Category Archives: Windows

Windows 10 preview brings Android phone calls to your PC

Windows 10's Your Phone calling support is finally here, provided you're willing to live life on the edge. Microsoft has released a Windows 10 Insider Preview for Fast ring testers that adds the ability to take and start calls from your PC. You'll…

Just Make All The Window Switches One-Touch

Is there anything more annoying than holding a button down for several seconds while your windows roll down? Sure, plenty. But this is a small problem that’d be easy to solve.

Read more…

Here’s everything Microsoft announced at its Surface event

Microsoft held its annual Surface event today, but you definitely couldn't call it a by-the-numbers presentation. The tech veteran unveiled a flood of new devices, and updates to its existing Surface Laptop and Surface Pro lines were really just the…

We’re live at Microsoft’s Surface event!

We're kicking off another October full of anticipated gadget launches with Microsoft's Surface event, which is happening at 10AM Eastern today. Because no company is immune to the leak plague, we already know a lot about what to expect from Microsoft…

What we hope to see at Microsoft’s Surface event

Like clockwork, Microsoft is gearing up to announce its latest batch of Surface devices tomorrow. We've already gotten a preview of some hardware, thanks to a recent leak: it looks like there's a new Surface Pro, a sleeker ARM-based Surface and a new…

IE zeroday under active attack gets emergency patch

Close-up photo of police-style caution tape stretched across an out-of-focus background.

Enlarge (credit: Michael Theis / Flickr)

Microsoft has released two unscheduled security updates, one of which patches a critical Internet Explorer vulnerability that attackers are actively exploiting in the wild.

The IE vulnerability, tracked as CVE-2019-1367, is a remote code execution flaw in the way that Microsoft’s scripting engine handles objects in memory in IE. The vulnerability was found by Clément Lecigne of Google’s Threat Analysis Group, which is the same group that recently detected an advanced hacking campaign that targeted iPhone users. Researchers from security firm Volexity later said the the attackers behind the campaign also targeted users of Windows and Android devices. It’s not clear if the IE vulnerabilities Microsoft is fixing now have any connection to that campaign.

Monday’s advisory said attackers could exploit the vulnerability by luring targets to use IE to visit a booby-trapped website.

Read 5 remaining paragraphs | Comments

Bethesda says sorry to ‘Fallout 76′ players with free games

Bethesda is continuing its apology tour of sorts for Fallout 76's rough state on launch, and this time you don't need to have spent a lot to receive compensation. The developer is promising a free copy of Fallout Classics Collection (1, 2 and Tactic…

Microsoft issues emergency update to fix critical IE flaw under active exploit

Microsoft issues emergency update to fix critical IE flaw under active exploit

Enlarge (credit: Microsoft)

Microsoft has issued an emergency update that fixes a critical Internet Explorer vulnerability that attackers are actively exploiting on the Internet.

The memory-corruption flaw allows attackers to remotely execute malicious code when computers use IE to visit a booby-trapped website, Microsoft said Wednesday. Indexed as CVE-2018-8653, the flaw affects all supported versions of Windows. The vulnerability involves the way Microsoft’s scripting engine handles objects in memory in Internet Explorer.

In a separate advisory, Microsoft said the vulnerability is being used in targeted attacks, but the company didn’t elaborate. Microsoft credited Clement Lecigne of Google’s Threat Analysis Group with discovering the vulnerability. No other details were available about the vulnerability or exploits at the time this post was being reported.

Read 1 remaining paragraphs | Comments

Microsoft unveils Windows Sandbox: Run any app in a disposable virtual machine

Microsoft unveils Windows Sandbox: Run any app in a disposable virtual machine

Enlarge (credit: F Delventhal)

A few months ago, Microsoft let slip a forthcoming Windows 10 feature that was, at the time, called InPrivate Desktop: a lightweight virtual machine for running untrusted applications in an isolated environment. That feature has now been officially announced with a new name, Windows Sandbox.

Windows 10 already uses virtual machines to increase isolation between certain components and protect the operating system. These VMs have been used in a few different ways. Since its initial release, for example, suitably configured systems have used a small virtual machine running alongside the main operating system to host portions of LSASS. LSASS is a critical Windows subsystem that, among other things, knows various secrets, such as password hashes, encryption keys, and Kerberos tickets. Here, the VM is used to protect LSASS from hacking tools such that even if the base operating system is compromised, these critical secrets might be kept safe.

In the other direction, Microsoft added the ability to run Edge tabs within a virtual machine to reduce the risk of compromise when visiting a hostile website. The goal here is the opposite of the LSASS virtual machine—it’s designed to stop anything nasty from breaking out of the virtual machine and contaminating the main operating system, rather than preventing an already contaminated main operating system from breaking into the virtual machine.

Read 8 remaining paragraphs | Comments

The Windows 10 October 2018 Update is now fully available—for “advanced” users

Who doesn't love some new Windows?

Enlarge / Who doesn’t love some new Windows? (credit: Peter Bright / Flickr)

The Windows 10 October 2018 Update, version 1809, continues to limp out of the door. While the data-loss bug that saw its release entirely halted has been fixed, other blocking issues have restricted its rollout. It has so far only been available to those who manually check Windows Update for updates, and even there, Microsoft has restricted the speed at which it’s distributed.

This particular speed bump has now been removed, and manual checking for updates is now unthrottled. That means a manual check for updates will kick off the update process so long as your system isn’t actively blacklisted (and there are a few outstanding incompatibilities that mean it could be).

Microsoft is saying that this upgrade route is for “advanced” users. Everyone else should wait for the fully automatic deployment, which doesn’t seem to have started yet. That’ll have its own set of throttles and perhaps even new blacklists if further problems are detected. A number of the remaining compatibility problems are more likely to strike corporate users, as they involve corporate VPN and security software. Companies will need to apply the relevant patches for the third-party applications before they can roll out the Windows 10 update.

Read 1 remaining paragraphs | Comments