Recently Browsing 0 members
No registered users viewing this page.
By Usama Jawad96
Microsoft apparently just fixed a Windows security flaw first reported to it in 2018
by Usama Jawad
Microsoft fixed quite a number of bugs in this month's Patch Tuesday update, which came out last week. While it packed numerous fixes for various versions of Windows, it did draw some criticism for the handling of a security vulnerability that was reported to it by Google.
However, it appears that the Redmond giant's security woes are not yet over as a new report claims that the firm just fixed a Windows zero-day exploit that was reported to it back in 2018.
Last week, Microsoft fixed a security hole in various versions of Windows that mainly deals with the operating system's incorrect handling of file signatures. In CVE-2020-1464, the company noted that:
In a blog post on Medium, security researcher Tal Be'ery has explained that Bernardo Quintero, a manager at VirusTotal - a service owned by Google - first discovered the vulnerability being exploited back in August 2018. This exploit, internally called "GlueBall", was immediately reported to Microsoft and the findings were published in January 2019 by Quintero. Microsoft acknowledged the issue and added mitigation actions in supporting tools, but stated that it would not fix the issue in the operating system itself. The reasoning behind this decision is not public.
After this, several blog posts were published by other people, explaining how to use GlueBall to exploit Windows. Then in June 2020, GlueBall was once again highlighted by prominent social media accounts.
It would seem that roughly around this time, Microsoft began to take this issue seriously and a proper fix to the gaping security hole was finally released in this month's Patch Tuesday. According to Microsoft's security advisory, this flaw was present in Windows 7, 8, 8.1, RT 8.1, Server 2008, 2012, 2016, 2019, and Windows 10, going all the way up to version 2004, and that it was exploited across numerous versions of the operating system.
In a vague statement to KrebsonSecurity, Microsoft stated that:
The handling of this incident from Microsoft's end is extremely strange, to say the least. One has to wonder why Microsoft delayed fixing a Windows security flaw for nearly two years, especially when it was present in virtually all major versions of the operating system.
Source: Tal Be'ery (Medium) via KrebsonSecurity
By Rich Woods
Microsoft announces Edge is rolling out in the next few weeks, and a bunch of new features
by Rich Woods
Microsoft's Build 2020 developer conference starts today, and as always, there's a bunch of news around its brand-new Chromium-based Edge browser. There are a bunch of new features on the way, but perhaps more significant is that the company finally confirmed that it's going to begin rolling out Edge within the next few weeks.
You might recall that the team actually announced general availability back in January, promising a slow rollout. Slow isn't actually the right word though, because it never actually rolled out. Users have had the opportunity to download a stable version of the browser, and then in February, it started rolling out to beta testers on the Windows Insider Program's Release Preview ring. In other words, other than beta testers, exactly zero people have received this as an update.
While the blog post doesn't explicitly say this, it seems likely that it's going to arrive as part of the Windows 10 May 2020 Update, which is already available for developers and coming later this month. While the browser is going to be pushed to your machine via Windows Update, updates to the browser will not.
As mentioned, there are a bunch of new features as well. Collections is getting Pinterest integration, as Microsoft has partnered up with the company. If you're unfamiliar with Collections, it allows you to take images, texts, and links from around the web and store them in groups. Now, you'll see recommendations from Pinterest at the bottom of a Collection. You can also export a Collection to Pinterest. This feature is coming to Edge Insiders within the next month.
There's also a new sidebar search option coming, so you'll no longer have to open a new tab and lose your focus to search for something on the web. The search results will appear in the sidebar as well. This feature is arriving for Edge Insiders in the coming weeks.
Edge improvements naturally go hand in hand with Bing improvements. There's a new Work page that's included in Bing search results. It's just another tab along with images, shopping, news, and so on, and it will appear if you're signed in with a work account. The idea is to give Microsoft Search's capabilities to look within your organization its own area, so it will include files, people, internal sites, and so on. Power BI integration is coming by the end of June.
Finally, Microsoft is releasing a preview of WebView2, which is part of its Project Reunion efforts to unify Win32 and UWP. WebView2 is based on Chromium, so developers can include that in their apps instead of the original EdgeHTML WebView.
By Rich Woods
Microsoft's new Chromium-based Edge browser is now generally available
by Rich Woods
It was back in early December 2018 when Microsoft first announced its radical plans to replace its in-house Edge browser with one that's based on Google's open-source Chromium. Today, the new browser is generally available. If you're on Windows 10, you can expect to see it show up on your PC over the next few months if you don't already have it.
Public testing for the browser didn't arrive until April, and it was only for Windows 10, and only for Canary and Dev channels. Support for Windows 7, Windows 8, Windows 8.1, macOS, Windows Server 2008/2012, and Windows Server 2016+ all came later, as did the Beta channel.
Obviously, the biggest improvement in the new Edge is that it's based on Chromium, which means that it will render the web in the same way as the most popular browser in the world, Google Chrome. Of course, Microsoft has stripped out all of the Google and added its own bits. It's also contributed quite a bit to the Chromium Project.
Since it's based on Chromium, you'll actually now be able to use Chrome extensions. Developers can submit their extensions to Microsoft, or you can choose to install them from Google's Chrome Store.
There are some other new features to call out though. Edge Chromium now has a feature called IE Mode, which will open an Internet Explorer page right within a tab in Edge. It's meant for businesses that have legacy needs, so they'll no longer have to use IE. Of course, IE will continue to ship with Windows 10 for the foreseeable future.
Another key new feature is called Collections. This allows you to gather up links, images, text, and anything else from around the web and put them into different groups. There are also new privacy features, and a whole lot more.
Unfortunately, there are a few things that Edge will be missing out of the gate. It won't have native support for ARM64, so if you've got a Windows on ARM PC, you'll have to stick with Edge Canary or Edge Dev for now. Two other things missing will be history syncing and extension syncing. Also, it's not exactly a priority, but the new Edge browser for Xbox One and HoloLens will also be coming later on.
Again, if you're on Windows 10, you're going to see this show up soon through a Windows update, and it will replace the Edge Legacy browser. If you're on any other supported platform, you'll have to go out and get it. The browser is coming today for Windows 7, which is no longer supported, and while it's unclear how long Edge will remain supported on the legacy OS, Google has committed to another 18 months of full Chrome support.
If you want to get the new Edge now, you can download the stable version here. As always, you can download a preview version here.
By Rich Woods
Edge Dev build 80.0.328.4 adds a bunch of fixes, but no ARM64 support just yet
by Rich Woods
It's a bit late in the week, but Microsoft released a new Edge Dev build today. The build number is 80.0.328.4, and it's a pretty minor update that contains mostly fixes. Yesterday, the Canary channel, which is updated daily, got support for ARM64 PCs, so if you were hoping that this week's Dev build would get the same treatment, you're out of luck. Surface Pro X users will have to wait until next week.
Here are the changes for better reliability:
Here are the behavioral changes:
Finally, there are some known issues to be aware of:
As you can see, it's quite the changelog, but it's really nothing impactful. Last week at Microsoft's Ignite conference, the company announced that Edge will be generally available beginning on January 15, and that it comes with a new logo.
By Rich Woods
Microsoft's new Edge will ship without ARM64 support, history sync, and extension sync
by Rich Woods
This week at its Ignite 2019 conference in Orlando, Microsoft announced the general availability date of its new Chromium-based Edge browser, which has been in public testing since April. Beginning on January 15, it will be considered generally available, meaning that it will start updating users to its new browser.
Unfortunately, it's going to be missing a few key features. ARM64 support will be missing at launch, despite Microsoft having released its own ARM-powered PC just this week. You also won't find the new browser for Xbox One or HoloLens; and it probably goes without saying, but the newly-announced Linux version won't be available on January 15.
Some app features won't be there either, including history syncing and extension syncing. To be clear though, these features, along with ARM64 support, won't be in the shipping version of the browser, but they could be in Canary and Dev channels by then.
The reason for the lack of ARM64 support is a blocking bug that is exclusive to the ARM architecture. Microsoft did indeed plan to announce support for the chip architecture at its October 2 event alongside of the ARM-powered Surface Pro X, but it just wasn't ready, and it's still not ready. ARM64 support is definitely coming though, just in case anyone was worried.
As for things like Xbox One and HoloLens, those are just lower priority, and it makes sense. The browser isn't used nearly as much on something like an Xbox. It's coming, but there's no specific timeline.
I met with Edge CVP Chuck Friedman, and I did ask why the team chose to announce a GA date when things like ARM64 support, history syncing, and extension syncing aren't ready, and aren't going to be ready in time. It pretty much comes down to those features not being important enough. ARM64 PCs are still a tiny segment of the Windows 10 market, even with a brand new flagship ARM64 PC from Microsoft, the Surface Pro X. History and extension syncing are both important, but not as important as password syncing, which is already included in the browser.
Beginning on January 15, users will start seeing the Edge Chromium browser showing up on their PCs. The back end for the updates will be Windows Update, so you'll pretty much get an app that installed over Legacy Edge. Eventually, there will be a Windows 10 feature update that removed Legacy Edge entirely, but there's no telling when that will be.