Billing fraud apps can disable Android Wi-Fi and intercept text messages

Billing fraud apps can disable Android Wi-Fi and intercept text messages

Enlarge (credit: Aurich Lawson)

Android malware developers are stepping up their billing fraud game with apps that disable Wi-Fi connections, surreptitiously subscribe users to pricey wireless services, and intercept text messages, all in a bid to collect hefty fees from unsuspecting users, Microsoft said on Friday.

This threat class has been a fact of life on the Android platform for years, as exemplified by a family of malware known as Joker, which has infected millions of phones since 2016. Despite awareness of the problem, little attention has been paid to the techniques that such “toll fraud” malware uses. Enter Microsoft, which has published a technical deep dive on the issue.

The billing mechanism abused in this type of fraud is WAP, short for wireless application protocol, which provides a means of accessing information over a mobile network. Mobile phone users can subscribe to such services by visiting a service provider’s web page while their devices are connected to cellular service, then clicking a button. In some cases, the carrier will respond by texting a one-time password (OTP) to the phone and requiring the user to send it back in order to verify the subscription request. The process looks like this:

Read 5 remaining paragraphs | Comments

#android, #biz-it, #joker, #malware, #microsoft

Microsoft Exchange servers worldwide hit by stealthy new backdoor

Microsoft Exchange servers worldwide hit by stealthy new backdoor

Enlarge (credit: Getty Images)

Researchers have identified stealthy new malware that threat actors have been using for the past 15 months to backdoor Microsoft Exchange servers after they have been hacked.

Dubbed SessionManager, the malicious software poses as a legitimate module for Internet Information Services (IIS), the web server installed by default on Exchange servers. Organizations often deploy IIS modules to streamline specific processes on their web infrastructure. Researchers from security firm Kaspersky have identified 34 servers belonging to 24 organizations that have been infected with SessionManager since March 2021. As of earlier this month, Kaspersky said, 20 organizations remained infected.

Stealth, persistence, power

Malicious IIS modules offer an ideal means to deploy powerful, persistent, and stealthy backdoors. Once installed, they will respond to specifically crafted HTTP requests sent by the operator instructing the server to collect emails, add further malicious access, or use the compromised servers for clandestine purposes. To the untrained eye, the HTTP requests look unremarkable, even though they give the operator complete control over the machine.

Read 5 remaining paragraphs | Comments

#biz-it, #exchange-server, #iis, #malware, #microsoft, #uncategorized

Blizzard will purchase 100-person Spellbreak studio to help make WoW content

<em>Spellbreak</em> battles are full of splashy elemental explosions and floaty acrobatic dodges.

Enlarge / Spellbreak battles are full of splashy elemental explosions and floaty acrobatic dodges.

Blizzard Entertainment has acquired Boston-based Proletariat, the studio behind the magic-heavy Battle Royale game Spellbreak. Spellbreak will shut down by early 2023 as the workers at the 100-person studio transition to work on World of Warcraft and its upcoming “Dragonflight” expansion.

VentureBeat reports that Proletariat and Blizzard have been in acquisition talks since last December and that the companies have been working together since last month. That’s well before yesterday’s public announcement that the studio would be ending development on Spellbreak after more than four years:

Our vision was to create a fresh, multiplayer action-spellcasting game with exceptional movement and class customization that would give players the chance to unleash their inner battlemage. We are grateful to everyone in the game’s community for exploring the magical worlds and experiences we created together. Spellbreak was an ambitious project that saw our team push new boundaries in design and development and we are excited to continue to innovate as we create new titles in the future.

After an impressive beta in early 2020, Proletariat bragged that it had over 5 million Spellbreak players in the weeks after the game’s late 2020 launch. That player base seems to have declined substantially over time, though; data from SteamDB shows Spellbreak‘s concurrent player numbers on Steam sitting at well under a thousand and consistently declining over the last 12 months (though those numbers don’t reflect players on consoles or the Epic Games Store, where the game had PC exclusivity for a year).

Read 5 remaining paragraphs | Comments

#activision, #billzard, #gaming-culture, #microsoft, #spellbreak, #world-of-warcraft, #wow

Microsoft will start banning players from all private Minecraft servers

Players that Microsoft bans from <em>Minecraft</em> will soon also be prevented from joining private servers like this one.

Enlarge / Players that Microsoft bans from Minecraft will soon also be prevented from joining private servers like this one. (credit: Tynker)

Since its initial release over a decade ago (and even following Microsoft’s 2014 acquisition of developer Mojang), Minecraft has let players create private servers where they’re in full control of what behaviors (and players) are allowed. Next week, though, Microsoft is set to roll out a new update that lets it ban a Minecraft player from all online play, including private servers and those hosted on Microsoft’s subscription-based Realms plan.

Earlier this week, Microsoft launched a pre-release version of Update 1.19.1 for the Java Edition of Minecraft, which will go live for everyone on Tuesday, June 28. That update will add the ability to report users who abuse the game’s chat system and allow for “reported players [to be] be banned from online play and Realms after moderator review.”

On a recently updated “Why Have I been Banned from Minecraft?” help page, Microsoft notes that banned players will also get a message when they “sign into Minecraft on any platform (non-Java Edition) [aka “Bedrock”].” That message will clarify that “banned players are not allowed to play on servers, join Realms, host or join multiplayer games, or use the marketplace. They are also not allowed to access Minecraft Earth. Xbox players will no longer have access to their worlds [emphasis added].”

Read 8 remaining paragraphs | Comments

#gaming-culture, #microsoft, #minesweeper, #mojang

Activision’s internal investigation finds no “systemic issue” with harassment

A magnifying glass inspects a surface covered in various corporate logos.

Enlarge / Taking a close look… (credit: Aurich Lawson / Ars Technica)

Last November, The Wall Street Journal published a damning report alleging that Activision CEO Bobby Kotick withheld information about harassment allegations from his board of directors. The report also suggested that Activision executives failed to act decisively to address the kind of widespread complaints contained in a California Department of Fair Employment and Housing (DFEH) lawsuit filed last July.

In a Securities and Exchange Commission filing on Thursday, Activision’s board of directors said the company has concluded its own thorough investigation of those claims, which it says shows that “we are not a company that looks the other way.”

After consulting with external advisers, talking with employees, and reviewing contemporaneous notes, Activision writes “that there is no evidence to suggest that Activision Blizzard senior executives ever intentionally ignored or attempted to downplay the instances of gender harassment that occurred and were reported.” The company’s board of directors also didn’t withhold any information from the company, Activision writes.

Read 5 remaining paragraphs | Comments

#activision, #activision-blizzard, #gaming-culture, #harassment, #microsoft

Botched and silent patches from Microsoft put customers at risk, critics say

Shadowy figures stand beneath a Microsoft logo on a faux wood wall.

Enlarge (credit: Drew Angerer | Getty Images)

Blame is mounting on Microsoft for what critics say is a lack of transparency and adequate speed when responding to reports of vulnerabilities threatening its customers, security professionals said.

Microsoft’s latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three patches before successfully fixing a critical vulnerability in Azure. Orca Security first informed Microsoft in early January of the flaw, which resided in the Synapse Analytics component of the cloud service and also affected the Azure Data Factory. It gave anyone with an Azure account the ability to access the resources of other customers.

From there, Orca Security researcher Tzah Pahima said, an attacker could:

Read 8 remaining paragraphs | Comments

#biz-it, #exploits, #follina, #microsoft, #vulnerabilities

Dell XPS 13 2-in-1 becomes a Microsoft Surface-like detachable

Dell XPS 2-in-1

Enlarge / Dell XPS 2-in-1. (credit: Dell)

Dell revealed the last pieces of its 2022 XPS 13 lineup today. After releasing the XPS 13 Plus earlier this year, Dell has announced the more traditional, lower-priced XPS 13 clamshell refresh. Dell also overhauled the XPS 13 2-in-1‘s design, transforming it from a portable ultralight with a 360-degree hinge to a tablet with an optional detachable keyboard cover sold separately.

XPS 13 2-in-1 specs

Available this summer, the XPS 13 2-in-1 (model 9315) at its base configuration is basically a tablet running on up to an Intel Core i7-1250U (two performance cores at 1.1-4.7 GHz, eight efficiency cores at 0.8–3.5 GHz, 12 threads). For comparison, the similarly designed Microsoft Surface Pro 8 detachable has up to an i7-1185G7 (four cores, eight threads, up to 4.8 GHz).

Dell’s detachable will also be configurable with up to 16GB of soldered LPDDR4x-4266 RAM and a 1TB PCIe 4.0 x4 SSD.

Read 16 remaining paragraphs | Comments

#dell, #laptops, #microsoft, #tech

Microsoft won’t say if it will patch critical Windows vulnerability under exploit

Microsoft won’t say if it will patch critical Windows vulnerability under exploit

Enlarge (credit: Getty Images)

As hacker groups working continue to hammer a former Windows zero-day that makes it unusually easy to execute malicious code on target computers, Microsoft is keeping a low profile, refusing even to say if it has plans to patch.

Late last week, security firm Proofpoint said that hackers with ties to known nation-state groups were exploiting the remote code execution vulnerability, dubbed Follina. Proofpoint said the attacks were delivered in malicious spam messages sent to fewer than 10 Proofpoint customers in European and local US governments.

Microsoft products are a “target-rich opportunity”

In an email on Monday, the security company added further color, writing:

Read 12 remaining paragraphs | Comments

#biz-it, #microsoft

An actively exploited Microsoft 0-day flaw still doesn’t have a patch

An actively exploited Microsoft 0-day flaw still doesn’t have a patch

Enlarge (credit: mturhanlar | Getty Images)

Researchers warned last weekend that a flaw in Microsoft’s Support Diagnostic Tool could be exploited using malicious Word documents to remotely take control of target devices. Microsoft released guidance on Monday, including temporary defense measures. By Tuesday, the United States Cybersecurity and Infrastructure Security Agency had warned that “a remote, unauthenticated attacker could exploit this vulnerability,” known as Follina, “to take control of an affected system.” But Microsoft would not say when or whether a patch is coming for the vulnerability, even though the company acknowledged that the flaw was being actively exploited by attackers in the wild. And the company still had no comment about the possibility of a patch when asked by WIRED.

The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document. The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows. Researchers note that they would describe the bug as a “zero-day,” or previously unknown vulnerability, but Microsoft has not classified it as such.

Read 9 remaining paragraphs | Comments

#0day, #biz-it, #microsoft, #support-diagnostic-tool, #windows-11

Code execution 0-day in Windows has been under active exploit for 7 weeks

The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

Enlarge (credit: Getty Images)

A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products.

The Microsoft Support Diagnostic Tool vulnerability was reported to Microsoft on April 12 as a zero-day that was already being exploited in the wild, researchers from Shadow Chaser Group said on Twitter. A response dated April 21, however, informed the researchers that the Microsoft Security Response Center team didn’t consider the reported behavior a security vulnerability because, supposedly, the MSDT diagnostic tool required a password before it would execute payloads.

Uh, nevermind

On Monday, Microsoft reversed course, identifying the behavior with the vulnerability tracker CVE-2022-30190 and warning for the first time that the reported behavior constituted a critical vulnerability after all.

Read 14 remaining paragraphs | Comments

#biz-it, #microsoft, #uncategorized, #windows, #zerodays

Microsoft’s plans for an Xbox streaming stick head back to the drawing board

It might be a while until you can stream <em>Halo Infinite</em> to a TV using just a small dongle.

Enlarge / It might be a while until you can stream Halo Infinite to a TV using just a small dongle. (credit: Microsoft)

Last year, Microsoft officially confirmed years of rumors and announced plans for “standalone streaming devices” that could stream Xbox games through the company’s Xcloud service. Now, though, the company says it’s essentially going back to the drawing board and “pivot[ing] away from the current iteration” of that streaming-focused hardware.

In a statement to Windows Central, a Microsoft spokesperson reconfirmed that the company has “been working on a game-streaming device, codenamed Keystone, that could be connected to any TV or monitor without the need for a console.” At the same time, that spokesperson suggested that it may be a while until we see that hardware being finalized and released:

As part of any technical journey, we are constantly evaluating our efforts, reviewing our learnings, and ensuring we are bringing value to our customers. We have made the decision to pivot away from the current iteration of the Keystone device. We will take our learnings and refocus our efforts on a new approach that will allow us to deliver Xbox Cloud Gaming to more players around the world in the future.

Microsoft’s statement comes weeks after a GamesBeat report suggested that Microsoft’s game-streaming device would be released “in the next 12 months,” citing “people familiar with [Microsoft’s] plans.” That report also said that certain Samsung smart TVs would be getting an Xbox cloud streaming app in the same time period.

Read 2 remaining paragraphs | Comments

#gaming-culture, #microsoft, #streaming, #xbox, #xcloud

Are we on the verge of an 8K resolution breakthrough in gaming?

A slide from TV manufacturer TCL guesses at some details for the next micro-generation of high-end game consoles.

Enlarge / A slide from TV manufacturer TCL guesses at some details for the next micro-generation of high-end game consoles. (credit: PPE)

With the 2020 release of the Xbox Series X and PlayStation 5, we’ve started to see the era of console games that finally make full use of TVs capable of 4K resolutions (i.e., “Ultra HD” 3840×2160 pixels) that have become increasingly popular in the marketplace. Now, though, at least one TV manufacturer is already planning to support 8K-capable consoles (i.e., 7680×4320 resolution) that it thinks could launch in the next year or two.

Polish gaming site PPL reports on a recent public presentation by Chinese TV and electronics maker TCL. Tucked away in a slide during that presentation is a road map for what TCL sees as “Gen 9.5” consoles coming in 2023 or ’24. Those supposed consoles—which the slide dubs the PS5 Pro and “New Xbox Series S/X”—will be capable of pushing output at 8K resolution and up to 120 frames per second, according to TCL’s slide.

First off, there’s little reason to believe that a lesser-known TV manufacturer has leaked the first official word of Sony and Microsoft’s next console plans. As GamesBeat’s Jeff Grubb points out, you can tell TCL is speculating on console makers’ plans “because they put the information up in big letters on a stage. If the company knew what it was talking about, then it would be under a non-disclosure agreement.”

Read 10 remaining paragraphs | Comments

#4k, #8k, #gaming-culture, #microsoft, #ps5, #resolution, #sony, #xbox

Microsoft looking at ways to “validate” Xbox discs for disc-drive-free consoles

Xbox Series S, as placed next to an Xbox Series X.

Enlarge / Xbox Series S, as placed next to an Xbox Series X. (credit: h0x0d)

While Microsoft’s Xbox Series S gives a lot of gaming horsepower for its price, one thing it doesn’t provide is a disc drive to access any of the physical Xbox games you might own. Microsoft seems interested in working around this problem, though, as the company has applied for a patent that can provide “software ownership validation of optical discs using [a] secondary device.”

That mouthful of a title describes a patent application Microsoft first filed back in November of 2020 but which was published by the United States Patent and Trademark Office just last week (as noticed by Game Rant). And while it doesn’t appear that the patent has been granted yet, the application provides more evidence that Microsoft is trying to find a way to bring games trapped on legacy discs into gaming’s increasingly disc-free future.

A number of technical options

When it comes to the technical details of how this validation process would work, the patent application is so vague as to be practically useless. The only constant across its examples is that there are two separate devices, at least one of which has a disc drive that can read “an optical disc comprising the electronic content” and “validate the user’s ownership of the electronic content” (e.g., an Xbox 360, Xbox One, or Xbox Series X).

Read 7 remaining paragraphs | Comments

#digital, #discs, #gaming-culture, #microsoft, #patent, #xbox, #xbox-series-s

Eve Online fans literally cheer Microsoft Excel features at annual Fanfest

Yeah, yeah, this looks exciting and all, but the spreadsheets are where the <em>real</em> action happens.

Yeah, yeah, this looks exciting and all, but the spreadsheets are where the real action happens.

There aren’t many games for which built-in integration with Microsoft Excel would be a major feature whose announcement would draw literal cheers from fans. But Eve Online showed itself to be the exception when developer CCP announced coming Excel integration during its Eve Fanfest keynote this morning.

Through an official partnership with Microsoft, CCP said it is creating a JavaScript API that will allow players to “seamlessly export data from Eve Online” into the popular spreadsheet program. That “will help players access and calculate everything from profit margins to battle strategy, making day-to-day Eve operations easier to execute,” the company said in a press release.

“It’s not April fools; this is real,” Eve Online Creative Director Bergur Finnbogason said on the Fanfest stage, receiving bemused laughter in response. “I’m not lying—we actually reached out to [Microsoft] and they were like, ‘Oh my god, We love Eve!'”

Read 7 remaining paragraphs | Comments

#economy, #eve-online, #excel, #gaming-culture, #microsoft, #spreadsheets

Apple, Google, and Microsoft want to kill the password with “Passkey” standard

The first Thursday of May is apparently “World Password Day,” and to celebrate Apple, Google, and Microsoft are launching a “joint effort” to kill the password. The major OS vendors want to “expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.”

The standard is being called either a “multi-device FIDO credential” or just a “passkey.” Instead of a long string of characters, this new scheme would have the app or website you’re logging in to push a request to your phone for authentication. From there, you’d need to unlock the phone, authenticate with some kind of pin or biometric, and then you’re on your way. This sounds like a familiar system for anyone with phone-based two-factor authentication set up, but this is a replacement for the password rather than an additional factor.

A graphic has been provided for the user interaction:

Read 4 remaining paragraphs | Comments

#apple, #google, #microsoft, #passkey, #password, #tech

New lawsuit calls Kotick’s handling of Activision-Microsoft merger “inexcusable”

New lawsuit calls Kotick’s handling of Activision-Microsoft merger “inexcusable”

Enlarge (credit: Aurich Lawson | Getty Images)

The Activision-Blizzard shareholders’ response to a whirlwind of news over the past year—which include disturbing, company-wide allegations of sexual harassment and pay disparity, followed by a $68.7 billion acquisition proposal—reached a new head at the end of April in the form of a sweeping lawsuit.

As first reported by Axios on Wednesday, the April 26 civil suit, as filed by the New York City Employees’ Retirement System and other NYC retirement and pension systems, hinges upon allegations that Activision-Blizzard has failed to properly open its books. Its plaintiffs, which include longstanding Activision-Blizzard shareholders, contend in Delaware court that fuller disclosure from Activision-Blizzard is required to answer their allegations about “breaches of fiduciary duty.”

“Escape liability and accountability”

Those include the shareholders’ belief that executives acted in their own interests, as opposed to those of company shareholders, in failing for years to inform them about the original California state lawsuit’s allegations. The suit also alleges that the board is accelerating efforts to complete a proposed merger with Microsoft to “extinguish highly valuable derivative claims” against all Activision-Blizzard board members and longtime company CEO Bobby Kotick.

Read 5 remaining paragraphs | Comments

#activision-blizzard, #gaming-culture, #mergers-and-acquisitions, #microsoft

Businesses are adopting Windows 11 more quickly than past versions, says Microsoft

Businesses are adopting Windows 11 more quickly than past versions, says Microsoft

Enlarge (credit: Getty Images)

Data suggests that gamers are moving to Windows 11 at a steady pace but not nearly as quickly as they warmed to Windows 10 a few years ago. For historically change-averse businesses, surprisingly, the opposite may be true—Microsoft CEO Satya Nadella said during the company’s Q3 2022 earnings call that enterprises were “adopting Windows 11 at a faster pace than previous releases.”

That’s just one highlight from an overwhelmingly rosy earnings report for Microsoft, which reported revenue of $49.4 billion (up 18 percent from the same quarter last year) and net income of $16.7 billion (up 8 percent year over year).

Sales of Windows licenses to PC manufacturers increased by 11 percent; revenue from consumer and commercial Office products increased by 11 and 12 percent (respectively); revenue from Xbox content and services increased 4 percent; Surface hardware revenue increased by 13 percent; and LinkedIn revenue (of all things) increased 34 percent. But the biggest driver of growth continues to be Microsoft’s cloud business, which reported 26 percent higher revenue year over year for a total of $19.1 billion in earnings. That growth is thanks in large part to Azure cloud computing services.

Read 2 remaining paragraphs | Comments

#biz-it, #microsoft, #tech

The Senate bill that has Big Tech scared

The Senate bill that has Big Tech scared

Enlarge (credit: Wired | Getty Images)

If you want to know how worried an industry is about a piece of pending legislation, a decent metric is how apocalyptic its predictions are about what the bill would do. By that standard, Big Tech is deeply troubled by the American Innovation and Choice Online Act.

The infelicitously named bill is designed to prevent dominant online platforms—like Apple and Facebook and, especially, Google and Amazon—from giving themselves an advantage over other businesses that must go through them to reach customers. As one of two antitrust bills voted out of committee by a strong bipartisan vote (the other would regulate app stores), it may be this Congress’ best, even only, shot to stop the biggest tech companies from abusing their gatekeeper status.

Read 23 remaining paragraphs | Comments

#antitrust, #apple, #big-tech, #google, #microsoft, #policy

Report: US Senators urge FTC to scrutinize Microsoft/Activision merger

Report: US Senators urge FTC to scrutinize Microsoft/Activision merger

Enlarge (credit: Aurich Lawson)

Four U.S. Senators have sent a letter to Federal Trade Commission Chairwoman Lina Khan expressing concern about Microsoft’s proposed $68.7 billion acquisition of Activision Blizzard, according to a Wall Street Journal report.

In the letter, Senators Elizabeth Warren (D-Mass.), Bernie Sanders (I-Vt.), Cory Booker (D-NJ), and Sheldon Whitehouse (D-RI) express worry that the merger could hurt efforts to hold Activision management accountable for widespread allegations of abuse, sexual harassment, and discrimination at Activision Blizzard. The letter also takes specific issue with reports that Activision CEO Bobby Kotick will be allowed to stay until the merger is finalized, and that the embattled executive might have negotiated a “graceful exit” as part of the merger talks.

“This lack of accountability, despite shareholders, employees, and the public calling for Kotick to be held responsible for the culture he created, would be an unacceptable result of the proposed Microsoft acquisition,” the letter reads in part, according to the report. The Senators also expressed general concern about “consolidation in the tech industry and its impact on workers.”

Read 6 remaining paragraphs | Comments

#activision, #antitrust, #ftc, #gaming-culture, #government, #merger, #microsoft, #regulatory, #senators

Microsoft accidentally reveals that it is testing ads in Windows Explorer

Microsoft accidentally reveals that it is testing ads in Windows Explorer

Enlarge (credit: Aurich Lawson / Ars Technica)

Windows 11 testers are regularly finding new Windows 11 features that Microsoft wasn’t ready to show anyone yet. Sometimes that means digging up a new Task Manager or tabs for the File Explorer. And sometimes it means finding advertisements for other Microsoft products as you browse your own locally stored files.

Microsoft MVP Florian Beaubois found an example of the latter when he saw an ad promoting Microsoft Editor while viewing his Documents folder in a Windows 11 build. In a statement to The Verge, Microsoft Senior Program Manager Brandon LeBlanc acknowledged that the banner ad was genuine, but he said that it had been “experimental” and that it “was not intended to be published externally and was turned off.”

As The Verge notes, “we didn’t mean for anyone to see that” is not a promise to never run ads in Windows Explorer, and Microsoft’s behavior around its Edge browser, Microsoft account requirements, and prompts to try OneDrive and Microsoft 365 all indicate that the company has no problem with this kind of aggressive internal promotion of its own products and services. It’s an unfortunate reality that comes with using a big company’s products—you’ll get promo notifications for Apple TV+ on your iPhone, suggestions that you switch to Chrome when you’re using Gmail, or prominent ads for Alexa-based products every time you try to buy a $6 cable on Amazon.

Read 1 remaining paragraphs | Comments

#microsoft, #tech, #windows-11

Microsoft promises faster PC game load times with DirectStorage release

Close up of SSD NVMe M.2 2280 Solid State Drive

Enlarge / You’ll need an NVMe SSD to use DirectStorage on Windows. (credit: Getty Images)

PC games can now use DirectStorage, a DirectX 12 Ultimate API that Microsoft announced in 2020. The feature is supposed to bring faster loading times and improved textures and draw distances.

The Xbox Series X/S already uses DirectStorage, and in June, Microsoft said it would bring the feature to Windows 11. The storage acceleration API should improve gameplay by bringing instant asset introduction and enabling more vivid virtual landscapes. It works by sending data directly from an NVMe SSD to the graphics card, skipping the CPU and leveraging PCIe 3.0 or PCIe 4.0 speeds, depending on the system.

In a developer blog post today, Microsoft said it is moving DirectStorage out of developer preview and making it available via a public SDK.

Read 4 remaining paragraphs | Comments

#gaming-culture, #microsoft, #tech, #windows

Microsoft announces progress on a completely new type of qubit

Image of a graph with two obvious peaks.

Enlarge / Microsoft says it sees two clear peaks at the ends of a wire, with a nice energy separation between those and any other energy states. (credit: Microsoft)

So far, two primary quantum computing technologies have been commercialized. One type of hardware, called a transmon, involves superconducting wire loops linked to a resonator; it is used by companies like Google, IBM, and Rigetti. Companies like Quantinuum and IonQ have instead used individual ions held in light traps. At the moment, both technologies are in an awkward place. They’ve clearly been demonstrated to work, but they need some significant scaling and quality improvements before they can perform useful computations.

It may be a bit surprising to see that Microsoft is committed to an alternative technology called “topological qubits.” This technology is far enough behind other options that the company just announced it has worked out the physics to make a qubit. To understand Microsoft’s approach better, Ars talked to Microsoft engineer Chetan Nayak about the company’s progress and plans.

The foundation of a qubit

Microsoft is starting behind some competitors because the basic physics of its system weren’t entirely figured out. The company’s system relies on the controlled production of a “Majorana particle,” something that was only demonstrated to exist within the last decade (and even then, its discovery has been controversial).

Read 15 remaining paragraphs | Comments

#biz-it, #majorana-particle, #microsoft, #physics, #quantum-computing, #quantum-mechanics, #science

Dell says Microsoft’s Pluton security chip isn’t right for its business PCs

Dell says Microsoft’s Pluton security chip isn’t right for its business PCs

Enlarge (credit: Microsoft)

Dell, one of the top three PC makers, will not be using Microsoft’s Pluton chip in “most” commercial PCs, The Register reported on Wednesday. A Dell representative told the publication that the security processor “does not align with Dell’s approach to hardware security and our most secure commercial PC requirements.”

Microsoft first announced the Pluton security processor in 2020. At that point, the chip had already been used in microcontrollers in the Xbox One and Azure Sphere to prevent hardware hacks.

In PCs, Pluton is meant to prevent hacks that could result from an attacker having physical access to the PC. Such physical hacks could result in malware installation or stolen data. By living on the main CPU’s die, Pluton can store protected data in an area that is isolated from the PC’s other components. According to Microsoft, that data can’t be removed no matter what.

Read 6 remaining paragraphs | Comments

#dell, #lenovo, #microsoft, #tech

The secret US mission to bolster Ukraine’s cyber defences ahead of Russia’s invasion

Flag of Ukraine on a computer binary codes falling from the top and fading away.

Enlarge / Flag of Ukraine on a computer binary codes falling from the top and fading away. (credit: gwengoat | Getty Images)

Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat.

Some were soldiers, with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years.

The US had been helping Ukraine bolster its cyber defenses for years, ever since an infamous 2015 attack on its power grid left part of Kyiv without electricity for hours.

Read 22 remaining paragraphs | Comments

#biz-it, #cybersecurity, #microsoft, #policy, #ukraine, #ukraine-invasion, #us

Microsoft suspends “all new sales of products and services in Russia”

Microsoft suspends “all new sales of products and services in Russia”

Enlarge (credit: Getty Images)

Microsoft President and Vice Chair Brad Smith announced today via blog post that Microsoft would be suspending “all new sales of Microsoft products and services in Russia” following the country’s “unjustified, unprovoked, and unlawful” invasion of Ukraine. The company didn’t name specific products, but a blanket ban would include Windows and Office software, Surface and Xbox hardware, Azure cloud computing services, and consumer services like OneDrive and Xbox Game Pass.

Microsoft isn’t the first of the big tech companies to formally halt sales in Russia while the country’s invasion of Ukraine continues. Apple halted sales of its products there earlier this week, and Google suspended advertising in Russia yesterday. Multiple tech companies, including Microsoft, have also blocked, demonetized, or deprioritized content from Russian state media outlets like RT and Sputnik. And some game companies have heeded requests from the Ukrainian government to halt sales of their games in Russia while the invasion continues.

Microsoft wrote a separate blog post earlier this week detailing its efforts to stop malware and other cyberattacks against Ukrainian and European targets. Today’s post reiterates the company’s focus on those issues.

Read 2 remaining paragraphs | Comments

#microsoft, #policy, #russian-invasion-of-ukraine, #tech

Microsoft: Activision on PlayStation will last past “existing agreement”

Despite the prominent "Xbox" in this image, Microsoft suggests some of these popular Activision titles could persist on PlayStation "into the future."

Enlarge / Despite the prominent “Xbox” in this image, Microsoft suggests some of these popular Activision titles could persist on PlayStation “into the future.”

Microsoft now says that it has “committed to Sony” that “Call of Duty and other popular Activision titles” will be “available on PlayStation beyond the existing agreement and into the future so that Sony fans can continue to enjoy the games they love.” The Xbox maker also says it is “interested in taking similar steps to support Nintendo’s successful platform” following its planned $68.7 billion purchase of the mega-publisher.

The announcement comes as part of a blog post outlining a number of “Open App Store principles” Microsoft says are explicitly designed “to address Microsoft’s growing role and responsibility as we start the process of seeking regulatory approval in capitals around the world for our acquisition of Activision Blizzard.”

The bit about distributing Activision titles to non-Xbox consoles “beyond the existing agreement” is especially relevant here. In the days after Microsoft announced its plans to purchase Activision, statements regarding console exclusivity plans from Activision, Sony, and Microsoft focused on language like “honor[ing] all existing commitments” and “abid[ing] by contractual agreements” and “honor[ing] all existing agreements,” respectively. Late last month, Bloomberg reported that those existing agreements only covered the next three Call of Duty games planned for release through 2024.

Read 8 remaining paragraphs | Comments

#activision, #gaming-culture, #microsoft, #playstation, #sony, #xbox

Satya Nadella: Microsoft has “permission to build the next Internet”

Satya Nadella: Microsoft has “permission to build the next Internet”

Enlarge (credit: Financial Times)

Not long after being promoted to the role of chief executive at Microsoft, in 2014, Satya Nadella had faced calls to ditch the tech group’s Xbox games division and concentrate its resources on cloud computing—to compete with rivals, such as Amazon. But instead, Nadella saw an opportunity to build new customer bases through online gaming communities. His first deal as chief executive was buying Minecraft, the three-dimensional world-building game.

At the same time, he further developed Microsoft’s dominant position in personal and business software and expanded its cloud and server offerings. Shares in the group have risen eightfold under Nadella’s tenure, and it remains the world’s largest software group.

However, last month’s $75 billion deal to buy video game maker Activision Blizzard will also make Microsoft the world’s third-biggest gaming company by revenue, behind only China’s Tencent and Japan’s Sony.

Read 53 remaining paragraphs | Comments

#activision-blizzard, #gaming, #gaming-culture, #interview, #microsoft, #satya-nadella

Microsoft fixes Patch Tuesday bug that broke VPN in Windows 10 and 11

Microsoft fixes Patch Tuesday bug that broke VPN in Windows 10 and 11

Enlarge (credit: Aurich Lawson)

Microsoft’s monthly Patch Tuesday updates for Windows are generally meant to fix problems, but that isn’t how it always goes. January’s updates, released last week, caused a handful of problems for businesses in particular. The most serious, especially for people still dealing with pandemic-driven remote-work setups, was a bug that broke certain kinds of VPN connections. Microsoft has provided fixes for this and other issues as of today, a few days after acknowledging the problem on its Known Issues page.

According to Microsoft’s documentation and reporting from Bleeping Computer, the VPN connection issues affected “IPSEC connections which contain a Vendor ID,” as well as L2TP and IPSEC IKE VPN connections in Windows 10, Windows 11, and Windows Server versions 2022, 20H2, 2019, and 2016. Windows’ built-in VPN client seems to be the most commonly affected, but third-party VPN clients using these kinds of connections could also run into the error.

The latest round of Patch Tuesday updates also caused some problems for Windows Server, including unexpected reboots for domain controllers and failed boots for Hyper-V virtual machines. These problems have all been resolved by other out-of-band patches, though not before causing problems for beleaguered IT admins.

Read 1 remaining paragraphs | Comments

#biz-it, #microsoft, #patch-tuesday, #tech

Microsoft warns of destructive disk wiper targeting Ukraine

Microsoft warns of destructive disk wiper targeting Ukraine

Enlarge (credit: Getty Images)

Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine’s border and made subtle but far-reaching threats if Ukraine and NATO don’t agree to Kremlin demands.

Now, a similar dispute is playing out in cyber arenas, as unknown hackers late last week defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services.

Be afraid and expect the worst

“All data on the computer is being destroyed, it is impossible to recover it,” said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. “All information about you has become public, be afraid and expect the worst.”

Read 16 remaining paragraphs | Comments

#biz-it, #diskwiper, #microsoft, #policy, #russia, #ukraine, #whispergate

Microsoft Teams turns your phone into a walkie-talkie

Microsoft Teams turns your phone into a walkie-talkie

Enlarge (credit: Getty)

One of the hallmarks of Boost Mobile prepaid phones in the early 2000s was their push-to-talk (PTT), or walkie-talkie, feature, which allowed you to play your voice through another Boost Mobile user’s phone speaker with the push of a button. Microsoft is now bringing a similar feature to iOS and Android devices via its Teams app. However, Microsoft isn’t using rappers and athletes to try to make PTT seem “cool,” as Boost Mobile did. Instead, the company is positioning the feature as a way to use technology to aid frontline workers.

In a blog post on Wednesday, Emma Williams, corporate VP of modern work transformation at Microsoft, announced that the walkie-talkie ability in Teams is now available “on all iOS mobile devices, such as iPhones and iPads, in addition to Android mobile devices.”

Williams also said the feature will come to some Zebra Technologies devices, such as rugged phones or scanning devices. Such products may even have a button you can press to connect instantly, just like real walkie-talkies and Boost Mobile’s old PTT phones.

Read 4 remaining paragraphs | Comments

#boost-mobile, #microsoft, #microsoft-teams, #tech

How to make Windows 11 run better on old, cheap devices

window 11

Microsoft is working on a new update for Windows 11 that will make the new operating system (OS) run better on dated and inexpensive hardware.

Windows 11 Build 22526 has currently been made available to members of the Insider early access programme with multiple enhancements and fixes, Techradar reported. It is yet not clear when the update will be rolled out to the public.

Though most of the new features are minor, the software giant is using this update to try out a new file location indexing system, hoping that the build will enable users to find out important files even faster using File Explorer.

The File Explorer of the recently released Windows 11 works very slow and is still prone to frequent crashes. Users often have to suffer due to the slowness of the Search functionality.

It takes a long time to return relevant searches if users have stored a huge number of files in the built-in hard drive.

The new update could help you cruise through large number of files more quickly.

More importantly, it will be very helpful for users who are running Windows 11 on cheap and dated devices that suffer lengthy load times affecting performance.

Other upgrades that will be released in the upcoming Windows 11 update include wideband speech support which will improve the audio quality of voice calls if you are using products such as Apple Airpods.

There will also be a new “windowed” system to the popular Alt + Tan functionality.


Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide

Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide

Enlarge (credit: Getty Images)

Microsoft has released a fix for a harebrained Exchange Server bug that shut down on-premises mail delivery around the world just as clocks were chiming in the new year.

The mass disruption stemmed from a date check failure in Exchange Server 2016 and 2019 that made it impossible for servers to accommodate the year 2022, prompting some to call it the Y2K22 bug. The mail programs stored dates and times as signed integers, which max out at 2147483647, or 231 – 1. Microsoft uses the first two numbers of an update version to denote the year it was released. As long as the year was 2021 or earlier, everything worked fine.

“What in the absolute hell Microsoft?”

When Microsoft released version 2201010001 on New Year’s Eve, however, on-premises servers crashed because they were unable to interpret the date. Consequently, messages got stuck in transport queues. Admins around the world were left frantically trying to troubleshoot instead of ringing in the New Year with friends and family. All they had to go on were two cryptic log messages that looked like this:

Read 4 remaining paragraphs | Comments

#2022, #biz-it, #bugs, #exchange-server, #microsoft

Big Tech split leads to demise of Internet Association

Street sign for K Street, the Wall Street of political influence in the US capital.

Enlarge / Street sign for K Street, the Wall Street of political influence in the US capital. (credit: Bjarte Rettedal | Getty Images)

Growing tensions between Microsoft, Amazon, Alphabet, Meta, and Apple lie behind the death of the Internet Association (IA), the nine-year-old lobby group that was Big Tech’s voice in Washington, according to insiders and industry observers.

The Washington-based group, which dubbed itself the “unified” voice of the internet industry, will shut at the end of the year after both Microsoft and Uber, among others, pulled their financial support, leaving an insurmountable funding gap.

“Our industry has undergone tremendous growth and change,” it said in a statement, adding that its closure was “in line with this evolution.”

Read 24 remaining paragraphs | Comments

#alphabet, #apple, #big-tech, #facebook, #google, #internet-association, #lobbyists, #meta, #microsoft, #policy

Microsoft pushed Apple for compromise to get Game Pass on the App Store

Microsoft pushed Apple for compromise to get Game Pass on the App Store

Enlarge (credit: Aurich Lawson / Getty Images)

Last year, Apple rolled out a set of onerous guidelines that required streaming game subscription services like Xbox Game Pass to package each available title as a separate app in the iOS App Store. At the time, Microsoft said this solution “remains a bad experience for customers. Gamers want to jump directly into a game from their curated catalog within one app, just like they do with movies or songs, and not be forced to download over 100 apps to play individual games from the cloud.”

However, new emails revealed as part of the Epic v. Apple trial (and unearthed by The Verge) show how seriously Microsoft was considering working within these guidelines. The emails show that Microsoft engaged Apple in detailed negotiations about how individual xCloud streaming apps could work as a technical matter and even dangled the possibility of streaming “exclusive AAA titles” from outside of Game Pass to help broker a compromise position.

Splitting the baby

In the emails, sent between February and April of 2020, Microsoft Xbox head of business development Lori Wright laid out some concerns about the idea of packaging each Xbox streaming game as an individual iOS app. For users, such a system would lead to cluttered home screens and the potential for “orphaned” app icons when games were removed from Game Pass, Wright wrote. For Microsoft and Apple, the system would also lead to lots of extra overhead in terms of app store metadata management and app review time, she wrote.

Read 7 remaining paragraphs | Comments

#app-store, #apple, #game-pass, #gaming-culture, #ios, #microsoft, #xcloud

Microsoft seizes domains used by “highly sophisticated” hackers in China

A motherboard has been photoshopped to include a Chinese flag.

Enlarge / Computer chip with Chinese flag, 3d conceptual illustration. (credit: Steve McDowell / Agefotostock)

Microsoft said it has seized control of servers that a China-based hacking group was using to compromise targets that align with that country’s geopolitical interests.

The hacking group, which Microsoft has dubbed Nickel, has been in Microsoft’s sights since at least 2016, and the software company has been tracking the now-disrupted intelligence-gathering campaign since 2019. The attacks—against government agencies, think tanks, and human rights organizations in the US and 28 other countries—were “highly sophisticated,” Microsoft said, and used a variety of techniques, including exploiting vulnerabilities in software that targets had yet to patch

Down but not out

Late last week, Microsoft sought a court order to seize websites Nickel was using to compromise targets. The court, in the US District of Court for the Eastern District of Virginia, granted the motion and unsealed the order on Monday. With control of Nickel’s infrastructure, Microsoft will now “sinkhole” the traffic, meaning it’s diverted away from Nickel’s servers and to Microsoft-operated servers, which can neutralize the threat and obtain intelligence about how the group and its software work.

Read 10 remaining paragraphs | Comments

#biz-it, #domain-seizure, #hackers, #microsoft

OneDrive joins Dropbox in committing to native M1 Mac support

The 2021 14-inch MacBook Pro stacked on top of the 2021 16-inch MacBook Pro.

Enlarge / The 2021 14-inch MacBook Pro stacked on top of the 2021 16-inch MacBook Pro. (credit: Samuel Axon)

Microsoft has announced a public preview of OneDrive sync for ARM devices, signaling that a public release of a native version of OneDrive on M1, M1 Pro, and M1 Max Macs will arrive eventually.

9to5Mac first discovered and reported on the announcement after Microsoft’s Ankita Kirti posted the following to the OneDrive blog this morning:

We’re excited to announce that OneDrive sync for Windows on ARM and for Apple silicon is now available as a public preview!

We know this has been a long awaited and highly requested feature, and we’re thrilled to make it available for early access.

To enable the preview, you’ll need to make sure that you’ve joined the Insiders ring and enabled the preview in OneDrive Settings > About.

We will be rolling out this feature to the Insiders ring over the next few days. 

Native app support for Apple’s architecture has been marching aggressively forward across the macOS software ecosystem. There are still some major exceptions, of course, like Microsoft Visual Studio 2019 and Autodesk Maya, but by and large, we’ve seen a lot of popular applications go native since the debut of the M1 last year.

Read 5 remaining paragraphs | Comments

#apple, #apple-silicon, #dropbox, #m1, #m1-max, #m1-pro, #microsoft, #onedrive, #tech

Microsoft shareholders back protest vote over sexual harassment claims

The shareholder revolt comes in the shadow of recent cases and the revelation that co-founder Bill Gates had a relationship with a company employee.

Enlarge / The shareholder revolt comes in the shadow of recent cases and the revelation that co-founder Bill Gates had a relationship with a company employee. (credit: Jeff Pachoud | Getty Images)

Microsoft’s shareholders have backed a protest vote calling on the company to reveal more about its handling of sexual harassment claims, in the shadow of recent cases and the revelation that co-founder Bill Gates had a relationship with a company employee.

The call amounted to a rare vote against management at the company’s annual shareholder meeting and brought an immediate promise from Microsoft of more transparency. However, the company stopped short of saying it would reveal details about individual cases, and it did not make any commitment to reopen its handling of cases from previous years.

The shareholder revolt followed years of complaints from some workers that the company had brushed pervasive claims of harassment under the carpet. Arjuna Capital, which submitted the shareholder proposal challenging management, said Microsoft’s human resources department upheld only one claim against the group out of a total of 238 that were included in a class-action lawsuit alleging discrimination and harassment in 2012.

Read 10 remaining paragraphs | Comments

#bill-gates, #microsoft, #ndas, #policy, #sexual-har

Users revolt as Microsoft bolts a short-term financing app onto Edge

Users revolt as Microsoft bolts a short-term financing app onto Edge

Enlarge (credit: Getty Images)

Microsoft is taking a lot of flak for planning to integrate a short-term financing app into the company’s Edge browser. The app would allow users to make purchases immediately and pay for them at a future date.

In recent years, Edge has built a following of users attracted to the security of the Microsoft browser, in addition to features including immersive reading, collections (which saves webpages or notes to categorized notebooks), vertical tabs, and the ability to take screenshots directly from a webpage.

​​Two weeks ago, Microsoft said it planned to bake an app called Zip directly into Edge. The so-called “buy now, pay later” app, which used to be known as Quadpay, lets shoppers break purchases into equal installment payments so they get their merchandise upfront, rather than having to wait until it’s paid in full. It didn’t take long for the howling and gnashing of teeth to begin.

Read 8 remaining paragraphs | Comments

#biz-it, #edge, #microsoft, #zip

Sorry PlayStation owners, Elder Scrolls VI will be an Xbox/PC exclusive

Bethesda's logo as carried by the publisher's growing roster of mascots.

Enlarge / Bethesda’s logo as carried by the publisher’s growing roster of mascots. (credit: Sam Machkovech)

Since Microsoft purchased Bethesda Softworks (via parent company ZeniMax Media) last September, the question of Bethesda games on non-Xbox consoles has been on everyone’s minds. This week, Microsoft put probably the final nail in that conversational coffin, with Xbox chief Phil Spencer confirming in an interview with British GQ magazine that the upcoming Elder Scrolls VI will be available only on Xbox consoles and the PC.

In a quote that doesn’t seem likely to soothe many PlayStation owners, Spencer said the exclusivity is “not about punishing any other platform, like I fundamentally believe all of the platforms can continue to grow.” Instead, Spencer was focused on “be[ing] able to bring the full complete package of what we have” with the company’s games, meaning integration with Xbox Live, Game Pass, Xbox Cloud Gaming, etc. “And that would be true when I think about Elder Scrolls VI,” he added. “That would be true when I think about any of our franchises.”

An announcement 14 months in the making

The confirmation ends over a year of coyness and mealymouthed statements about the exclusivity of major Bethesda games. The ordeal started with a Bloomberg interview last September in which Spencer said future Bethesda titles would be considered for non-Xbox consoles “on a case-by-case basis.” An in November, Xbox CFO Tim Stuart was saying publicly that Microsoft wanted Bethesda content to be “first or better or best” on Xbox rather than necessarily exclusive to the platform.

Read 3 remaining paragraphs | Comments

#bethesda, #elder-scrolls, #gaming-culture, #microsoft

Surprise: Halo Infinite’s free multiplayer mode is available right now

As part of its Xbox 20th anniversary celebration livestream today, Microsoft announced the surprise launch of Halo Infinite‘s free-to-play multiplayer mode, which is available now for Xbox One, Series S/X, and PC (the game will be available on Xbox Cloud Streaming “later today”).

Today’s launch, which comes after two limited multiplayer “technical preview” test weekends in recent months, is still being described as a beta launch ahead of the full release planned for December 8. That’s when the game’s single-player campaign is also expected to launch (though co-op mode will have to wait).

As such, 343 Industries warns that “you may experience some bumps and bugs during this beta period.” That said, the company sees today’s roll out as the official launch of the game’s “Season One,” which is titled “Heroes of Reach” and will run through May 2, 2022 (subsequent seasons will run for three months). Any progress made in the beta will carry over to the full launch.

Read 5 remaining paragraphs | Comments

#ars-shopping, #gaming-culture, #hal, #microsoft

HP takes printer troubleshooting into mixed reality for some reason

HP claims using the mixed-reality service will ultimately save time.

Enlarge / HP claims using the mixed-reality service will ultimately save time. (credit: HP)

Whether a printer is out of ink or the paper is jammed, printer troubleshooting can be a pain. Now, with the “metaverse” just a head-mounted display away, printer repair can be easier. At least that’s what HP is claiming with xRServices, a printer repair and support feature that uses Microsoft HoloLens 2 mixed-reality headsets.

Businesses that have a HoloLens 2 and buy HP’s xRServices will be able to instantly connect to an HP engineer and ask about printer problems during “any point of their print production,” HP’s Monday announcement said.

The service targets companies that use HP’s Industrial line of printers, the massive pieces of equipment you’ll find in everything from standard offices to large warehouses. They can do things your printer at home can’t, like print 6,000 sheets an hour.

Read 4 remaining paragraphs | Comments

#hololens, #hp, #microsoft, #mixed-reality, #printer, #tech

Forget bendy screens—Microsoft patents “foldable mouse”

Forget bendy screens—Microsoft patents “foldable mouse”

Enlarge (credit: Microsoft)

Foldable screens have allowed for some wacky phone and PC designs over the past few years. As bendy tech continues to trend, Microsoft wants to bring the fold to the wireless mouse. According to an international patent spotted by German tech site WindowsUnited, Microsoft is exploring the idea of a “foldable mouse.”

The patent is listed on PatentScope, a service from the World Intellection Property Organization that provides a searchable database of international patent applications. Microsoft’s patent was published on Thursday and filed in March. It describes a mouse that looks similar to today’s Microsoft Arc wireless mouse but with the ability to become flatter and easy to carry.

Here’s how Microsoft describes the peripheral:

Read 8 remaining paragraphs | Comments

#foldable, #foldable-mouse, #mice, #microsoft, #tech, #wireless-mice

With Mesh for Teams, Microsoft plans to bring 3D workspaces to remote workers in 2022

An interface and virtual workspace for Mesh for Teams.

Enlarge / An interface and virtual workspace for Mesh for Teams. (credit: Microsoft)

Microsoft has announced its intention to create an immersive 3D platform called “Mesh for Teams” for virtual meetings. As the name suggests, Mesh for Teams builds on the company’s existing Teams collaboration platform and implements the mixed reality features of Microsoft Mesh.

Announced earlier this year, Mesh is a platform for virtual meetings and other collaborative gatherings in mixed reality (a catch-all term for virtual reality, augmented reality, or any combination of the two) using a variety of devices like the company’s own HoloLens products and Windows Mixed Reality headsets, among others. Users would have persistent avatars that accurately reflect their body language and facial expressions and would be able to wander around a virtual workplace.

Workplaces would use Mesh for Teams to invite employees to log in to 3D or 2D collaborative workspaces. Sitting around a virtual conference table, workers would be able to do some things that aren’t possible in the real world. For example, a presenter could see her notes in 3D space near a virtual white board while those watching the presentation only see what she writes on the board.

Read 9 remaining paragraphs | Comments

#ar, #augmented-reality, #meetings, #metaverse, #microsoft, #microsoft-mesh, #microsoft-mesh-for-teams, #microsoft-teams, #mixed-reality, #tech, #virtual-reality, #virtual-workplace, #vr, #xr

Microsoft reclaims title of most valuable public company after Apple falls

Microsoft reclaims title of most valuable public company after Apple falls

Enlarge (credit: Getty Images)

Microsoft regained its crown as the most valuable publicly listed company in the world on Friday from Apple, whose shares slumped following a weak quarterly earnings update from the maker of iPhones and Mac computers.

Microsoft’s 2.2 percent gain on Friday lifted its market valuation to $2.49 trillion. Apple slid 1.9 percent, taking its market cap to $2.46 trillion.

Microsoft reported this week that its revenues soared in the third quarter, aided by a pandemic-fuelled surge in cloud computing resulting from a shift to remote working. The company’s quarterly revenue grew 22 percent, its largest gain since 2014.

Read 10 remaining paragraphs | Comments

#apple, #finance, #microsoft, #stock-market, #tech

Microsoft reports SIP-bypassing “Shrootless” vulnerability in macOS

The worm says, "I've got root!"

Enlarge / The worm says, “I’ve got root!” (credit: Andreus / Getty Images)

The Microsoft 365 Defender Research Team released a blog post yesterday describing a newly found macOS vulnerability that can abuse entitlement inheritance in macOS’s System Integrity Protection (SIP) to allow execution of arbitrary code with root-level privilege. The vulnerability is listed as CVE-2021-30892 and has been given the nickname “Shrootless.”

To explain how Shrootless works, we need to review how SIP functions. Introduced back in 2015 with OS X 10.11 El Capitan (and explained in detail on pages eight and nine of our review), SIP attempts to do away with an entire class of vulnerabilities (or at least neuter their effectiveness) by adding kernel-level protections against changing certain files on disk and certain processes in memory, even with root privilege. These protections are (more or less) inviolable unless one disables SIP, which cannot be done without rebooting into recovery mode and executing a terminal command.

The Shrootless exploit takes advantage of the fact that, while root privilege is no longer sufficient to change important system files, the kernel itself still can—and does—alter protected locations as needed. The most obvious example is when installing an application. Apple-signed application install packages have the ability to do things normally prohibited by SIP, and that’s where Shrootless slides in.

Read 5 remaining paragraphs | Comments

#apple, #macos, #microsoft, #tech, #vulnerability

Microsoft is “evaluating” right-to-repair options for Xbox and Surface devices

The Surface Pro 8's replaceable SSD.

Enlarge / The Surface Pro 8’s replaceable SSD. (credit: Andrew Cunningham)

Microsoft’s Xbox and Surface hardware may be getting easier to repair, according to a press release from shareholder advocacy nonprofit As You Sow. According to the announcement, Microsoft has agreed to evaluate and expand the repair options for its products “by the end of 2022.” Specifically, the company has agreed to:

  • Complete a third-party study evaluating the environmental and social impacts associated with increasing consumer access to repair and determine new mechanisms to increase access to repair, including for Surface devices and Xbox consoles
  • Expand the availability of certain parts and repair documentation beyond Microsoft’s Authorized Service Provider network
  • Initiate new mechanisms to enable and facilitate local repair options for consumers

These are all pretty vague guarantees, and they don’t mean that your next Xbox or Surface tablet will suddenly become fully user-serviceable. But the commitments do at least suggest that, long-term, it will be easier to get parts for these devices when they break, and it will be easier to find a shop that can make the repairs without needing to go directly to Microsoft. According to a report from Grist, a summary of the third-party study will be shared with the public by May of 2022.

Microsoft made the commitments in response to a June 2021 shareholder resolution from As You Sow, a nonprofit that “promote[s] environmental and social corporate responsibility through shareholder advocacy, coalition building, and innovative legal strategies.” We normally hear about “right to repair” in the context of state and federal legislation or executive orders, but those efforts have moved slowly in the face of legislative gridlock and industry opposition. Shareholder-driven initiatives like this one are a more direct, albeit piecemeal, way to address the problem in the meantime.

Read 1 remaining paragraphs | Comments

#microsoft, #policy, #right-to-repair, #tech

PoC exploit released for Azure AD brute-force bug—here’s what to do

PoC exploit released for Azure AD brute-force bug—here’s what to do

Enlarge (credit: Michael Dziedzic)

A public proof-of-concept (PoC) exploit has been released for the Microsoft Azure Active Directory credentials brute-forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute-forcing on vulnerable Azure servers. Although Microsoft had initially called the Autologon mechanism a “design” choice, it appears, the company is now working on a solution.

PoC script released on GitHub

Yesterday, a “password spraying” PoC exploit was published for the Azure Active Directory brute-forcing flaw on GitHub. The PowerShell script, just a little over 100 lines of code, is heavily based on previous work by Dr. Nestori Syynimaa, senior principal security researcher at Secureworks.

According to Secureworks’ Counter Threat Unit (CTU), exploiting the flaw, as in confirming users’ passwords via brute-forcing, is quite easy, as demonstrated by the PoC. But, organizations that use Conditional Access policies and multi-factor authentication (MFA) may benefit from blocking access to services via username/password authentication. “So, even when the threat actor is able to get [a] user’s password, they may not be [able to] use it to access the organisation’s data,” Syynimaa told Ars in an email interview.

Read 10 remaining paragraphs | Comments

#active-directory, #azure, #biz-it, #brute-force, #exploit, #microsoft, #poc, #tech, #vulnerability

New Azure Active Directory password brute-forcing flaw has no fix

New Azure Active Directory password brute-forcing flaw has no fix

Enlarge (credit: Michael Dziedzic)

Imagine having unlimited attempts to guess someone’s username and password without getting caught. That would make an ideal scenario for a stealthy threat actor—leaving server admins with little to no visibility into the attacker’s actions, let alone the possibility of blocking them.

A newly discovered bug in Microsoft Azure’s Active Directory (AD) implementation allows just that: single-factor brute-forcing of a user’s AD credentials. And, these attempts aren’t logged on to the server.

Invalid password, try again, and again…

In June this year, researchers at Secureworks Counter Threat Unit (CTU) discovered a flaw in the protocol used by Azure Active Directory Seamless Single Sign-On service.

Read 20 remaining paragraphs | Comments

#active-directory, #azure, #biz-it, #brute-force, #microsoft, #tech, #vulnerability, #zero-days

The Surface Duo’s two-year-old Android OS will be updated sometime this year

If Microsoft wants to be taken seriously as an Android manufacturer, one of the things it will need to establish is a track record of reliable, on-time software updates. But as the company launches a second generation of the Surface Duo and the company’s first Android phone turns a year old, so far Microsoft has failed to impress.

The Surface Duo 1 shipped in September 2020 with Android 10, which was a full year old at the time, and Android 11 had already launched. The hope was that Microsoft would quickly update the Duo to the latest version of Android, but that never happened. Today the device is still running Android 10, which is now two years old, and Android 12 is about to ship. Microsoft has finally broken its silence about Surface Duo 1 updates, and the company tells The Verge it plans to update the device to Android 11 “before the end of this year.”

Assuming Microsoft follows through on its promise, the company’s $1,400 flagship device will be updated from a two-year-old operating system to a one-year-old operating system. Microsoft committed to three years of updates, and it has been delivering monthly security updates. But this is still worst-in-class update support, especially for the price. Samsung usually rolls out Android to its latest flagship three months after Google’s release, while OnePlus usually takes around a month—Microsoft’s one-year timeframe is really bad.

Read 3 remaining paragraphs | Comments

#android, #microsoft, #surface-duo, #tech, #updates

Docs startup Almanac raises $34 million from Tiger as remote work shift hardens

As companies continue to delay their returns to the office and find temporary remote work policies becoming permanent, the startups building tooling for remote work-first cultures are finding a seemingly endless supply of customers.

“Companies are finding the shift to remote work is not a one-time aberration due to Covid,” Almanac CEO Adam Nathan tells TechCrunch. “Over the past several months we’ve seen pretty explosive revenue growth.”

Almanac, which builds a doc editor that takes feature cues like version control from developer platforms like Github, has been seizing on the shift to remote work, onboarding new customers through its open source office document library Core while pushing features that allow for easier onboarding like an online company handbook builder.

In the past couple years, timelines between funding rounds have been shrinking for fast-growing startups. Almanac announced its $9 million seed round earlier this year led by Floodgate, now they’re taking the wraps off of a $34 million Series A led by the pandemic’s most prolific startup investment powerhouse — Tiger Global. Floodgate again participated in the raise, alongside General Catalyst and a host of angels.

The company wants its collaborative doc editor to be the way more companies fully embrace online productivity software, leaving local-first document editors in the dust. While Alphabet’s G Suite is a rising presence in the office productivity suite world, Microsoft Office is still the market’s dominant force.

“We see ourselves as a generational challenger to Microsoft Office,” Nathan says. “It’s not only an old product, but it’s totally outmoded for what we do to today.”

While investors have backed plenty of startups based on pandemic era trends that have already seemed to fizzle out, the growing shift away from office culture or even hybrid culture towards full remote work has only grown more apparent as employees place a premium on jobs with flexible remote policies.

Major tech companies like Facebook have found themselves gradually adjusting policies towards full-remote work for staff that can do their jobs remotely. Meanwhile, Apple’s more aggressive return-to-office plan has prompted a rare outpouring of public and private criticism from employees at the company. Nathan only expects this divide to accelerate as more companies come tor grips with the shifting reality.

“I personally don’t believe that hybrid is a thing,” he says. “You have to pick a side, you’re either office culture or ‘cloud culture.’”

#almanac, #alphabet, #articles, #ceo, #cloud-computing, #economy, #general-catalyst, #github, #human-resource-management, #major, #microsoft, #onboarding, #productivity, #recruitment, #software, #startup-company, #startups, #telecommuting, #tiger-global