Microsoft has warned that all versions of Windows feature critical unpatched RCE vulnerabilities. The security problems stem from the Windows Adobe Type Manager Library, and relates to the parsing of fonts.
The company is working on a fix which will be released when the next Patch Tuesday rolls around -- but for Windows 7 users, despite the critical nature of the bugs, it is only those who have paid for an ESU licence that will get the security update. There is a bit of good news, however. While the vulnerability is yet to be patched, there is a workaround available that will do the job for the time being.
Microsoft's run of problematic updates for Windows 10 continues. This time an update is causing an issue that could have serious security implications for users -- it has broken Windows Defender.
While the Windows Defender security tool is included in Windows 7 and 8 the problem only affects Windows 10. Many people are finding that when they perform a virus scan, an error message is displayed that reads: "Items skipped during scan. The Windows Defender Antivirus scan skipped an item due to an exclusion or network scanning settings". For others, scans simply fail after a few moments.
Three-hundred-and-seventy-eight in a series. Welcome to this week's overview of the best apps, games and extensions released for Windows 10 on the Microsoft Store in the past seven days.
Windows 10 is installed on 1 billion devices, finally. In other news, Microsoft is pushing its services more aggressively via nag screens and Microsoft Edge (Chromium) users may now review and rate extensions in the official Store.
Microsoft recently announced that Windows 10 had hit the milestone of running on a billion devices. To mark this, the operating system team created a celebratory video. What's interesting about this video is the fact that it gives us a glimpse of new features coming to Windows 10, as well as changes to the UI.
We've already had a hint of the direction Microsoft is going in aesthetically with the roll-out of new icons, but this new video also shows off the redesigned Start menu, wider adoption of Fluid UI, and an updated version of File Explorer
The coronavirus pandemic is having all manner of consequences around the world, both predicted and unforeseen. With Google having announced that Chrome and Chrome OS will only be receiving security updates as a result of a revised development schedule, Microsoft has now announced that it is extending the end of service date for Windows 10 version 1709.
End of service for the Fall Creators Update was due on April 14 this year, but in light of the current public health situation the company now says that the date has been extended by six months to October 13. But the extension does not apply to all editions of Windows 10 version 1709.
The past few Windows 10 Insider builds haven’t been hugely exciting, but that’s probably no surprise given the state of the world at the moment and the number of people switching to working from home.
Today’s new Insider release for those on the Fast ring, Build 19587, is no exception, but it does come with a number of improvements and fixes.
Microsoft is no stranger to using nag screens to annoy Windows 10 users, and now the company is back to its old tricks again. After installing the latest batch of update for the operating system, users are being confronted with a full-screen "Get even more out of Windows" message.
The nag screen encourages users to investigate other Microsoft products such as Your Phone, Windows Hello, Office 365 and OneDrive. It's part of what Microsoft describes as "post-upgrade setup".
When Microsoft was preparing to launch Windows 10 back in 2015 it famously stated that it expected over 1 billion devices to be running the new OS within 2-3 years. For a variety of reasons -- most notably the dismal failure of its mobile aspirations -- that never happened.
But the OS has been gaining share at a steady rate, and today the software giant announces that Windows 10 has, five years later, finally hit the coveted 1 billion milestone.
Microsoft has announced that not only is Windows Subsystem for Linux -- or WSL 2 as it's also known -- soon going to be generally available in Windows 10 version 2004, but also that the Linux kernel will be updated though Windows Update.
The new approach comes as Microsoft removes the Linux kernel from the Windows OS image. The change in update delivery will enable Microsoft to push out updates faster than before, and eliminates the need to user interaction.
Three-hundred-and-seventy-seven in a series. Welcome to this week's overview of the best apps, games and extensions released for Windows 10 on the Microsoft Store in the past seven days.
Earlier this week, Microsoft inadvertently released details of a critical vulnerability in the SMBv3 protocol in Windows 10 and Windows Server. While there was no fix available at the time, the company did provide suggestions about how to mitigate against attacks.
With the information out in the wild, Microsoft was under pressure to get a patch released to customers -- and now it has managed to produce such a fix. KB4551762 is an emergency patch for the CVE-2020-0796 vulnerability, and users are advised to install it as soon as possible.
Microsoft, like many other tech firms, is encouraging its employees to work from home as the Novel Coronavirus (COVID-19) continues to spread across the world. It’s still business as usual for the Windows team though, as they roll out a new Windows 10 build for those Insiders on the Fast ring.
Build 19582 mostly focuses on fixes and improvements, although it also comes with a major update to the Eye Control settings.
But what if you want an older version of Windows 10, or one of the many Windows Insider builds? Or what if you want a copy of Windows 7 or 8.1, or a copy of Microsoft Office? We have the answer.
Having inadvertently revealed details of an unpatched security flaw, Microsoft published an advisory that provides details on a recently detected vulnerability in the SMBv3 (Server Message Block) protocol. Attackers who exploit the issue successfully "gain the ability to execute code on the target SMB Server or SMB Client" according to Microsoft's disclosure.
Attacks against SMB Servers use a specially crafted packet that is sent to the target. Attacks against SMB Clients are more complicated as it is required to configure a malicious SMBv3 Server and get users to connect to it.
Patch Tuesday is supposed to be the day Microsoft issues bug-fixing updates for Windows and other software, but this week things were a little different. In addition to the usual patches, the company also inadvertently revealed the existence of a critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol -- one for which there is currently no patch.
It seems that Microsoft had intended to issue a patch to the vulnerability (CVE-2020-0796) yesterday, and therefore referenced it in the introductory text for the Patch Tuesday release, but then changed its mind -- perhaps because the patch was not ready. Two cybersecurity firms also published brief details of the security flaw, and while Microsoft is still yet to issue a patch, the company has provided details of workarounds.