Microsoft Issues Fix for Internet Explorer Zero Day

Posted on

A new Microsoft patch is available for Windows systems that fixes a security issue in it’s Internet browser Internet Explorer. Patches are available for Windows 7 to Windows 10, as well as Server 2008 and 2019. For users with Windows Update, you should already be covered. If you’re using Windows 10, you can force it to check for updates by going to Start > Settings > Update & Security > Windows Update and click Check for Updates.

Make sure to get your systems patched ASAP to avoid this issue. The exploit is already being used in the wild.

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Windows 10 Build 18305 Released to Fast Ring

Posted on

The latest build of Windows 10 19H1 for the fast ring has been released, build 18305. A lot of new features, some fixes, and more known issues that might be a show stopper. Grab it while it’s hot!

Check out the new simplified Start Menu:

Known issues

  • The hyperlink colors need to be refined in Dark Mode in Sticky Notes if the Insights are enabled.

  • The Windows Security app may show an unknown status for the Virus & threat protection area, or not refresh properly. This may occur after upgrade, restart, or settings changes.

  • The cmimanageworker.exe process may hang, causing system slowness or higher than normal CPU usage. This can be bypassed by rebooting the machine if it occurs.

  • Launching games that use BattlEye anti-cheat will trigger a bug check (green screen) – we’re investigating.

  • USB printers may appear twice in the Devices and Printers under Control Panel. Reinstalling the printer will resolve the issue.

  • We’re investigating an issue where clicking your account in Cortana Permissions isn’t bringing up the UI to sign out from Cortana (if you were already signed in) for some users in this build.

  • If you’re using Hyper-V and have added an external vSwitch in addition to the default, many UWP apps won’t be able to connect to the internet. Removing the additional vSwitch will resolve this.

  • The Task Scheduler UI may appear blank even though there are scheduled tasks. For now, you’ll need to use the command line if you want to see them.

  • Creative X-Fi sound cards are not functioning properly. We are partnering with Creative to resolve this issue.

  • When attempting to update to build 18305 some S Mode devices will download and restart, but fail the update.

New Windows Sandbox feature in Windows 10 Pro & Enterprise

Posted on

Microsoft Windows Pro & Enterprise editions have a great new feature available – Windows Sandbox. An isolated desktop environment that you can use to run untrusted software that you can dispose of after testing. You always have a clean install to test software, and it’s wiped clean after running. There are quite a few use cases for this feature, and will come in very useful for IT professionals, software testing, security professionals, or just the average user on the higher editions of Windows wanting to play around without affecting their host OS.

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

Microsoft Patent Shows New Wearable

Posted on

Microsoft had a quick entry and exit with their last wearable device – the Microsoft Band. It was a great device, but the support from Microsoft was lacking and the quick drop from their lineup was swift. They seem to be wanting to get back into the wearable market in some form. Microsoft has submitted a patent to the USPTO (PDF here) for a new haptic feedback wearable device, which would give physical stimuli to the wearer for certain actions (pressing buttons on a controller, for example).

“Haptic stimulation systems apply forces or vibrations to stimulate a user’s sense of touch. Touch-screen devices may use haptic feedback to indicate key presses to a user; games controllers may use haptic feedback to increase video game immersion (e.g. by vibrating in response to a collision or explosion within a video game) and smart watches may use haptic feedback to provide silent alerts to the wearer,” Microsoft explains.


People Bar May be Depreciated

Posted on

According to a Twitter user, Albacore, the People Bar in Windows 10 may be making an exit. Some used the People Bar and found it very useful, while many others (myself included) turned it off. It wasn’t a bad idea, it just wasn’t useful for me at home or at work.

In the end, though, Microsoft has the metrics to show how used it was and if it was something that just didn’t justify the engineering manpower to maintain it.


What Makes Microsoft Tick?

Posted on

Mary Jo Foley asked the question “What Makes Microsoft Tick?“. It’s undeniable that Microsoft has improved by leaps and bounds since Satya Nadella took the reigns from Steve Ballmer in 2014. They’ve changed internally and how they interact with the end users to their product lineup. Another big thing that’s changed is how they treat the competition. No longer are they the enemy that must be squashed by any means necessary, but another market to leverage. It’s a friendlier, more approachable Microsoft.

Her article is a good read with a lot of excellent points. While Nadella has killed some great products, he has the internal insight to see what is successful and what is not as well as the deeper analytics of market trends. I’m definitely looking forward to what’s in the future for this “new” Microsoft under Nadella. It’s been almost 5 years, and it’s been great so far (and the stock agrees with that).

Since Satya Nadella took the CEO spot almost five years ago, it’s been hard to avoid reading about Microsoft’s new mission statement: Empower every person and every organization on the planet to achieve more. But many underestimate how this sappy-sounding tagline plays into how Microsoft operates these days.

Microsoft Edge to use Chromium Engine

Posted on

Microsoft has been making some waves in the open source movement the past few years and are now moving forward with integrating some of that into some of their mainstream products. Google’s Chrome browser has become an almost standard these days, and Microsoft is going to adopt the Chromium engine as part of their Edge browser. Will this bring more market share to the struggling browser?

Ultimately, we want to make the web experience better for many different audiences. People using Microsoft Edge (and potentially other browsers) will experience improved compatibility with all web sites, while getting the best-possible battery life and hardware integration on all kinds of Windows devices. Web developers will have a less-fragmented web platform to test their sites against, ensuring that there are fewer problems and increased satisfaction for users of their sites; and because we’ll continue to provide the Microsoft Edge service-driven understanding of legacy IE-only sites, Corporate IT will have improved compatibility for both old and new web apps in the browser that comes with Windows.

Windows 10 Build 18298 Available for Fast Ring

Posted on

The Windows Insider team has released build 18298 to the Fast Ring. Some new features, a lot of fixes, and a few issues. Make sure to check out the known issues before updating to avoid any show stoppers!

Known issues

  • The hyperlink colors need to be refined in Dark Mode in Sticky Notes if the Insights are enabled.

  • Settings crashes when clicking on the “View storage usage on other drives” option under System > Storage.

  • The Windows Security app may show an unknown status for the Virus & threat protection area, or not refresh properly. This may occur after upgrade, restart, or settings changes.

  • Delete previous version of Windows in Configure Storage Sense is not selectable.

  • Settings will crash when opening Speech Settings.

  • The cmimanageworker.exe process may hang causing system slowness or higher than normal CPU usage. This can be bypassed by rebooting the machine if it occurs.

  • Launching games that use BattlEye anti-cheat will trigger a bug check (green screen) – we’re investigating.

Build 18290 Released to Fast Ring

Posted on

The Windows Insider team has released build 18290 to the Fast Ring. A few new features, but a few good notes to pay attention to this time. First, these builds do have an expiration date, so make sure to keep your Insider builds updated. Next, the upcoming Bug Bash for the 19H1 release is coming up January 11th-20th. Always a fun time to do quests and share your input. As usual, check out the release notes and known issues to make sure there isn’t a show stopper in there for you.

As pre-release software, Insider Preview builds have a built-in expiration date that we call a “timebomb”. This has been included ever since the first Windows 10 Insider Preview build and helps ensure Insiders stay up to date with the latest features and quality updates. Once a build expires, Insiders will be provided a warning that the build has expired and will get that warning once a day. In addition to that, Insiders will also see User Access Control (UAC) warnings as well. Insiders in both the Fast and Slow rings need to make sure they are running the latest builds offered to those rings. Insiders in the Fast ring need to make sure they take the update to 19H1 Build 18290 (today’s flight) in order to avoid hitting the timebomb set to Dec. 14th . Additionally, Insiders who used ISO for Build 18272 also need to take the Build 18290 flight to avoid hitting the timebomb. We will be removing these ISOs from the download page shortly. Insiders in the Slow ring running older builds need to update to Build 17763 (the final build for the October 2018 Update) to avoid hitting the timebomb in older RS5 builds. Insiders can check their flight settings and verify they have the latest builds by going to Settings > Update & Security > Windows Insider Program.

Build 17751 Released to Fast Ring

Posted on

The Insiders team has released build 17751 to the fast ring today. Some sites have said that this is the final build, but as Brandon LeBlanc has said via Twitter and this blog post :

  • The build watermark at the lower right-hand corner of the desktop is no longer present in this build. This does not mean this is the final build as we are not done yet. We’re just now beginning the phase of checking in final code to prepare for the final release.

So, we are getting close to the final release to consumer for this latest update, but this build it not quite there yet. As usual, it’s ready when it’s ready. So, what’s the official name of this update? Creators Update, Spring Update, etc.? Just called “Windows 10 October 2018 Update”.  Simple and sweet.

Just a few small known issues this build. Make sure they won’t affect you too much before you update!

Known issues

  • When you use the Ease of Access Make Text bigger setting, you might see text clipping issues, or find that text is not increasing in size everywhere.

  • Narrator sometimes does not read in the Settings app when you navigate using Tab and arrow keys. Try switching to Narrator Scan mode temporarily. And when you turn Scan mode off again, Narrator will now read when you navigate using Tab and arrows key. Alternatively, you can restart Narrator to work around this issue.

  • Clicking on web links in PWAs such as Twitter doesn’t open the browser in this build. We’re working on a fix.