Windows PCs

Microsoft on Friday took the unprecedented step of issuing patches for long-demoted versions of Windows, including Windows XP, to immunize PCs from fast-spreading ransomware that has crippled machines worldwide.

To stymie “WannaCrypt” attacks — which encrypted files on thousands of PCs used by the U.K.’s National Health Service (NHS), causing chaos in many hospitals — Microsoft published patches for Windows XP, Windows 8 and Windows Server 2003. All had been retired from support: Windows XP in April 2014, Windows 8 in June 2016, Windows Server in July 2015.

“We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003,” said Phillip Misner, a principal security group manager at the Microsoft Security Response Center (MSRM), in a post to a company blog late Friday.

To read this article in full or to leave a comment, please click here

A Microsoft manager this week offered IT administrators a way to replicate — in a fashion — the security bulletins the company discarded last month.

“If you want a report summarizing today’s #MSRC security bulletins, here’s a script that uses the MSRC Portal API,” John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter.

Lambert’s tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new API (application programming interface). Microsoft made the API available in November when it first announced that it planned to axe the security bulletins it had issued since at least 1998.

To read this article in full or to leave a comment, please click here

For this May Microsoft Patch Tuesday, we see Microsoft attempt to resolve 56 reported vulnerabilities in Microsoft Office, Windows, both Browsers and the .NET development platform.

Three of the vulnerabilities have been reported publicly and several have been actively exploited. Adding to an already serious situation, Microsoft’s anti-malware tool was compromised, resulting in the inadvertent deployment of malware through the anti-malware engine.

Microsoft responded very quickly with an out-of-band update (Security Advisory 4022344). Though there was general relief and kudos to Microsoft for their rapid response to this embarrassing episode, this bug was described as the “worst in recent memory” and as “crazy bad” by two of the lead researchers from Google’s Project Zero.

To read this article in full or to leave a comment, please click here

Microsoft today asked enterprise customers to test a new anti-malware, anti-exploit technology in Windows 10’s baked-in browser.

Windows 10’s latest preview, tagged as build 16188 and released Thursday, includes Windows Defender Application Guard, a virtualization-based feature that isolates the contents of a tab in Edge, the OS’s default browser, from the rest of the system.

While Application Guard was announced in September, and went through limited testing in the months since, today marked its first appearance to all Insiders running Windows 10 Enterprise. Users must manually toggle on Application Guard from a setting dialog, then open a tab within Edge by selecting “New Application Guard Window” from the browser’s menu.

To read this article in full or to leave a comment, please click here

An anonymous developer has published a patch that negates Microsoft’s barring of security updates from Windows 7 and 8.1 PCs equipped with the very newest processors.

The developer, identified as “Zeffy,” posted the patch and accompanying documentation on GitHub, the code repository.

“I was inspired to look into these new rollup updates that Microsoft released on March 16 [after reading about the processor-related blocking of Windows Update],” wrote Zeffy. “[That was] essentially a giant middle finger to anyone who dare not ‘upgrade’ to the steaming pile of garbage known as Windows 10.”

To read this article in full or to leave a comment, please click here