China Daily that Redmond`s ready roll out version of Windows 10 with extra security features demanded by China`s government.

WINDOWS 10 WILL DOWNLOAD SOME UPDATES EVEN OVER A METERED CONNECTION
2017-03-20 10:40:00       Slashdot
Reader AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for `smooth operation` to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face ...

WINDOWS 10 UAC BYPASS USES BACKUP AND RESTORE UTILITY
2017-03-17 22:05:00       Slashdot
An anonymous reader writes: `A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning,` reports BleepingComputer. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn`t known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware. Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10 (not earlier OS versions) and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk...

MICROSOFT LOCKS RYZEN, KABY LAKE USERS OUT OF UPDATES ON WINDOWS 7, 8.1
2017-03-16 19:20:00       Slashdot
Artem Tashkinov writes: In a move that will shock a lot of people, someone at Microsoft decided to deny Windows 7/8.1 updates to the users of the following CPU architectures: Intel seventh (7th)-generation processors (Kaby Lake); AMD `Bristol Ridge` (Zen/Ryzen); Qualcomm `8996.` It`s impossible to find any justification for this decision to halt support for the x86 architectures listed above because you can perfectly run MS-DOS on them. Perhaps, Microsoft has decided that the process of foisting Windows 10 isn`t running at full steam, so the company created this purely artificial limitation. I expect it to be cancelled soon after a wide backlash from corporate customers. KitGuru notes that users may encounter the following error message when they attempt to update their OS: `Your PC uses a processor that isn`t supported on this version of Windows.` The only resolution is to upgrade to Windows 10...

MICROSOFT TO END SUPPORT FOR WINDOWS VISTA IN LESS THAN A MONTH
2017-03-16 10:40:00       Slashdot
In less than a month`s time, Microsoft will put Windows Vista to rest once and for all. If you`re one of the few people still using it, you have just a few weeks to find another option before time runs out. (I mean, nobody will uninstall it from your computer, but.) From a report on PCWorld: After April 11, 2017, Microsoft will no longer support Windows Vista: no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates, Microsoft says. (Mainstream Vista support expired in 2012.) Like it did for Windows XP, Microsoft has moved on to better things after a decade of supporting Vista. As Microsoft notes, however, running an older operating system means taking risks -- and those risks will become far worse after the deadline. Vista`s Internet Explorer 9 has long since expired, and the lack of any further updates means that any existing vulnerabilities will never be patched -- ever. Even if you have Microsoft`...

WINDOWS MALWARE WAS JUST FOUND LURKING IN 132 GOOGLE PLAY APPS
2017-03-02 11:25:32       incidents.org

MICROSOFT IS MAKING IT EASY TO STOP WINDOWS 10 REBOOTING YOUR PC RANDOMLY FOR UPDATES
2017-03-01 13:05:00       Slashdot
Tom Warren, writing for The Verge: Microsoft is unveiling some changes to the way Windows Updates are applied to Windows 10 PCs with the upcoming Creators Update. The software giant has long been criticized by Windows 10 users for its aggressive approach to applying updates, and it`s introducing some new options to prevent annoying reboots. `What we heard back most explicitly was that you want more control over when Windows 10 installs updates,` admits John Cable, Microsoft`s Windows director of program management. `We also heard that unexpected reboots are disruptive if they happen at the wrong time.` To stop these random reboots, Microsoft is adding a new snooze option that appears in a new prompt to let you know there`s a Windows 10 update available. Snooze will stop an update installing for three days, and give you time to save any crucial work...

GOOGLE PUBLISHES SECOND UNPATCHED WINDOWS 10 FLAW IN A MONTH
2017-02-28 05:47:50       Silicon Security
Google Zero`s latest unpatched bug is ranked `critical` and could be used to target Windows 10 Edge and Internet Explorer 11

MICROSOFT IS TESTING A WINDOWS 10 BLOATWARE BLOCKER
2017-02-28 05:45:03       Silicon Security
Windows 10 Creators Update scheduled for April, with another coming later in the year

MICROSOFT TO INTRODUCE A NEW FEATURE IN WINDOWS 10 WHICH WILL ALLOW USERS TO BLOCK INSTALLATION OF DESKTOP APPS
2017-02-27 11:00:00       Slashdot
Microsoft is planning to introduce a new feature to Windows 10 that will allow a user to prevent installation of desktop apps. The latest Windows Insider build comes with an option that allows users to enable app installations only from the Windows Store. From a report on MSPowerUser: Once enabled, users will see a warning whenever they try to install a Win32 app -- they will get a dialog saying apps from the Windows Store helps to keep their PC `safe and reliable.` This feature is obviously disabled by default, but users can enable it really easily ...

ANOTHER WINDOWS 10 MAJOR UPDATE SLATED FOR LATE 2017
2017-02-22 05:45:30       Silicon Security
Windows 10 will get a second major update in 2017 as Microsoft also launches Skype Lite in India

EU PRIVACY WATCHDOGS SAY WINDOWS 10 SETTINGS STILL RAISE CONCERNS
2017-02-20 19:30:00       Slashdot
Julia Fioretti, reporting for Reuters: European Union data protection watchdogs said on Monday they were still concerned about the privacy settings of Microsoft`s Windows 10 operating system despite the U.S. company announcing changes to the installation process. The watchdogs, a group made up of the EU`s 28 authorities responsible for enforcing data protection law, wrote to Microsoft last year expressing concerns about the default installation settings of Windows 10 and users` apparent lack of control over the company`s processing of their data. The group -- referred to as the Article 29 Working Party -- asked for more explanation of Microsoft`s processing of personal data for various purposes, including advertising. `In light of the above, which are separate to the results of ongoing inquiries at a national level, even considering the proposed changes to Windows 10, the Working Party remains concerned about the level of protection of users` personal data,` the group said ...

GOOGLE DISCLOSES AN UNPATCHED WINDOWS BUG
2017-02-19 17:34:00       Slashdot
An anonymous reader writes: `For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google`s announcement,` reports BleepingComputer. `The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll)...` According to Google, the issue allows an attacker to read the content of the user`s memory using malicious EMF files. The bad news is that the EMF file can be hidden in other documents, such as DOCX, and can be exploited via Office, IE, or Office Online, among many. `According to a bug report filed by Google`s Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft`s security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable.` He later resubmitted the...

"WINDOWS AS A SERVICE" MEANS BIG, PAINFUL CHANGES FOR IT PROS
2017-02-18 13:27:55       incidents.org

WINDOWS DRM: NOW AN (UNWITTING) ALLY IN EFFORTS TO EXPOSE ANONYMOUS TOR USERS
2017-02-14 19:00:44       TechDirt
In case you were wondering what other misery DRM could contribute to, Hacker House security researchers have an answer for you : n n HackerHouse have been investigating social engineering attacks performed with Digital Rights Management (DRM) protected media content. Attackers have been performing these attacks in the wild to spread fake codec installers since Microsoft introduced DRM to its proprietary media formats. n n Improperly-licensed media files will produce a pop-up , asking the user if they want to visit the originating site to obtain the rights to play the file. This popup also warns users that this is great way to pick up malware if they`re not careful. In these cases, computer users will likely be deterred from following through on the risky click. n n But that only happens if it`s not licensed properly. If it is -- an expensive process that runs about $10,000 -- then no warning appears, leaving users open to attack by malicious fake codec installers. What would ...

THE CITY OF MUNICH NOW WANTS TO ABANDON LINUX AND SWITCH BACK TO WINDOWS
2017-02-11 14:34:00       Slashdot
`The prestigious FOSS project replacing the entire city`s administration IT with FOSS based systems, is about to be cancelled and decommissioned,` writes long-time Slashdot reader Qbertino. TechRepublic reports: Politicians at open-source champion Munich will next week vote on whether to abandon Linux and return to Windows by 2021. The city authority, which made headlines for ditching Windows, will discuss proposals to replace the Linux-based OS used across the council with a Windows 10-based client. If the city leaders back the proposition it would be a notable U-turn by the council, which spent years migrating about 15,000 staff from Windows to LiMux, a custom version of the Ubuntu desktop OS, and only completed the move in 2013... The use of the open-source Thunderbird email client and LibreOffice suite across the council would also be phased out, in favor of using `market standard products` that offer the `highest possible compatibility` with external and internal software... ...

LOVELY. NOW SOMEONE`S PORTED IOT-MENACING MIRAI TO WINDOWS BOXES
2017-02-10 18:26:06       The Register
Malware can spread to gizmos and gadgets after slipping into internal systems
The Mirai malware that hijacked hundreds of thousands of IoT gadgets, routers and other devices is now capable of infecting Windows systems.

MICROSOFT IS DISABLING OLDER VERSIONS OF SKYPE FOR MAC AND WINDOWS ON MARCH 1
2017-02-04 10:34:00       Slashdot
If you`re using an older, outdated version of Skype, you may want to consider updating soon. Microsoft said today that starting on March 1 people will no longer be able to sign in to version 7.16 of Skype for Window desktop and older versions, and version 7.18 of Skype for Mac and older versions thereof. VentureBeat reports: `If you`re one of those users, all you`ll need to do is download the new update,` the Skype team said in a blog post. This isn`t the first time Skype is retiring old software. But that doesn`t mean the upcoming move won`t rankle some people. Version 7.18 of Skype for Mac and version 7.16 of Skype for Windows both came out less than a year and a half ago -- in December 2015. So it`s not as if this is very old software. Still, Microsoft has been doing a lot to improve Skype in the past year. It`s been migrating the app to its Azure public cloud infrastructure, and adding chatbots. Current versions of Skype -- like version 7.44 for Mac -- come with amenities...

ZERO-DAY WINDOWS SECURITY FLAW CAN CRASH SYSTEMS, CAUSE BSODS
2017-02-03 19:45:00       Slashdot
Orome1 quotes a report from Help Net Security: A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it. It is a memory corruption bug in the handling of SMB traffic that could be easily exploited by forcing a Windows system to connect to a malicious SMB share. Tricking a user to connect to such a server should be an easy feat if clever social engineering is employed. The vulnerability was discovered by a researcher that goes by PythonResponder on Twitter, and who published proof-of-exploit code for it on GitHub on Wednesday. The researcher says that he shared knowledge of the flaw with Microsoft, and claims that `they had a patch ready 3 months ago but decided to push it back.` Supposedly, the patch will be released next Tuesday. The PoC exploit has been tested by SANS ISC CTO Johannes Ullrich, and works on a fully patched Windows 10. `To be vulnerable, a client needs to support SMBv3, ...

CNET EDITOR RAILS AGAINST NON-CONSENSUAL WINDOWS UPDATES
2017-01-29 03:34:00       Slashdot
schwit1 shares this angry commentary from a CNET senior editor: Maybe you`re delivering a presentation to a huge audience. Maybe you`re taking an online test. Maybe you just need to get some work done on a tight deadline. Windows doesn`t care. Windows will take control of your computer, force-feed it updates, and flip the reset switch automatically - and there`s not a damn thing you can do about it, once it gets started. If you haven`t saved your work, it`s gone. Your browser tabs are toast. And don`t expect to use your computer again soon; depending on the speed of your drive and the size of the update, it could be anywhere from 10 minutes to well over an hour before your PC is ready for work. As far as I`m concerned, it`s the single worst thing about Windows. It`s only gotten worse in Windows 10. And when I poked around Microsoft, the overarching message I received was that Microsoft has no interest in fixing it. The editor recalls rebooting his Windows laptop while listening to a...

WINDOWS 10 PRIVACY CHANGES APPEASE WATCHDOGS, BUT STILL NO DATA `OFF-SWITCH`
2017-01-17 13:40:00       Slashdot
Earlier this month, Microsoft announced several privacy changes in Windows 10, but it didn`t give users an option to completely opt-out of data-collection feature. The announcement came at a time to coincide with a statement by the Swiss data protection and privacy regulator, the FDPIC, which last week said it would drop its threats of a lawsuit after the company `agreed to implement` a string of recommendations it made last year. The news closed the books on an investigation that began in 2015, shortly after Windows 10 was released. Though the Swiss appear satisfied, other critics are waiting for more. The French data protection watchdog, the CNIL, was equally unimpressed by Microsoft`s actions, and it served the company with a notice in July to demand that it clean up its privacy settings. In an email, the CNIL said that the changes `seem to comply` with its complaint, but it`s `now analyzing more in [sic] details Microsoft answers in order to know whether all the ...

WINDOWS 10 PRIVACY CHANGES APPEASE WATCHDOGS, BUT STILL NO DATA "OFF-SWITCH"
2017-01-16 20:25:33       incidents.org

MICROSOFT: WINDOWS 7 DOES NOT MEET THE DEMANDS OF MODERN TECHNOLOGY; RECOMMENDS WINDOWS 10
2017-01-16 13:40:00       Slashdot
In a blog post, Microsoft says that continued usage of Windows 7 increases maintenance and operating costs for businesses. Furthermore, time is needlessly wasted on combating malware attacks that could have been avoided by upgrading to Windows 10. A report on Neowin adds: Microsoft also says that many hardware manufacturers do not provide drivers for Windows 7 any longer, and many developers and companies refrain from releasing programs on the outdated operating system. Markus Nitschke, Head of Windows at Microsoft Germany, had the following to say about Windows 7: `Today, it [Windows 7] does not meet the requirements of modern technology, nor the high security requirements of IT departments. As early as in Windows XP, we saw that companies should take early steps to avoid future risks or costs. With Windows 10, we offer our customers the highest level of security and functionality at the cutting edge...

WINDOWS 10 SECURITY: `SO GOOD, IT CAN BLOCK ZERO-DAYS WITHOUT BEING PATCHED`
2017-01-16 08:29:56       incidents.org

MICROSOFT DETAILS TWEAKS TO ITS WINDOWS 7, 8.1 PATCH ROLLUPS
2017-01-13 15:26:34       incidents.org

WINDOWS 10 WILL SOON LET YOU OPT-OUT OF AUTOMATIC DRIVER UPDATES
2017-01-09 20:05:00       Slashdot
An anonymous reader quotes a report from PCWorld: Microsoft is giving users some more control over Windows 10 updates, with a new beta build of its operating system released Monday. The build allows folks with the Windows 10 Professional, Education, and Enterprise versions to defer new updates for up to 35 days. In addition, the company will allow those users to decide whether or not they want to include driver updates when they want to update Windows. It`s a move that helps respond to one of the key criticisms of Windows 10: that Microsoft`s regime of forced, cumulative updates has caused problems for users with some configurations. This way, users can steer clear of updates they don`t want to install yet and dodge problematic driver updates. The newly-minted update changes are just one part of the improvements added to Windows 10 with the build released Monday. Microsoft is also working on making the initial Windows 10 setup more accessible using Cortana. The company`s ...

FOLDERS RETURN TO WINDOWS 10`S START THING
2016-12-30 11:00:12       The Register
If you all ask nicely, maybe they`ll restore Program Groups?
Because its not complicated enough already, Windows 10s Start menu will support folders in a forthcoming release.

MOZILLA TO KILL FIREFOX FOR WINDOWS XP, VISTA IN 2017
2016-12-29 13:26:24       incidents.org

MICROSOFT TESTS NEW `GREEN SCREEN OF DEATH` ON LATEST WINDOWS 10 BUILDS
2016-12-29 10:20:00       Slashdot
An anonymous reader writes: Windows 10 Insider builds will now feature Green Screen of Death (GSOD) instead of the classic Blue Screen of Death (BSOD) error page we have all become accustomed to. The change was teased on Twitter by Matthijs Hoekstra, Senior Program Manager for Windows Enterprise Developer Platform, and spotted by a user that goes by the nickname of Chris123NT. According to Hoekstra, only Windows 10 Insider builds will feature the green error screen, while stable Windows 10 versions will continue to use the classic blue-themed error page. Hoekstra didn`t elaborate on the reasons behind the color change, but the color-coded error screens would allow Microsoft support staff to triage bugs and prioritize customers...

MICROSOFT EXEC ADMITS THEY `WENT TOO FAR` WITH AGGRESSIVE WINDOWS 10 UPDATES
2016-12-23 10:20:00       Slashdot
It`s no secret that Microsoft has been aggressively pushing Windows 10 to users. Over the past year and a half, we have seen users complain about Windows 10 automatically getting downloaded to their computer, and in some cases, getting installed on its own as well. The automatic download irked many users who were on limited or slow data plans, or didn`t want to spend gigabytes of data on Windows 10. A company executive has admitted for the first time that they may have went overboard with Windows 10 updates. From a report on Softpedia: Chris Capossela, Chief Marketing Officer at Microsoft, said in the latest edition of the Windows Weekly that this was the moment when the company indeed went too far, pointing out that the two weeks between the moment when users started complaining about the unexpected behavior and the one when a patch was released were `very painful.` `We know we want people to be running Windows 10 from a security perspective, but finding the right balance where you`re...

DOES WINDOWS 10`S DATA COLLECTION TRADE PRIVACY FOR MICROSOFT`S SECURITY?
2016-12-04 19:09:00       Slashdot
jader3rd shares an article from PC World arguing that Windows 10`s data collection `trades your privacy for Microsoft`s security.` [Anonymized] usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft`s director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender... For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences. Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns...

MICROSOFT SHARES WINDOWS 10 TELEMETRY DATA WITH THIRD PARTIES
2016-11-25 12:40:00       Slashdot
An anonymous reader shares a report: To help with the smooth running of Windows 10, and to get an idea of how users interact with the operating system, Microsoft collects telemetry data, which includes information on the device Windows 10 is running on, a list of installed apps, crash dumps, and more. Telemetry data recorded by Windows 10 is, in a nutshell, just technical information about the device the OS is on, and how Windows and any installed software is performing, but it can occasionally include personal information. If you`re worried about that, the news that Microsoft is sharing telemetry data with third parties might concern you. Microsoft recently struck a deal with security firm FireEye to provide access to Windows 10 telemetry data, in exchange for having FireEye`s iSIGHT Threat Intelligence technology included in its Windows Defender Advanced Threat Protection service. WDATP is an enterprise security product that helps enterprises detect, investigate...

MICROSOFT REPLACES COMMAND PROMPT WITH POWERSHELL IN LATEST WINDOWS 10 BUILD
2016-11-18 09:25:00       Slashdot
Bogdan Popa, writing for Softpedia:The latest Windows 10 insider build brings a change that puts the Windows PowerShell in the spotlight, as it replaces the super-popular Command Prompt in some essential parts of the operating system. Command Prompt has been around for as long as we can remember, but starting with Windows 10 build 14971, Microsoft is trying to make PowerShell the main command shell in the operating system. As a result, PowerShell officially replaces the Command Prompt in the Win + X menu, so when you right-click the Start menu, you`ll only be allowed to launch the more powerful app. Additionally, in File Explorer`s File menu and in the context menu that appears when pressing Shift + right-click in any folder, the old Command Prompt will no longer be available. Typing cmd in the run dialog will launch PowerShell as well, so Microsoft has made a significant step towards phasing out the traditional Command Prompt...

KASPERSKY LAB FILES COMPLAINT AGAINST MICROSOFT FOR GIVING UNFAIR ADVANTAGE TO WINDOWS DEFENDER
2016-11-11 08:50:00       Slashdot
Russian antivirus vendor Kaspersky Lab has asked antitrust regulators in various countries (including the European Union and Russia) to make Microsoft stop giving an unfair advantage to Windows Defender, Eugene Kasperky wrote in a blog post. From a report on Myce: Microsoft is making it hard for independent anti-virus vendors to compete with Windows Defender, Microsoft`s own antivirus application built-in to Windows 8 and Windows 10, according to founder of Kaspersky Lab, Eugene Kaspersky. For example, when users upgraded to Windows 10, their own antivirus product was disabled and Windows Defender was enabled by default. Another showcase of Microsoft`s way of making it harder to compete is that antivirus companies only received a week to make their antivirus software compatible with Windows 10. And even when the antivirus software was compatible, Windows Defender would be enabled nevertheless.You can read Eugene`s blog post ...

HERE WE GO AGAIN: MICROSOFT`S POPPING UP ADS FROM THE WINDOWS 10 TOOLBAR
2016-11-04 12:00:00       Slashdot
Mark Hachman, reporting for PCWorld: When Microsoft`s Windows 10 deadline passed, many heaved a sigh of relief, thinking that Microsoft`s obnoxious popup reminders had finally been laid to rest. Surprise! Microsoft`s at it again, reminding users to sign up for Bing Rewards by using Edge, Windows 10`s built-in browser. My colleague Brad Chacos was hit by the ad after hours, reported it, and immediately erased Edge from his toolbar. Here`s what we know: The popup doesn`t seem to appear if you use Edge frequently (Brad does not). Personally, I`ve never experienced a similar ad, though I use Edge as well as Bing Rewards, meaning there`s no need for such an ad to appear. A notification here, a suggestion there: Microsoft`s gently slipped in promotions for Office as well as its third-party apps off and on since Windows 10 was launched, and then sneakily reset those options once the Anniversary Update launched last summer. But here`s the problem. Brad turned off his ad...

WINDOWS 7 AND 8.1 ARE GAINING MORE NEW USERS THAN WINDOWS 10
2016-11-04 06:00:00       Slashdot
New submitter TroII writes: After Microsoft ended its year-long `free` Windows 10 offer, new installations have slowed predictably. But in an unexpected turn, October saw more new installs of both Windows 7 and Windows 8.1 than of Windows 10. Compared to September`s numbers, market share increased only 0.06% for Windows 10, while new installations of Windows 7 and 8.1 were an order of magnitude higher at 0.68%. According to tracking firm NetMarketShare, Windows 7 is still by far the most popular version of the OS, installed on more than twice as many computers as Microsoft`s latest offering...

WINDOWS 10 UPDATES ARE ABOUT TO GET A LOT SMALLER TO DOWNLOAD AS MICROSOFT SWITCHES TO DIFFERENTIAL PATCHING
2016-11-03 16:40:00       Slashdot
Microsoft currently distributes major Windows 10 updates -- Anniversary Update, for instance -- as essentially full operating system installs, going as much 4GB in size. But that is changing starting today (for some users). From an article on The Verge: Microsoft has been promising smaller updates to Windows 10, through various methods, for what feels like years, but the company is now starting to test a new Unified Update Platform (UUP) that will make a big difference. `One of the biggest community and customer benefits of UUP is the reduction you`ll see in download size on PCs,` explains Bill Karagounis, a Windows program manager. `We have converged technologies in our build and publishing systems to enable differential downloads for all devices built on the Mobile and PC OS.` Differential downloads only include the changes that have been pushed out since you last updated a Windows 10 PC. This new change will debut with the Windows 10 Creators Update that`s expected to...

LATEST WINDOWS ZERO-DAY EXPLOITED BY DNC HACKERS
2016-11-02 13:52:01       Net-Security
Due to Google’s public release of information about an actively exploited Windows zero-day, Microsoft was forced to offer its own view of things and more information about the attack. The vulnerability is just one part of the attack chain leveraged by the Strontium (aka Fancy Bear, aka APT28) hacker group, which is widely believed to be behind the DNC and John Podesta email hacks, and backed by the Russian government. “This attack campaign, originally identified … More →

MICROSOFT SAYS RUSSIA-LINKED HACKERS ARE EXPLOITING NEWLY DISCOVERED FLAW IN WINDOWS OS
2016-11-01 18:00:00       Slashdot
An anonymous reader quotes a report from Reuters: Microsoft Corp said on Tuesday that a hacking group previously linked to the Russian government and U.S. political hacks is behind recent cyber attacks that exploit a newly discovered flaw in its Windows operating system. Microsoft said that a patch to defend Windows users against this sort of attack will be released on Nov. 8. The software maker said in an advisory on its website there had been a small number of attacks using `spear phishing` emails from a hacking group known Strontium, which is more widely known as `Fancy Bear` or APT 28. A U.S. intelligence expert on Russian cyber activity said that Fancy Bear primarily works for or on behalf of the GRU, Russia`s military intelligence agency, which U.S. intelligence officials have concluded were responsible for hacks of Democratic Party databases and emails. Microsoft said the attacks exploited a vulnerability in Adobe Systems Inc`s Flash software and one in the ...

GOOGLE DISCLOSES EXPLOITED WINDOWS VULNERABILITY 10 DAYS AFTER TELLING MICROSOFT
2016-10-31 14:40:00       Slashdot
An anonymous reader writes: Google today shared details about a security flaw in Windows, just 10 days after disclosing it to Microsoft on October 21. To make matters worse, Google says it is aware that this critical Windows vulnerability is being actively exploited in the wild. That means attackers have already written code for this specific security hole and are using it to break into Windows systems.In a blog post, security researchers at Google write, `The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome`s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape ...

NEW CODE INJECTION ATTACK WORKS ON ALL WINDOWS VERSIONS
2016-10-28 11:08:15       Net-Security
Researchers from security outfit enSilo have uncovered a new code injection technique that can be leveraged against all Windows versions without triggering current security solutions. They’ve dubbed the technique AtomBombing, because it exploits the operating system’s atom tables. “These tables are provided by the operating system to allow applications to store and access data. [They] can also be used to share data between applications,” enSilo’s Tal Liberman explained. “What we found is that a threat … ...

THERE`S BUGS IN THE WINDOWS 10 IMPLEMENTATION OF BASH
2016-10-16 16:34:00       Slashdot
First-time submitter Big O Notation shares `an honest review about the new Ubuntu Bash` that shipped with the Windows 10 Anniversary Update. While it`s still officially beta, most of the commands work as expected, and it includes popular programs like the Pico text editor. Here`s some of the review`s highlights: Pros: You can also manage and manipulate other files inside your entire Hard Disk, even those outside of your Linux home directory. Cons: Even if you chmod something properly, when you use ls -l the Bash would not show the correct permissions. [And] if you try to create a Folder in your Linux Home Directory by using the Windows GUI, it would be impossible to read and manage it. Don`t try this at home. Microsoft says they`ve included the Windows Subsystem for Linux primarily as `a tool for developers -- especially web developers and those who work on or with open source projects.` One Scandinavian developer has even tried running X on Bash on Ubuntu on Windows, reporting ...

MICROSOFT PATCHES 4 VULNERABILITIES EXPLOITED IN THE WILD
2016-10-12 05:26:30       incidents.org

MICROSOFT`S NEW WINDOWS PATCHING MODEL STARTS THIS MONTH
2016-10-11 17:25:49       incidents.org

WINDOWS UPDATES? JUST TRUST US, SAYS MICROSOFT EXECUTIVE
2016-10-07 13:05:11       The Register
`Rather than you approving which patches you want, we are saying let them all flow`
Interview At Microsoft`s recent Ignite event in Atlanta, The Reg sat down with Brad Anderson, Corporate Vice President of Enterprise Client and Mobility.

MICROSOFT BUNGLES THIS WEEK`S WINDOWS 10 ANNIVERSARY UPDATE
2016-10-01 12:34:00       Slashdot
An anonymous Slashdot reader quotes ZDNet: Microsoft rolled out this week the seventh Cumulative Update of fixes to Windows 10 Anniversary Update since the Anniversary version of Windows 10 began going to customers on August 2...causing installation issues for some users. I don`t know how many are affected -- it`s definitely nowhere near `all` -- but reports are coming in on Twitter and in Microsoft support forums from those who can`t install the update, resulting (at least for some) in an endless loop of repeated attempts... But a few of those affected have pointed out that when Microsoft first delivered this update to its `Release Preview` ring of Insider testers at the start of this week, some testers reported the installation failure/reboot issue. Despite those reports, Microsoft still pushed this update out to those not in the Insider program... Unsurprisingly, this issue is triggering a round of `What`s the point of Insider testing?` questions. It looks to...

MICROSOFT WARNS WINDOWS SECURITY FIX MAY BREAK NETWORK SHARES
2016-09-29 06:38:07       The Register
We`re making your NAS secure by hiding it from you
Microsoft has overnight pushed out the latest of its ongoing preview builds for Windows 10, with this one carrying a warning that it could break your network file share connections.

WINDOWS 10 NOW ON 400 MILLION ACTIVE DEVICES, SAYS MICROSOFT
2016-09-26 13:25:00       Slashdot
Microsoft announced today that Windows 10 is now running on over 400 million active devices. This is up from 300 million as of May, and 207 million as of end of the March. The company says that it deems devices that have been active in the past 28 days as `active.` Microsoft added that this 400 million active devices figure include tablets and phones as well as Xbox One consoles, HoloLens, and Surface Hubs running Windows 10. Paul Thurrott adds:Microsoft last provided a Windows 10 usage milestone on June 29, when it said that there were 350 million active Windows 10 devices. At that time, I noted that the Windows 10 adoption had accelerated from the previous milestone, hitting an average of almost 29 million new devices per month. But 50 million additional devices over three months is a much slower pace of about 17 million per month. This is the slowest rate since Windows 10 was first announced. Again, no surprise there: Windows 10 was free for its first year, and over that time...

MICROSOFT REMOVES WINDOWS JOURNAL DUE TO SECURITY FLAWS
2016-09-26 04:25:55       incidents.org

MICROSOFT ASKED TO COMPENSATE AFTER WINDOWS 10 UPDATE BRICKED PCS
2016-09-22 11:20:00       Slashdot
Microsoft has been asked to pay compensation to customers who suffered malfunctions on their PCs when upgrading to Windows 10. Several customers have complained in the past one year about issues such as their computer upgrading to Windows 10 without their consent, and high-data usage due to automatic downloads of Windows 10 installation files in the background. The consumer watchdog has told Microsoft to `honor consumers` rights` and compensate those who have faced issues because of Windows 10. From a report:`Many people are having issues with Windows 10 and we believe Microsoft should be doing more to fix the problem,` said Alex Neill, director of policy at Which? Of 2,500 people surveyed, who had upgraded to Windows 10, more than 12 percent said they ended up rolling back to their previous version of the operating system. More than half stated that this was because the upgrade had adversely affected their PC. `We rely heavily on our computers to carry out daily activities so, ...

WINDOWS 10 UPGRADE TACTICS SLAMMED BY CONSUMER WATCHDOG
2016-09-22 08:08:33       Silicon Security
Is Windows 10 a software upgrade villain? That is the suggestion from Which? as it urges Redmond to compensate users

MICROSOFT DELETES WINDOWS 10 NAGWARE FROM WINDOWS 7 AND 8
2016-09-22 01:02:52       The Register
Windows Update silently did the deed, added a few security fixes for .Net Framework too
Microsoft has quietly excised Windows 10 free upgrade offers from Windows 7 and 8, aka the GWX.exe .

WINDOWS 10 ANNIVERSARY UPDATE ROLLOUT MAY NOT BE DONE UNTIL EARLY NOVEMBER
2016-09-14 12:51:00       Slashdot
Microsoft released Windows 10 Anniversary Update last month. But the trickling of the company`s latest major update users could take as much as three months, the company has said. Many users have been complaining about not seeing an update pop-up on their system. When ZDNet`s reporter Mary Jo Foley asked Microsoft about this, the company confirmed that it hadn`t seeded the update to all Windows 10 users. From the report: Microsoft began rolling out the latest version of Windows 10, the Anniversary Update, on August 2. At that time, Microsoft officials said the rollout would be staggered, but didn`t get too explicit as to how -- or how long it might take the company to push Windows 10 Anniversary to consumers and business users who are on the so-called Current Branch of Windows 10. It`s worth repeating that those who really want the Anniversary Update immediately have options to proactively go get it. I received a Microsoft blast email just over a week ago that included a footnote ...

NEW INTEL AND AMD CHIPS WILL ONLY SUPPORT WINDOWS 10
2016-09-01 18:50:00       Slashdot
An anonymous reader writes: Buried in the announcement of the new Kaby Lake (seventh-generation) processors and a rash of incoming notebooks set to use them is the confirmation that they will have a Windows 10 future. Microsoft has been warning people for ages that Kaby Lake will not run on anything older than Windows 10, and it looks like AMD`s upcoming Zen chip will be going the same way. Microsoft said, `As new silicon generations are introduced, they will require the latest Windows platform at that time for support. This enables us to focus on deep integration between Windows and the silicon, while maintaining maximum reliability and compatibility with previous generations of platform and silicon.` `We are committed to working with Microsoft and our ecosystem partners to help ensure a smooth transition given these changes to Microsoft`s Windows support policy,` an Intel spokesperson said. `No, Intel will not be updating Win 7/8 drivers for 7th Gen Intel Core [Kaby ...

MICROSOFT FIXES WINDOWS 10 ANNIVERSARY UPDATE FREEZING ISSUES
2016-09-01 14:10:00       Slashdot
An anonymous reader writes: The Anniversary Update may have introduced a whole host of new features but it has also caused a fair number of problems for Windows 10 users. Among the most annoying issues reported since its release in late-July are freezes on systems equipped with SSDs. Microsoft has acknowledged the problem and provided a couple of workarounds that users could try, promising that a permanent fix would eventually be made available. Microsoft now says that it has addressed the freezing issues in the latest Cumulative Update that it just released. `After the launch of the Anniversary Update for Windows 10, Microsoft received a small number of reports of Windows 10 freezing when signing into Windows after installing the Anniversary Update. With the help of users and MVP`s who posted on this thread an investigation determined that a small fraction of users who had moved app information to a second logical drive could encounter this issue...

NEW RANSOMWARE POSES AS A WINDOWS UPDATE
2016-08-28 09:30:00       Slashdot
Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it`s installing the update, but what`s really happening is that the user`s documents and files are being encrypted in the background... The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions. While the ransomware is busy encrypting your files, it displays Microsoft`s...

WINDOWS 10 COMPUTERS CRASH WHEN AMAZON KINDLES ARE PLUGGED IN
2016-08-25 14:44:00       Slashdot
It appears that many users are facing an issue with their Windows 10 computers when they plug in an Amazon Kindle device. According to reports, post Windows 10 Anniversary Update installation, everytime a user connect their Amazon Paperwhite or Voyage, their desktop and laptop lock up and require rebooting. The Guardian reports:Pooka, a user of troubleshooting forum Ten Forums said: `I`ve had a Kindle paperwhite for a few years no and never had an issue with connecting it via USB. However, after the recent Windows 10 updates, my computer BSOD`s [blue screen of death] and force restarts almost as soon as I plug my Kindle in.` On Microsoft`s forums, Rick Hale said: `On Tuesday, I upgraded to the Anniversary Edition of Windows 10. Last night, for the first time since the upgrade, I mounted my Kindle by plugging it into a USB 2 port. I immediately got the blue screen with the QR code. I rebooted and tried several different times, even using a different USB cable, but that made no...

THE EFF CALLS OUT MICROSOFT`S ONGOING BULL***T ON WINDOWS 10 PRIVACY CONCERNS
2016-08-24 23:40:43       TechDirt
While Windows 10 is generally well-liked by reviewers and users, it`s relatively clear that it`s not the OS to choose if you actually want to control how much babbling your OS does over the network . While a lot of complaints about Windows 10 have been proven to be hyperbole or just plain wrong (like it delivers your BitTorrent behavior to Hollywood or it makes use of menacing keyloggers), Windows 10 is annoyingly chatty, sending numerous reports back to Microsoft even when the operating system is configured to be as quiet and private as possible. While Microsoft has been criticized for this behavior for some time now , the general response out of Redmond has been to tap dance over, under and around most of the key complaints. Enter the Electronic Freedom Foundation, which last week effectively called on Microsoft to stop bullshitting everybody in terms of what gets collected and why. The EFF does a good job reiterating how Microsoft used malware-esque tactics to get users ...

LATEST WINDOWS 10 UPDATE BREAKS POWERSHELL
2016-08-24 19:10:00       Slashdot
whoever57 writes: According to a report via InfoWorld, the latest Windows 10 update [KB 3176934] breaks Desired State Configuration (DSC) functionality in PowerShell. Some things that were broken in the prior update, such as support of many webcams and a freeze issue, don`t appear to have been fixed in this update. Windows PowerShell Blog reported last night: `Due to a missing .MOF file in the build package, the update breaks DSC. All DSC operations will result in an `Invalid Property` error. If you are using DSC from or on any Windows client, take the following steps: Uninstall the update if already installed [...]; If using WSUS, do not approve the update. Otherwise, Use Group Policy to set the `Configure Automatic Updates` to `2 -- Notify for download and notify for install` [...] A fix for this issue will be included in the next Windows update which is due out 8/30/...

MICROSOFT ANNOUNCES `CUMULATIVE` UPDATES WILL BECOME MANDATORY FOR WINDOWS 7 AND 8.1
2016-08-20 14:30:00       Slashdot
Microsoft`s now changing the way updates are delivered for Windows 7 and 8.1. Slashdot reader JustAnotherOldGuy writes: Microsoft`s Senior Product Marketing Manager Nathan Mercer just announced that, `From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update... Each month`s rollup will supersede the previous month`s rollup, so there will always be only one update required for your Windows PCs to get current.` What this means is that individual patches will no longer be available after October 2016, and Windows 7 and Windows 8 users will now only have two choices: stop updating completely and leave your computers vulnerable to security holes, or accept everything single thing Microsoft sends you whether you want it or not. Microsoft says their new approach `increases Windows operating system reliability, by eliminating update fragmentation and providing more proactive patches for known issues...

MICROSOFT HAS BROKEN MILLIONS OF WEBCAMS WITH WINDOWS 10 ANNIVERSARY UPDATE
2016-08-19 16:53:00       Slashdot
The Anniversary Update which Microsoft rolled out to Windows 10 users earlier this month has broken millions of webcams, the company said on Friday. The problem is that after installing the update, the company added, Windows no longer allows USB webcams to use MJPEG or H264 encoding processes, and only supports YUY2 encoding. Microsoft says it introduced the changes to prevent an issue that was resulting in duplication of encoding the stream (poor performance). If you`re facing the issue, there`s a workaround (via Thurrott.com): Rafael has figured out a workaround that should hopefully stop the freezing issue; if you are comfortable tweaking the registry, make this change. HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows Media Foundation\Platform, add DWORD `EnableFrameServerMode` and set to ...

WINDOWS USERS WILL NO LONGER BE ABLE TO APPLY INDIVIDUAL PATCHES
2016-08-18 15:30:06       Net-Security
Since Microsoft began pushing Windows 10 on consumers and enterprise users, it has consistently worked towards minimizing the choices they can make about the installation. One of these steps was to make sure that both individual users and enterprise customers could not pick and choose which patches to apply and which to forgo – cumulative patches became the norm. And while enterprises can test the patches before deploying them, home users don’t have that option … More →

WINDOWS 10 NEEDS PROPER PRIVACY PORTAL SAYS EFF
2016-08-18 02:52:35       The Register
Slams `questionable tactics to cause users to download software many didnt want`
The Electronic Frontier Foundation (EFF) has called on Microsoft to offer a single unified screen on which Windows 10 users can control how Windows 10 deals with their personal information and monitors their use of the OS.

WINDOWS UAC BYPASS PERMITS CODE EXECUTION
2016-08-16 17:30:00       Slashdot
msm1267 writes from a report via Threatpost: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk. The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC. An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve ...

DISABLE WPAD NOW OR HAVE YOUR ACCOUNTS COMPROMISED, RESEARCHERS WARN
2016-08-13 10:34:00       Slashdot
It`s enabled by default on Windows (and supported by other operating systems) -- but now security researchers are warning that `Man-in-the-middle attackers can abuse the WPAD protocol to hijack people`s online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections,` according to CSO. Slashdot reader itwbennett writes: Their advice: disable WPAD now. `No seriously, turn off WPAD!` one of their presentation slides said. `If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file`... A few days before their presentation, two other researchers named Itzik Kotler and Amit Klein independently showed the same HTTPS URL leak via malicious PACs in a presentation at the Black Hat security conference. A third researcher, Maxim Goncharov, held a separate Black Hat talk about WPAD security risks, entitled ...

MICROSOFT STARTS TESTING WINDOWS 10`S NEXT MAJOR UPDATE
2016-08-12 16:41:00       Slashdot
A week after releasing Windows 10 Anniversary Update, Microsoft is already ready to unveil new features for its next major update dubbed Redstone 2. The Verge reports: The new update doesn`t have any big new features for public testers yet, as Microsoft is in the early stages of making structural improvements to its OneCore shared code of Windows across PCs, tablets, phones, HoloLens, Xbox, and IoT. The first few builds available for testing `may include more bugs and other issues that could be slightly more painful for some people to live` according to Windows software engineer Dona Sarkar. Microsoft has released Windows 10 build 14901, and the company is testing out new notifications within File Explorer to provide tips on what`s new in Windows 10. You can opt out of the notifications, and they`re just a test for now...

MICROSOFT EXTENDS AGAIN SUPPORT FOR WINDOWS 7, 8.1 SKYLAKE-BASED DEVICES
2016-08-11 14:45:00       Slashdot
Microsoft says it is giving more time to users on Windows 7 and Windows 8.1 devices running sixth generation Intel Skylake chips. Earlier the company had said that it would end support for such systems on July 17, 2018 (before that the end date was July 17, 2017). Today`s announcement further pushes the deadline, giving Windows 7 users till January 14, 2020, and Windows 8.1 users till January 2023. ZDNet adds: Today`s latest change to the Skylake support cut-off dates also applies to Windows Embedded 7, 8 and 8.1 devices. As of this latest change, supported devices running Skylake -- here`s the list of PCs that qualify, along with embedded devices -- will get all applicable security updates for Windows 7 and 8.1 until the end of support dates for each product. What we don`t really know is why Microsoft made this latest change. Did Intel `fix` Skylake? Did customers, especially those wanting to downgrade to Windows 7, complain a lot? The official word is `This change is designed to help...

ANNOYING `OPEN PDF IN EDGE` DEFAULT OPTION PUTS WINDOWS 10 USERS AT RISK
2016-08-09 21:30:00       Slashdot
An anonymous reader writes from a report via Softpedia: Microsoft fixed today a serious security flaw in the Windows PDF Library, a standard library used by Windows 10 to open and render PDF files, embedded by default in Edge. Exploiting this flaw allows attackers to execute code on the user`s machine and take over the device, just by tricking a user into accessing a PDF hosted online via Edge. Since Edge is not only the default browser in Windows 10, but also the default PDF reader, this flaw puts countless of users that have not changed those settings at risk. Even worse, Microsoft has the annoying habit of resetting your personal app preferences once in a blue moon, always reverting Edge as the default browser and the default app to open PDF files...

MICROSOFT DISABLES RC4 IN INTERNET EXPLORER 11 AND EDGE
2016-08-09 19:30:00       Slashdot
An anonymous reader quotes a report from WinBeta: Microsoft released KB3151631 as part of today`s Patch Tuesday set of updates that will disable RC4 in both Internet Explorer 11 on Windows 7 and later and in the Edge browser on Windows 10. As the company describes things: `RC4 is a stream cipher that was first described in 1987, and has been widely supported across web browsers and online services. Modern attacks have demonstrated that RC4 can be broken within hours or days. The typical attacks on RC4 exploit biases in the RC4 keystream to recover repeatedly encrypted plaintexts. In February 2015, these new attacks prompted the Internet Engineering Task Force to prohibit the use of RC4 with TLS. Previously, Microsoft Edge and Internet Explorer 11 allowed RC4 during a fallback from TLS 1.2 or 1.1 to TLS 1.0. A fallback to TLS 1.0 with RC4 is most often the result of an innocent error, but this is indistinguishable from a man-in-the-middle attack. For this reason, RC4 is now entirely...

WINDOWS 10 ANNIVERSARY UPDATE IS BORKING BOXEN EVERYWHERE
2016-08-07 20:57:34       The Register
Microsoft`s response: Have you tried uninstalling it and installing it again?
Users are reporting that upgrading to the Windows 10 Anniversary Update renders their PCs unusable.

MICROSOFT TO RELEASE TWO MAJOR WINDOWS 10 UPDATES NEXT YEAR
2016-08-05 21:30:00       Slashdot
An anonymous reader quotes a report from Ars Technica: With the Windows 10 Anniversary Update, aka Windows 10 version 1607, released earlier this week, it`s time to look forward to what`s next. Windows 10 has multiple release tracks to address the needs of its various customer types. The mainstream consumer release, the one that received the Anniversary Update on Tuesday, is dubbed the Current Branch (CB). The Current Branch for Business (CBB) trails the CB by several months, giving it greater time to bed in and receive another few rounds of bug fixing. Currently the CBB is using last year`s November Update, version 1511. In about four months, Microsoft plans to bump CBB up to version 1607, putting both CB and CBB on the same major version. [The Long Term Servicing Branch, an Enterprise-only version that will receive security and critical issue support for 10 years, will also be updated.] Going forward, however, the differences between both current branch variants (CB and ...

RISK FROM LINUX KERNEL HIDDEN IN WINDOWS 10 EXPOSED AT BLACK HAT
2016-08-05 05:46:05       Silicon Security
BLACK HAT 2016: A researcher exposes design and control flaws in Windows 10 versions that have the capability to run Linux

WINDOWS 10 ANNIVERSARY UPDATE BORKS DUAL-BOOT PARTITIONS
2016-08-03 13:30:00       Slashdot
Windows 10 Anniversary Update may affect and even delete other partitions on the same disk, OMGUbuntu is reporting, citing several complaints by users. `Broken boot loaders on an update are one thing but losing data, even entire partitions?` asks the author. Microsoft-centric news blog WindowsReport is corroborating on the report, adding that in some cases, the new OS was not able to detect some partitions. It says (edited): Many users are reporting that some of their partitions disappeared after installing the Anniversary Update. Usually, it`s the smallest partition that disappears, although we couldn`t say for sure whether the partition is deleted or if Windows simply doesn`t detect it. Some users are saying that the partition is not allocated, while others can detect it once they install third-party partition management applications.We have reached out to Microsoft for clarification, and will update the post when we hear back...

REMINDER: IE, EDGE, OUTLOOK ETC STILL COUGH UP YOUR WINDOWS, VPN CREDENTIALS TO STRANGERS
2016-08-02 16:21:35       The Register
Take precautions like using a strong passphrase
Updated Microsoft software still leaks usernames and password information to strangers` servers thanks to an old design flaw in Windows that was never properly addressed.

ALL WINDOWS 10 KERNEL MODE DRIVERS MUST BE DIGITALLY SIGNED BY MICROSOFT
2016-07-31 23:35:00       Slashdot
`Last year, we announced that beginning with the release of Windows 10, all new Windows 10 kernel mode drivers must be submitted to the Windows Hardware Developer Center Dashboard portal to be digitally signed by Microsoft,` reads a MSDN blog post. `However, due to technical and ecosystem readiness issues, this was not enforced by Windows Code Integrity and remained only a policy statement. Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal.` Slashdot reader mikejuk quotes a report from i-programmer.info which argues `the control of what software users can run on their machines is becoming ever tighter,` and compares Microsoft`s proposal to an XKCD cartoon: Before you start to panic about backward compatibility with existing drivers the lockdown is only going to be enforced on ...

WINDOWS 10 PRO ANNIVERSARY UPDATE TWEAKED TO STOP YOU DISABLING APP PROMOS
2016-07-29 09:01:10       The Register
Group Policy changes require Enterprise or Education edition
Group Policy changes in Windows 10 Anniversary Update, set for release shortly, mean that users of the Pro edition can no longer disable some of the more intrusive aspects of the operating system.

MICROSOFT FACES TWO NEW LAWSUITS OVER AGGRESSIVE WINDOWS 10 UPGRADE TACTICS
2016-07-28 15:22:00       Slashdot
Microsoft is facing two more lawsuits over its Windows 10 upgrade tactics. The first lawsuit comes from U.S. District Court in Florida, where the company has been accused of violating `laws governing unsolicited electronic advertisements` The suit, PCWorld reports, says Microsoft`s tactics are against the FTC`s rules on deceptive and unfair practices. The second lawsuit was filed last month in Haifa, Israel alleging that Microsoft installed Windows 10 on users` computer without their consent. It`s similar to another recent lawsuit that was filed against Microsoft in which the Redmond company had to pay a sum of $10,000. The company, however, believes that these new lawsuits won`t succeed. In a statement to The Seattle Times, the company said:We believe the plaintiffs` claims are without merit and we are confident we`ll be successful in ...

MICROSOFT TO DISABLE POLICIES IN WINDOWS 10 PRO WITH ANNIVERSARY UPDATE
2016-07-28 14:01:00       Slashdot
Reader BobSwi writes: More changes in the Windows Anniversary update, due August 2nd, are being discovered. After yesterday`s news about Cortana not able to be turned off in the Windows Anniversary update, certain registry entries and group policies have been found to be updated with a note stating that they only apply to Enterprise and Education editions. Win 10 Pro users will no longer be able to turn off policies such as the Microsoft Consumer Experience, Show Windows Tips, Do not display the lock screen, and Disable all apps from the Windows Store...

YOU CAN`T TURN OFF CORTANA IN THE WINDOWS 10 ANNIVERSARY UPDATE
2016-07-27 14:00:00       Slashdot
Microsoft will release Windows 10 Anniversary Update next week. Earlier this week we listed some of its best features. PCWorld is now reporting about a major change that may annoy some users: once you`ve installed the update, Cortana can no longer be disabled. From the article: Cortana, the personal digital assistant that replaced Windows 10`s search function and taps into Bing`s servers to answer your queries with contextual awareness, no longer has an off switch. The impact on you at home: Similar to how Microsoft blocked Google compatibility with Cortana, the company is now cutting off the plain vanilla search option. That actually makes a certain of amount of sense. Unless you turned off all the various cloud-connected bits of Windows 10, there`s not a ton of difference between Cortana and the operating system`s basic ...

STEAM ON WINDOWS 10 WILL GET `PROGRESSIVELY WORSE`: GEARS OF WAR DEVELOPER
2016-07-26 11:20:00       Slashdot
Microsoft`s Universal Windows Platform, or UWP, approach isn`t sitting well with many game developers. Four months after criticising UWP ecosystem for being a walled-garden, curtailing `users` freedom to install full-featured PC software, and subverting the rights of developers and publishers to maintain a direct relationship with their customers,` Tim Sweeney, co-founder of Epic Games, the studio behind the Gears of War and Unreal franchises has once again lashed out at the Redmond-based company. He alleges that Microsoft plans to make Steam -- the world`s largest PC gaming platform, `progressively worse and more broken.` in a move to bolster people`s reliance on the Windows Store. From a Gadgets 360 report: `Slowly, over the next five years, they will force-patch Windows 10 to make Steam progressively worse and more broken. They`ll never completely break it, but will continue to break it until, in five years, people are so fed up that Steam is buggy that the Windows Store seem ...

MICROSOFT RESPONDS TO ALLEGATIONS THAT WINDOWS 10 COLLECTS `EXCESSIVE PERSONAL DATA`
2016-07-21 12:03:00       Slashdot
BetaNews`s Mark Wilson writes: Yesterday France`s National Data Protection Commission (CNIL) slapped a formal order on Microsoft to comply with data protection laws after it found Windows 10 was collecting `excessive data` about users. The company has been given three months to meet the demands or it will face fines. Microsoft has now responded, saying it is happy to work with the CNIL to work towards an acceptable solution. Interestingly, while not denying the allegations set against it, the company does nothing to defend the amount of data collected by Windows 10, and also fails to address the privacy concerns it raises. Microsoft does address concerns about the transfer of data between Europe and the US, saying that while the Safe Harbor agreement is no longer valid, the company still complied with it up until the adoption of Privacy Shield. It`s interesting to see that Microsoft, in response to a series of complaints very clearly leveled at Windows 10, manages to mention the...

FRANCE: WINDOWS 10 COLLECTS `EXCESSIVE PERSONAL DATA`, ISSUES MICROSOFT WITH FORMAL WARNING
2016-07-20 15:25:00       Slashdot
France`s National Data Protection Commission (CNIL) has ordered Microsoft to `stop collecting excessive data and tracking browsing by users without consent,` adding that Microsoft must comply with the French Data Protection Act within next three months. BetaNews reports: In addition to this, the chair of CNIL has notified Microsoft that it needs to take `satisfactory measures to ensure the security and confidentiality of user data.` The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft`s part. Microsoft is accused of not only gathering excessive data about users, but also irrelevant data. The CNIL points to Windows 10`s telemetry service which gathers information about the apps users have installed and how long each is used for. The complaint is that `these data are not necessary for the operation of the service...

MICROSOFT `PATCH` BLOCKS LINUX INSTALLS ON LOCKED-DOWN WINDOWS RT COMPUTERS
2016-07-16 23:35:00       Slashdot
An anonymous Slashdot reader quotes a report from fossBytes: Microsoft has released a security update that has patched a backdoor in Windows RT operating system [that] allowed users to install non-Redmond approved operating systems like Linux and Android on Windows RT tablets. This vulnerability in ARM-powered, locked-down Windows devices was left by Redmond programmers during the development process. Exploiting this flaw, one was able to boot operating systems of his/her choice, including Android or GNU/Linux. The Register points out that since Windows RT is `a dead-end operating system` which Microsoft has announced they`ll stop developing, `mainstream support for Surface RT tablets runs out in 2017 and Windows RT 8.1 in 2018. This is why a means to bypass its boot mechanisms...

MICROSOFT STORE OFFERS FREE LAPTOP IF THEY CAN`T UPGRADE YOUR PC TO WINDOWS 10
2016-07-16 11:35:00       Slashdot
Microsoft is now promising that their Microsoft Store employees `will give you a free Dell laptop if the staff can`t do a same-day upgrade on your eligible PC by close of business,` reports new Slashdot submitter Pritam Dash. To be eligible for the Dell Inspiron 15, the PC must meet Microsoft`s upgrade requirements -- and be checked in by noon -- and in a further effort to boost adoption for their of the Windows 10 operating system, Microsoft is also announcing that `If your PC isn`t compatible with Windows 10, we`ll recycle it and give you $150 toward the purchase of a new PC.` (This second offer is limited to PCs already running Windows 8). Both offers are valid until July 29th, `while supplies last.` Meanwhile, the U.S. army is `half a year behind the January 2017 deadline to adopt Windows 10 set by Defense Department Chief Information Officer Terry Halvorsen,` and has hired Microsoft engineers to assess their 1.1 million devices and legacy systems...

WINDOWS 10 A FAILURE BY MICROSOFT`S OWN METRIC IT WON`T HIT ONE BILLION DEVICES BY MID-2018
2016-07-15 17:10:44       The Register
All that nagware hasn`t worked
When Windows 10 launched, Microsoft claimed it would have the new operating system on a billion devices by mid-2018. That isn`t going to happen, however, Redmond has now admitted.

20-YEAR-OLD WINDOWS BUG LETS PRINTERS INSTALL MALWAREPATCH NOW
2016-07-13 15:26:13       incidents.org