|
|
نوشته شده توسط : jiajiasnow
Despite Microsoft publishing this month's Patch Tuesday fixes on October 13, the organization has published two more emergency updates on October 15, this time in an attempt to resolve remote code execution vulnerabilities hitting the Windows Codecs Library and Visual Studio Code.
Among the first to announce the supply of the new updates was the United States Department of Homeland Security's CISA, which published an advisory on its website to recommend administrators to patch their devices as quickly as possible.
"Microsoft has released security updates to deal with remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An assailant could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft security advisories for CVE-2020-17022 and CVE-2020-17023 and apply the necessary updates," CISA said.
The brand new out-of-band CVEs authored by Microsoft on October 15 are theTo begin with, the RCE flaw affecting the Windows Codecs Library.
Microsoft warns that the attacker would need to convince a potential victim using an unpatched system to spread out a specially crafted image file. When this happens, the attacker may ultimately have the ability to run arbitrary code, what exactly the patch does is resolve the way the library handles objects in memory.
The vulnerability affects all Windows 10 versions on the market, including version 2004, or May 2020 Update. It's received an essential severity rating.
"A remote code execution vulnerability exists in the manner that Microsoft Windows Codecs Library handles objects in memory. An assailant who successfully exploited the vulnerability could execute arbitrary code. Exploitation from the vulnerability mandates that a course process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory," Microsoft explains in its advisory.
And then, it's the Visual Studio vulnerability.
Microsoft explains that the successful attack needs a malicious actor to convince the target to clone a repository after which open it in Visual Studio Code. Although this is obviously a far more complex attack, if the pre-requires are met, the attacker would be able to manage an unpatched system once the malicious package.json file is launched.
The out-of-band patch resolves the vulnerability by simply modifying how Visual Studio Code handles JSON files, Microsoft explains.
"A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An assailant who successfully exploited the vulnerability could run arbitrary code poor the present user. If the current user is logged on with administrative user rights, an attacker might take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the company notes.
Similar to the other vulnerability, the Visual Studio Code has been given an important severity rating.
The good news is that both security flaws happen to be privately disclosed, and Microsoft confirmed that it's not aware of any active exploits happening within the wild. So at the end of the day, it's a good thing that Microsoft released the brand new patches so fast, because this way users can be sure they are protected should any malicious actor attempt to exploit the 2 vulnerabilities.
Obviously, all users are suggested to install the most recent patches as soon as possible on all their devices.
:: بازدید از این مطلب : 402
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : چهار شنبه 30 مهر 1399 |
نظرات ()
|
|
نوشته شده توسط : jiajiasnow
Microsoft just released a brand new Windows 10 preview build for users within the Beta and Release Preview channels.
Windows 10 build 19042.572 ships as cumulative update KB4579311, also it obviously comes with only performance improvements and bug fixes with no new features.
Because it lands on a Patch Tuesday, the new build also includes security fixes, with Microsoft saying that it resolved a potential elevation of privilege in the win32k component. At the same time, there's a treatment for an insect affecting how null ports are created with the user interface.
Additionally, this build includes "security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Authentication, Windows Virtualization, and Windows Kernel," as Microsoft explains.
And last but not least, there are improvements for the Group Policy service, because the software giant itself says today.
"We fixed an issue with the Group Policy service that might recursively delete critical files in alphabetic order from %systemroot%\systm32. This issue occurs when a policy has been configured to delete cached profiles. These file deletions might cause stop error "0x5A (CRITICAL_SERVICE_FAILED)" boot failures," the Redmond-based firm says.
Hello, Windows 10 October 2020 Update!
Windows 10 October 2020 Update, previously called version 20H2, has already reached the ultimate development stage, and Microsoft has shipped the final build to users in the Windows Insider program.
So far as the rollout to production devices is worried, Microsoft will probably begin the discharge later this month, and also the whole thing may happen in phases. Quite simply, not everybody will receive the new update on the first day, included in an approach that Microsoft ways to use every new feature update.
Windows 10 October 2020 Update, however, won't be a massive update, as it's more of a service pack with small improvements underneath the hood.
:: بازدید از این مطلب : 289
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : دو شنبه 28 مهر 1399 |
نظرات ()
|
|
نوشته شده توسط : jiajiasnow
We've noted for some time that Pinterest integration is coming to the all-new Microsoft Edge browser, and now it looks like the rollout is finished and all users can give it a try on their own devices.
The brand new feature further enhances the Collections features, allowing users to add content from Pinterest after which export the data right to their accounts.
"Pinners using Microsoft Edge can opt-in to determine suggestions from Pinterest that are related to their collection. Hitting an indicator will open a board of similar, trending Pins so you can continue discovering Pins related to the subject," Pinterest announced.
Microsoft has been pushing difficult to make the new Edge a more advanced browser in this regard, and the Pinterest integration comes at the right time, a minimum of based on the company itself. New feature lands just in time for the holiday season
This is because holiday planning, with such things as shopping lists and meal recipes around the agenda, would soon be a trending activity, so Microsoft really wants to make sure that its users can usually benefit from this new integration in the Chromium-powered browser.
"We believe people should be expecting more using their browser," said Liat Ben-Zur, corporate vice president at Microsoft. "I love using Pinterest suggestions in Microsoft Edge to find out content that inspires me for the holidays. From holiday party planning to collecting meal recipes, to making my gift-giving grocery list, Microsoft Edge + Pinterest can help everyone find fun and creative projects to help you stick out."
The new feature isn't exclusive to Windows 10, and it's all thanks to the new Edge now being a cross-platform browser. The migration to Chromium allowed Microsoft to grow Edge beyond the realm of Windows 10, so the app has become survive Windows 7, Windows 8, Windows 8.1, and macOS too. A Linux version is also in the works, and a preview is expected this month.
:: بازدید از این مطلب : 314
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : جمعه 25 مهر 1399 |
نظرات ()
|
|
نوشته شده توسط : jiajiasnow
Microsoft and HP been employed by together to produce a brand new update that's specifically aimed to deal with a configuration settings issue on devices launched by PC the producer.
The new update is KB4583263 and just what it does is check the BIOS settings to find out if the HP Battery Health Manager is disabled.
Specifically targeted at business PCs, this update then enables the feature using the recommended setting of Let HP Manage My Battery Charging, which based on the parent company, should help optimize battery charging according to your usage patterns, essentially being able to boost the lifetime of your battery health and life.
What's important to know is the fact that on devices where the feature isn't available in the BIOS, no change has been made. HP recommends users to update their BIOS to obtain the battery optimization system, and only then your new update will do its job. Windows update KB4583263 doesn't update the BIOS.
"When the feature was initially introduced, customers had to manually enable HP Battery Health Manager towards the recommended setting of Let HP Manage My Battery Health. As usage patterns for business notebooks have changed with time, HP has updated HP Battery Health Manager with new and improved charging algorithms. This makes it more efficient at mitigating those factors that can accelerate battery swelling and chemical aging. HP is dealing with Microsoft to provide an HP means to fix enable this setting on select HP business notebooks which means you do not have to enable it manually," HP explains in a tech support document.
As BornCity notes, the brand new update is available for the following Windows 10 versions:
Windows 10 version 1809 Windows 10 version 1903 Windows 10 version 1909 Windows 10 version 2004
According to HP, the aforementioned profile for that battery charging optimization software helps prevent damages like battery swelling. If the BIOS is protected having a password, Windows Update is unable to install the update, then you need to disable this security feature prior to being in a position to deploy KB4583263.
"Let HP Manage My Battery Charging is the minimum recommended setting for HP Battery Health Manager on all HP business notebooks. This setting helps optimize battery health over time. Disabling HP Battery Health Manager results in accelerated battery swelling and chemical aging of the notebook battery and isn't recommended. To disable HP Battery Health Manager, select Maximize My Battery Duration because the default setting," HP says in the advisory.
Not every HP laptops are getting this update, and you may browse the full list within the box embedded at the end of the content. Keep in mind that the BIOS must offer the battery management software to receive the update and also the device should be running among the aforementioned Windows 10 versions.
On the other hand, it's worthwhile to learn that Windows 10 version 2004 isn't yet on all HP computers. Microsoft started the rollout of Windows 10 version 2004, or May 2020 Update, in May this year, and the event happened in phases, but the general availability is yet to be reached.
Meanwhile, Microsoft has finalized the work on another Windows 10 version. Windows 10 October 2020 Update, or Windows 10 version 20H2, is projected to be released towards the first wave of production devices as soon as this month, because the company has shipped the final build to users enrolled in the Windows Insider program.
This new version, however, includes fewer changes, in mind has been mostly on underneath the hood improvements and optimizations.
:: بازدید از این مطلب : 333
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : چهار شنبه 23 مهر 1399 |
نظرات ()
|
|
نوشته شده توسط : jiajiasnow
Microsoft has released new Microsoft Defender updates for Windows installation images in order to keep clients protected against the beginning.
The new update, which may be used for installation images of Microsoft's latest os's, are specially targeted at Windows 10 Home, Windows 10 Pro, and Windows 10 Enterprise, Windows Server 2016, and Windows Server 2019.
"Initial hours of newly installed Windows OS deployments can experience Microsoft Defender protection gap, as the installation OS images could have outdated Anti-Malware Software binaries. These units will stay under protected until the first Anti-Malware software update finishes. Regular servicing of OS installation images to update Microsoft Defender binaries minimizes this protection gap in new deployments," Microsoft explains.
Once this update is deployed, the anti-malware client, the engine, and the signature versions are updated automatically.
"This package includes monthly updates and fixes to the Microsoft Defender AntiMalware platform and engine that's utilized by Microsoft Defender Antivirus in Windows 10. This package also includes the latest security intelligence update that's available up to the date of release," Microsoft says.
Don't make use of the update for live images
However, the software giant recommends against while using update for live images, because the company claims the operating system running in the virtual machine can eventually become damaged.
The package update tool can run on Windows 10 64-bit with PowerShell 5.1. After downloading the update from thee links (32-bit and 64-bit), you can deploy them for a Windows system image while using following command:
PS C:\> DefenderUpdateWinImage.ps1 - WorkingDirectory<path> -Action AddUpdate - ImagePath <path_to_Os_Image> -Package <path_to_package>
Once installed, the following versions ought to be running on your Windows installation image (needless to say, these will update when Microsoft publishes new packages because of its customers):
Platform version: 4.18.2008.9 Engine version: 1.1.17400.5 Signature version: : 1.323.2216.0
:: بازدید از این مطلب : 404
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : دو شنبه 21 مهر 1399 |
نظرات ()
|
|
نوشته شده توسط : jiajiasnow
Microsoft keeps focusing on refining the knowledge using its Android launcher, which is something which makes total sense because of the app is installed on the top Duo as the default experience.
A few days ago, the software giant has released a brand new update for that Microsoft Launcher, which time, only minor improvements are included, though they're obviously welcome for everybody.
The brand new release brings the version number to 6.2.200706.8987, and based on the official changelog, what you're getting is an update for the app icons and the fonts which are used by Microsoft launcher.
There's also improvements for that app folder layout and also the gesture support, as well as additional refinements for that performance of the launcher.
Microsoft says a number of other known bugs are getting fixed too in this update, but no further specifics happen to be provided in this regard.
Microsoft Launcher for Android
Microsoft Launcher has become a must-have tool for the typical Microsoft user on Android, as it offers deep integration of services launched through the Redmond-based software giant on mobile platforms.
For example, among the features that I make use of the most may be the Sticky Notes support. On Windows 10, I personally use Sticky Notes every day in order to save very important quick notes and links, so with Microsoft Launcher placed on my Samsung Galaxy Note20, I can take all of this quite happy with me on the run.
At the same time, Microsoft Launcher also features the customization features that make an Android launcher really worth trying, including support for third-party icon packs. Quite simply, you are able to further change the look from the launcher by downloading other icon packs in the Google Play Store and then enabling them in Microsoft Launcher just like you'd do in Nova, for instance.
You can download the new Microsoft Launcherv for Android using this link.
:: بازدید از این مطلب : 442
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : جمعه 18 مهر 1399 |
نظرات ()
|
|
نوشته شده توسط : jiajiasnow
Microsoft has released a brand new optional cumulative update for Windows 10 version 1809, and users can download it today in the Microsoft Update Catalog or by simply checking for updates manually on Windows Update.
The brand new cumulative update is KB4577069, and it boosts the OS build number to 17763.1490. It may be installed on the next systems:
Windows 10 version 1809 Windows Server version 1809 Windows Server 2019
Since it's an optional cumulative update, it's called a preview release, therefore it includes all the changes that might be part of the next updates shipping on the October 2020 Patch Tuesday.
There are several important alterations in this update, and one of these is the introduction of the warning in Ie that tells users the support for Flash Player is coming to a finish. Flash Player would be retired in December, at which point Microsoft will abandon it for both Internet Explorer and Microsoft Edge. In other words, no new security updates could be published after this date.
In addition, this update cuts down on the probability of missing fonts, whilst introducing fixes for Microsoft Office applications. Those who are using Microsoft Edge Legacy are also obtaining a welcome patch.
"Addresses an issue that might create the error "0x80704006. Hmmmm?-can't reach this page" when using Microsoft Edge Legacy. This issue is the place you attempt to reach websites on non-standard ports. Any website that utilizes a port listed in the Fetch Standard specification under bad ports or port blocking may cause this issue," Microsoft explains within the changelog, which you'll take a look at in full in the box following the jump.
There's also improvements for enterprises, including changes for group policies.
"Addresses a problem with setting the "Restrict delegation of credentials to remote servers" Group Policy using the "Restrict Credential Delegation" mode on the RDP client. As a result, the Terminal Server service tries to use "Require Remote Credential Guard" mode first and can just use "Require Restricted Admin" when the server doesn't support ??Require Remote Credential Guard,'" the organization says.
Worthwhile to learn is the fact that Windows 10 version 1809 is approaching its end of support. Previously, Microsoft wanted to retire this release in May 2020, but due to the lockdown that happened globally and which forced the majority of us to work from home, the organization decided to push back the EOL simply to make certain IT admins have plenty of time to prepare for that change.
So at this time, the target date for Windows 10 version 1809 to be retired is November.
"We have been evaluating the public health situation and comprehend the impact this really is wearing a number of our customers. To help ease a few of the burdens clients are facing, we will delay the scheduled end of service date for the Home, Pro, Pro Education, Pro for Workstations, and IoT Core editions of Windows 10, version 1809 to November 10, 2020. This means devices will receive monthly security updates only from May to November. The ultimate security update of these editions of Windows 10, version 1809 will be released on November 10, 2020 instead of May 12, 2020," Microsoft explains.
At this time, the most recent form of Windows 10 is 2004, or even the May 2020 Update, however the software giant will quickly start the rollout of a new feature update called October 2020 Update and internally referred to as version 20H2. The final build was already shipped to testers, and the public rollout would start with seekers, using the update thus becoming available for people who manually look for updates in Windows Update.
:: بازدید از این مطلب : 329
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : دو شنبه 7 مهر 1399 |
نظرات ()
|
|
|
|
|