By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft has issued an out-of-band required update for all versions of Windows, rounding out the patch it released on September 23 to address an already-exploited flaw in Internet Explorer. Initially, Microsoft only released the out-of-band patch for CVE-2019-1367 on the Microsoft Update Catalog, which users needed to manually download. But Microsoft has now released it through Windows Update and Windows Server Update Services (WSUS) to distribute it more widely to end-users. "This is a required security update that expands the out-of-band update dated September 23, 2019," Microsoft warns users. The decision not to release the patch through Windows Update and WSUS caused some confusion. Why create a patch and then not distribute automatically to all Windows users until now?  The IE scripting engine flaw was found by Clement Lecigne of Google's Threat Analysis Group, and Microsoft raced out the patch within days. It's likely that the vulnerability was being used to target a narrow section of Windows users. It's also not clear how much time Microsoft was able to spend regression testing its patch before releasing it. Lecigne also discovered a publicly-unknown bug in Chrome and one affecting Windows 7 in February. The flaws were being used in tandem to attack targeted users. Google released a patch for Chrome and disclosed the existence of the Windows 7 flaw before Microsoft was able to release its patch. At this stage, Lecigne has not published any details about the IE flaw. The new Windows out-of-band update also addresses a bug that caused print jobs to fail. For more turn to OUR FORUM

Unlike last year’s Surface Headphones, which only worked with Cortana, the Surface Earbuds that Microsoft announced today work with any virtual assistant. That means you can use the Surface Earbuds with Cortana, but also with Alexa, Bixby, Google Assistant, Siri, or any other competitor. We talked to Surface Earbuds product lead Mohammed Samji to find out more about the $249 buds and the Surface Audio app. Like the Surface Headphones, the Surface Earbuds don’t do anything until you pair them. Surface Earbuds communicate over Bluetooth 5.0 with an Android, iOS, or Windows 10 device. Once paired, you can tap and hold either of the buds to trigger the default assistant on your device. To use a different virtual assistant with the Surface Earbuds, just change the default assistant on the paired device. “Out of the box, it just works,” Samji said. “On PC, it launches Cortana. On iOS, it will launch Siri, unless you’ve changed it. And I think it might vary depending on the distribution of Android, but all the ones I’ve tested, the first time I do it, Android asks me what I want as my default.” Surface Earbuds still offer a better experience with Cortana (although without the “Hey Cortana” wakeword), Samji made sure to emphasize. Surface Earbuds can do everything with Cortana that the Surface Headphones can do, like chit-chat, interact with your email, check your calendar, get your daily update, and create to-dos. Samji said his team created a more streamlined flow for all this Cortana functionality. It’s called Surface Audio. A Surface Audiotrademark filing from September 27 was discovered by LetsGoDigital earlier today. The trademark is classified under Class 9, which is reserved for firmware and software. Samji confirmed Surface Audio is the companion app for the Surface Earbuds. We have more posted on OUR FORUM.

Stories about China and the VPN market usually focus on the use of these virtual private networks to access news sites and social media when caught behind the country’s infamous “Great Firewall.” But now there’s a twist, with new research finding that “the top 10 Google Play search results for ‘VPN’ are dominated by [Chinese] apps participating in potentially fraudulent manipulation practices.” And those apps have secured more than 280 million installs between them. VPNs redirect internet traffic through remote servers, hiding user locations and IP addresses, encrypting information sent and received. And so this new research from the team at VPNPro is worrying on two counts. First, Google’s system appears to be easily gamed. There are no sophisticated tactics at work here—the researchers claim that basic ruses make all the difference. And, second, users might inadvertently install VPNs they believe to be popular and safe, when in fact if data is logged, if that data can be linked to the individual using the app, then the purpose of the VPN is undermined. In short, the team claims to have “uncovered what appears to be a large scale operation by Chinese VPN service providers to manipulate Google Play store results—leading to millions of people using potentially unsafe VPNs.” The team has concluded that the blatant manipulation of Google Play together with the “obligation” Chinese tech companies have “to hand data to the government when requested, “could indicate a much more serious issue beyond algorithm manipulation.” The VPNPro team found that “seven out of the top ten apps,” found to be manipulating the Google Play system, “are either based in Hong Kong, have Chinese directors or are located in China.” Commenting on the research, VPNPro security researcher Jan Youngren warned that “at best we’ve uncovered companies using underhand, unethical tactics to mislead consumers and make millions. At worst, there’s a much more sinister strategy at play to monitor and obtain the data of millions of people who have cause to use a VPN to stay safe and private—Often these people live in countries where it is dangerous to publicly express their views, or work in fields such as investigative journalism and human rights... an unsafe VPN can be a matter of life or death.”There's lots more posted on OUR FORUM.

Serial leaker 'momomo_us' has spotted multiple entries of AMD Radeon and Nvidia GeForce graphics cards by Gigabyte on the Eurasian Economic Commission(EEC)'s website. Among the mix of several GPU models getting certified, there are entries of the upcoming AMD's Radeon 5500 XT and Nvidia's GeForce GTX 1660/1650 Super graphics card SKUs. From the listing, it is noteworthy that the Radeon RX 5500 XT is equipped with 8GB of VRAM while the GeForce GTX 1660 and 1650 Super cards have 6GB and 4GB VRAM, respectively, just like their non-Super variants. Earlier today, Videocardz reported that they have received confirmation of an October 7th announcement for the Radeon RX 5500 XT as well the 5500M that we reported about a few days ago. They further added that the 5500 XT is powered by 22 RDNA Compute Units(CUs) or 1408 RDNA Stream processors. This means that the XT chip allegedly has the same CU count as the 5500M. However, the 5500 XT, being a desktop variant, maybe clocked much higher than its mobile counterpart. Over on the Nvidia side, it was first reported by Chinese website Mydrivers that a GeForce GTX 1660 Super variant was in the works with the same 1408 CUDA core configuration as the non-Super variant. However, the big change is that the Super card gets a beefed-up memory configuration thanks to the use of GDDR6 memory instead of GDDR5 on the non-Super 1660. This means that despite having the same core specification, the 1660 Super should be much faster in bandwidth bound scenarios. Another Chinese website ITHome reports that the GTX 1660 Super is due for launch on October 29. Videocardz speculates that the rumored 1650 Ti, also reported by Mydrivers previously, might well be the 1650 Super that has been listed at the EEC. Information on this GPU is still scarce with rumors floating around of it having anywhere between 1024 to 1280 CUDA cores. Learn more at OUR FORUM.

Windows 10 version 1909 codenamed ’19H2′, which is a minor update that is supposed to roll out later this year to all Windows 10 users, might arrive as early as next week. Windows 10 version 1909 is shipping to several Insiders on the Release Preview Ring and today ESDs for all languages have been spotted on WSUS. We have gathered the list of all available ESDs from private forums and according to the data, Windows 10 version 1909 Build 18363.356 ESD is currently available on Windows Server Update Services server (WSUS). The version number in ESD is listed as ‘18363.356.190918-2052.19h2’. The presence of ESD (electronic software delivery) on WSUS indicates this could well be the final release candidate (RTM). However, it’s likely that Microsoft won’t ship Build 18363.356 to the general public since a newer Build 18363.387 is available for Release Preview Ring testers. Microsoft is also holding an event on October 2 to announce Surface 7, Surface Pro 7, Surface Laptop 3 and Surface Centaurus. By the looks of things, Microsoft might announce Windows 10 version 1909 on October 2 and the update would begin rolling out on October 3 or sooner. Windows 10 19H2 won’t come with several new features, as Microsoft has focused more on performance and reliability areas of the OS in this release, including significant improvements for the Windows Update mechanism. Windows 10 19H2 doesn’t yet have a name and it’s unclear if it will be launched as ‘October 2019 Update’, retaining the traditional naming scheme. More information should be shared on October 2. According to Microsoft, this new version of Windows will install just like a regular patch for Windows 10 May 2019 Update PCs. We covered the key features of Windows 10 version 1909 in a previous article. One of the significant change is the implementation of a rotation policy that would distribute work more fairly on PCs with favored cores. This could boost performance and offer faster process execution. Follow this thread on OUR FORUM.

Windows ships with a full volume encryption tool called BitLocker. The feature used to trust any SSD that claimed to offer its own hardware-based encryption, but that changed in the KB4516071 update to Windows 10 released on September 24, which now assumes that connected SSDs don't actually encrypt anything. "SwiftOnSecurity" called attention to this change on September 26. The pseudonymous Twitter user then reminded everyone of a November 2018 report that revealed security flaws, such as the use of master passwords set by manufacturers, of self-encrypting drives. That meant people who purchased SSDs that were supposed to help keep their data secure might as well have purchased a drive that didn't handle its own encryption instead. Those people were actually worse off than anticipated because Microsoft set up BitLocker to leave these self-encrypting drives to their own devices. This was supposed to help with performance--the drives could use their own hardware to encrypt their contents rather than using the CPU--without compromising the drive's security. Now it seems the company will no longer trust SSD manufacturers to keep their customers safe by themselves. Here's the exact update Microsoft said it made in KB4516071: "Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change." People can also choose not to have BitLocker encrypt these drives, too, but the default setting assumes they don't want to take SSD manufacturers at their word. We have plenty more posted on OUR FORUM.

 

Translate