Category Archives: Microsoft

Microsoft bringing EMET back as a built-in part of Windows 10

Enlarge / The new security analytics dashboard. (credit: Microsoft)

The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard.

Microsoft's EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques—some built in to Windows, some part of EMET itself—to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible.

With Windows 10, however, EMET's development was essentially cancelled. Although Microsoft made sure the program ran on Windows 10, the company said that EMET was superfluous on its latest operating system. Some protections formerly provided by EMET had been built into the core operating system itself, and Windows 10 offered additional protections far beyond the scope of what EMET could do.

Read 6 remaining paragraphs | Comments

Box deepens partnership with Microsoft and turns its attention to AI and machine learning

Box and Microsoft logos When I spoke to Box CEO Aaron Levie last year at the Boxworks customer conference, I had to ask the obligatory machine learning question. Surely Box was of sufficient size with enough data running through its systems to take advantage of machine learning. All he would say was they were thinking about it. Today, the company announced a deepening relationship with Microsoft in which Box will… Read More

Microsoft looks to the cloud to make Windows 10 safer for enterprise users

 We already knew that the next version of Windows 10, the Fall Creators Update, will feature a large number of new tools for consumers. While it was always clear that business users would also get their fair share of updates, Microsoft remained pretty quiet about what those would look like. That’s changing this week, as the company today announced a number of new security features for… Read More

Latest high-severity flaw in Windows Defender highlights the dark side of AV

(credit: Microsoft)

Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine. The vulnerability could have allowed attackers to execute malicious code by luring users to a booby-trapped website or attaching a booby-trapped file to an e-mail or instant message.

A targeted user who had real-time protection turned on wasn't required to click on the booby-trapped file or take any other action other than visit the malicious website or receive the malicious e-mail or instant message. Even when real-time protection was off, malicious files would be executed shortly after a scheduled scan started. The ease was the result of the vulnerable x86 emulator not being protected by a security sandbox and being remotely accessible to attackers by design. That's according to Tavis Ormandy, the Google Project Zero researcher who discovered the vulnerability and explained it in a report published Friday.

Ormandy said he identified the flaw almost immediately after developing a fuzzer for the Windows Defender component. Fuzzing is a software testing technique that locates bugs by subjecting an application to corrupted data and other types of malformed or otherwise unexpected input.

Read 6 remaining paragraphs | Comments

Skylake, Kaby Lake chips have a crash bug with hyperthreading enabled

Enlarge / A Kaby Lake desktop CPU, not that you can tell the difference in a press shot. (credit: Intel)

Under certain conditions, systems with Skylake or Kaby Lake processors can crash due to a bug that occurs when hyperthreading is enabled. Intel has fixed the bug in a microcode update, but until and unless you install the update, the recommendation is that hyperthreading be disabled in the system firmware.

All Skylake and Kaby Lake processors appear to be affected, with one exception. While the brand-new Skylake-X chips still contain the flaw, their Kaby Lake X counterparts are listed by Intel as being fixed and unaffected.

Systems with the bad hardware will need the microcode fix. The fix appears to have been published back in May, but, as is common with such fixes, there was little to no fanfare around the release. The nature of the flaw and the fact that it has been addressed only came to light this weekend courtesy of a notification from the Debian Linux distribution. This lack of publicity is in spite of all the bug reports pointing to the issue—albeit weird, hard-to-pin-down bug reports, with code that doesn't crash every single time.

Read 6 remaining paragraphs | Comments

32TB of Windows 10 beta builds, driver source code leaked [Updated]

Enlarge (credit: Rural Learning Center)

32TB of unreleased, private Windows 10 builds, along with source code for certain parts of the driver stack, have been leaked to BetaArchive, reports The Register.

The dump appears to contain a number of Windows 10 builds from the development of codenamed Redstone 2. Redstone 2 was released earlier this year, branded as the Creators Update.

Some of these builds are said to include private debug symbols. Microsoft routinely releases debug symbols for Windows; the symbols contain additional information not found in the compiled Windows binaries that helps software developers identify which functions their code is calling. The symbols normally released are public symbols; while they identify many (though not all) functions and data structures, they don't contain information about each function's variables or parameters. The private symbols, in contrast, contain much more extensive information, giving much more insight into what each piece of code is doing and how it's doing it.

Read 5 remaining paragraphs | Comments

Windows 10 S‘ security brought down by, of course, Word macros

Enlarge / The Windows 10 S default wallpaper is a rather attractive simplified version of the Windows 10 default wallpaper. (credit: Microsoft)

The major premise justifying Windows 10 S, the new variant of Windows 10 that can only install and run applications from the Windows Store, is that by enforcing such a restriction, Windows 10 S can—like iOS and Chrome OS—offer greater robustness and consistency than regular Windows. For example, as Microsoft has recently written, apps from the Windows Store can't include unwanted malicious software within their installers, eliminating the bundled spyware that has been a regular part of the Windows software ecosystem.

If Windows 10 S can indeed provide much stronger protection against bad actors—both external ones trying to hack and compromise PCs and internal ones, such as schoolkids—then its restrictions represent a reasonable trade-off. The downside is that you can't run arbitrary Windows software; the upside is that you can't run arbitrary Windows malware. That might not be the right trade-off for every Windows user, but it's almost surely the right one for some.

But if that protection is flawed—if the bad guys can somehow circumvent it—then the value of Windows 10 S is substantially undermined. The downside for typical users will remain, as there still won't be any easy and straightforward way to install and run arbitrary Windows software. But the upside, the protection against malware, will evaporate.

Read 16 remaining paragraphs | Comments

Watch this guy play Super Mario Bros. IRL in Central Park using HoloLens

 Super Mario Bros. is iconic, so it’s a natural target for augmented reality development, where everything nostalgic is new again. This demo, created by Abhishek Singh, really is amazing, however. Singh recreated the first level of Super Mario Bros. as an augmented reality game on Microsoft HoloLens, giving himself a first-person perspective into a unique 3D look inside the classic… Read More

Check Point says Fireball malware hit 250 million; Microsoft says no

Enlarge (credit: Corinne Kuhlmann)

Microsoft sparked a curious squabble over malware discovery and infection rates. At the start of the month security firm Check Point reported on a browser hijacker and malware downloader called Fireball. The firm claimed that it had recently discovered the Chinese malware and that it had infected some 250 million systems.

Today, Microsoft said no. Redmond claimed that actually, far from being a recent discovery, it had been tracking Fireball since 2015 and that the number of infected systems was far lower (though still substantial) at perhaps 40 million.

The two companies do agree on some details. They say that the Fireball hijacker/downloader is spread through being bundled with programs that users are installing deliberately. Microsoft further adds that these installations are often media and apps of "dubious origin" such as pirated software and keygens. Check Point says that the software was developed by a Chinese digital marketing firm named Rafotech and fingers similar installation vectors; it piggy backs on (legitimate) Rafotech software and may also be spread through spam, other malware, and other (non-Rafotech) freeware.

Read 5 remaining paragraphs | Comments

After three days, Skype’s outage is resolved

 After three days of connectivity issues which prevented some Skype users from being able to log in, make calls, or send and receive messages, the company says it has now fully resolved the problem. What it isn’t saying – at least not yet – is what exactly happened. Microsoft’s decision to stay silent on an incident of this length and scale – the outage impacted… Read More