Archive for the ‘Windows’ Category

Apple’s iCloud has been a poor experience in Windows, but a new update seeks to fix that

June 12th, 2019

Apple has released a new version of iCloud for Windows 10 in the Microsoft Store, according to a recent blog post by Microsoft and a handful of Apple customer support documents. The new version claims to be a major improvement, with more robust features and more reliable syncing—the latter of those has been a common complaint for users of Apple's previous version.

Features listed by Microsoft include:

  • Access your iCloud Drive files directly from File Explorer without using up space on your PC
  • Choose the files and folders you want to keep on your PC
  • Safely store all your files in iCloud Drive and access them from your iOS device, Mac, and on iCloud.com
  • Share any file right from File Explorer and easily collaborate with others—edits will be synced across your devices

Interestingly, Microsoft says the new iCloud app is "powered by the same Windows technology that also powers OneDrive's Files On-Demand feature"—an unexpected technical and corporate partnership. But it shouldn't be too surprising at this point; despite the storied history and rivalries of the 1980s and '90s (as well as competition in areas like, yes, cloud services), Microsoft and Apple have largely played together nicely in recent years.

Read 2 remaining paragraphs | Comments

Posted in apple, File Explorer, icloud, iCloud Drive, Microsoft Store, Tech, Windows, Windows 10 | Comments (0)

Warnings of world-wide worm attacks are the real deal, new exploit shows

June 5th, 2019
Warnings of world-wide worm attacks are the real deal, new exploit shows

(credit: flattop341)

For the past three weeks, security professionals have warned with increasing urgency that a recently patched Windows vulnerability has the potential to trigger attacks not seen since the WannaCry worm that paralyzed much of the world in 2017. A demonstration video circulating on the Internet is the latest evidence to prove those warnings are the real deal.

It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.

The video shows a module Dillon wrote for the Metasploit exploit framework remotely connecting to a Windows Server 2008 R2 computer that has yet to install a patch Microsoft released in mid May. At about 14 seconds, a Metasploit payload called Meterpreter uses the getuid command to prove that the connection has highly privileged System privileges. In the remaining six seconds, the hacker uses the open source Mimikatz application to obtain the cryptographic hashes of passwords belonging to other computers on the same network the hacked machine is connected to.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, bluekeep, exploits, microsoft, vulnerabilities, Windows | Comments (0)

Answers to some of your iTunes questions: Old libraries, Windows, and more

June 3rd, 2019

SAN JOSE, Calif.—After much speculation and fanfare in the press, Apple confirmed today that it will sunset iTunes in the next version of macOS and spin its functionality into three new apps—Apple Music, Apple Podcasts, and Apple TV. As we noted earlier, this marks the end of an era of sorts on the Mac—but there were plenty of unanswered questions. What features will Music retain from iTunes? And what happens to Windows users who are dependent on iTunes?

While some details are still fuzzy and will remain that way until we start digging into the beta releases, we got some broad answers from Apple on those top-level questions.

Old iTunes libraries and files

Apple Music in macOS Catalina will import users' existing music libraries from iTunes in their entirety, Apple says. That includes not just music purchased on iTunes, but rips from CDs, MP3s, and the like added from other sources.

Read 8 remaining paragraphs | Comments

Posted in apple, apple music, iTunes, MP3, Tech, Windows, WWDC, WWDC 2019 | Comments (0)

Microsoft practically begs Windows users to fix wormable BlueKeep flaw

May 31st, 2019
Microsoft practically begs Windows users to fix wormable BlueKeep flaw

Enlarge (credit: Aurich Lawson)

Microsoft security officials say they are confident an exploit exists for BlueKeep, the recently patched vulnerability that has the potential to trigger self-replicating attacks as destructive as the 2017 WannaCry attack that shut down computers all over the world.

In a Blog post published late Thursday night, members of the Microsoft Security Response Center cited findings published Tuesday by Errata Security CEO Rob Graham that almost 1 million Internet-connected computers remain vulnerable to the attacks. That indicates those machines have yet to install an update Microsoft issued two weeks ago patching against the so-called BlueKeep vulnerability, which is formally tracked as CVE-2019-0708. The exploits can reliably execute malicious code with no interaction on the part of an end user. The severity prompted Microsoft to take the unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and two years, respectively.

Thursday’s post warned, once again, that the inaction could trigger another worm of the magnitude of WannaCry, which caused hospitals to turn away patients and paralyzed banks, shipping docks, and transportation hubs around the world. In Thursday’s post MSRC officials wrote:

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, exploits, microsoft, vulnerabilities, Windows, Worms | Comments (0)

Xbox Game Pass is coming to Windows 10, but many questions remain

May 30th, 2019
Well, there you have it.

Enlarge / Well, there you have it.

In one of the less-detailed announcements of the pre-E3 season, Microsoft this morning officially confirmed it is bringing its "all-you-can-play" Game Pass subscription service to the PC. The new expansion of the Xbox Game Pass (which launched just over two years ago) "will give players unlimited access to a curated library of over 100 high-quality PC games on Windows 10, from well-known PC game developers and publishers such as Bethesda, Deep Silver, Devolver Digital, Paradox Interactive, SEGA and more," according to an announcement from Microsoft.

Games from Microsoft's own studios, including recent acquisitions Obsidian and inXile, will be available on Xbox Game Pass for PC on the day they're released, just as they are on Xbox One. Game Pass members will also receive discounts of up to 20% on Windows Store games and up to 10% off of DLC and add-on purchases.

Aside from that, though, Microsoft's announcement leaves a lot of major holes. While the "Xbox Game Pass for PC" shares a name with the company's "original" gaming subscription plan, it's not clear if PC subscriptions will be considered separate, or available as a bundle with the console plan, or included in Microsoft's upcoming "Game Pass Ultimate," or some combination of all of the above. Microsoft also didn't discuss any pricing details, launch timing for the service, any specific included games, or whether or not Game Pass on PC downloads would be limited to Microsoft's own Windows Store. Microsoft has promised to reveal more at its June 9 E3 press conference.

Read 3 remaining paragraphs | Comments

Posted in gaming, Gaming & Culture, microsoft, Windows, xbox game pass | Comments (0)

Eternally Blue: Baltimore City leaders blame NSA for ransomware attack

May 28th, 2019
Baltimore: An IT disaster area?

Enlarge / Baltimore: An IT disaster area? (credit: Cyndi Monaghan via Getty Images)

The mayor and city council president of Baltimore are pushing for the ransomware attack that brought Baltimore's city government to a standstill to be designated a disaster, and officials are seeking federal aid to help pay for the cleanup from the RobbinHood malware's damage. This call came after a New York Times report that the ransomware used the EternalBlue exploit developed by the National Security Agency to spread across the city's network.

EternalBlue was part of a set of tools developed for the NSA's Tailored Access Operations (TAO) group that were leaked by Shadow Brokers in 2017. The tool was then used two months later as part of WannaCry, the destructive cryptographic worm that affected thousands of computers worldwide. Shadow Brokers has been linked by some security experts to a Russian intelligence agency; WannaCry has been attributed to North Korea's military.

After being alerted by the NSA. Microsoft issued a security patch for the vulnerability exploited by EternalBlue (among others) in March of 2017, even issuing patches for Windows Vista (which was at the time just about to be dropped from long-term paid support) and Windows XP (which had already dropped out of support).

Read 12 remaining paragraphs | Comments

Posted in Baltimore City ransomware, Biz & IT, EternalBlue, microsoft, National Security Agency, NSA, Policy, shadow brokers, Windows | Comments (0)

Why a Windows flaw patched nine days ago is still spooking the Internet

May 23rd, 2019
Artist's impression of a malicious hacker coding up a BlueKeep-based exploit.

Enlarge / Artist's impression of a malicious hacker coding up a BlueKeep-based exploit. (credit: Getty Images / Bill Hinton)

It has been nine days since Microsoft patched the high-severity vulnerability known as BlueKeep, and yet the dire advisories about its potential to sow worldwide disruptions keep coming.

Until recently, there was little independent corroboration that exploits could spread virally from computer to computer in a way not seen since the WannaCry and NotPetya worms shut down computers worldwide in 2017. Some researchers felt Microsoft has been unusually tight-lipped with partners about this vulnerability, possibly out of concern that any details, despite everyone’s best efforts, might hasten the spread of working exploit code.

Until recently, researchers had to take Microsoft's word the vulnerability was severe. Then five researchers from security firm McAfee reported last Tuesday that they were able to exploit the vulnerability and gain remote code execution without any end-user interaction. The post affirmed that CVE-2019-0708, as the vulnerability is indexed, is every bit as critical as Microsoft said it was.

Read 16 remaining paragraphs | Comments

Posted in Biz & IT, exploits, microsoft, vulnerabilities, Windows | Comments (0)

Serial publisher of Windows 0-days drops exploits for 3 more unfixed flaws

May 23rd, 2019
Screenshot of Windows Explorer.

Enlarge (credit: SandboxEscaper)

A serial publisher of Microsoft zeroday vulnerabilities has dropped exploit code for three more unpatched flaws, marking the seventh time the unknown person has done so in the past year.

Technical details of the vulnerabilities, along with working proof-of-concept exploits, are the work of someone using the moniker SandBoxEscaper. A local privilege-escalation vulnerability in the Windows Task Scheduler that was disclosed on Tuesday allows an authenticated attacker to gain SYSTEM privileges on an affected system. On Thursday, the person released a privilege escalation code that exploits a bug in the Windows Error Reporting service. Attackers can use it to modify files that would normally be off limits. A third exploit, which was also released Wednesday, works against Internet Explorer 11 and allows attackers to execute a JavaScript that runs with higher system access than is normally permitted by the browser sandbox.

Decent deal

Like the other exploits SandboxEscaper has published over the past year, including this one Ars covered last October, the three recent ones don’t allow attackers to remotely execute malicious code. Still, as security defenses in recent versions of Windows and other operating systems have improved, the value of these types of exploits has grown, since they are often the only way to bypass security sandboxes and similar protections. Despite some limitations in the exploit that were transparently noted by SandBoxEscaper, the disclosures are significant if they work as purported against fully patched versions of Windows 10.

Read 5 remaining paragraphs | Comments

Posted in 0day, Biz & IT, exploits, microsoft, vulnerabilities, Windows, zeroday | Comments (0)

Xbox, PC get a little bit closer with the latest Xbox updates

May 17th, 2019
Xbox, PC get a little bit closer with the latest Xbox updates

Enlarge (credit: Microsoft)

The May 2019 update for the Xbox One's system software is now rolling out, bringing some small refinements to the friends list, messaging, and game/app list.

Starting with the last one first, the app list will now ignore "a," "an," and "the" when sorting or grouping alphabetically. This is the kind of change that makes me amazed that they weren't already doing this, as it almost always makes for easier-to-use listings. Video games don't even have The The to contend with.

The Messaging change is rather inexplicable. There's a sensible change: incoming messaging requests from your friends are now prioritized, with requests from non-friends put in a separate category. But for some reason, Microsoft is going to wipe all group messages as a result. You can save backups of the messages for a limited time at Xbox.com, and messages with individual users are safe, but the group messages are all going. There's no obvious justification for this change, as even if there were some significant change being made to group messaging, one would expect Microsoft to handle migrating the messages from old to new.

Read 3 remaining paragraphs | Comments

Posted in console gaming, Gaming & Culture, microsoft, PC gaming, Windows, XBox | Comments (0)

Windows dual booting no longer looking likely on Pixebooks

May 15th, 2019
Google's Pixelbook.

Enlarge / Google's Pixelbook. (credit: Valentina Palladino)

Just under a year ago, there were signs that Google was modifying the firmware of its Pixelbook laptop to enable dual booting into Windows 10. The firmware was updated to give the Pixelbook the ability to boot into an "Alternative OS" ("AltOS" mode). The work included references to the Windows Hardware Certification Kit (WHCK) and the Windows Hardware Lab Kit (HLK), Microsoft's testing frameworks for Windows 8.1 and Windows 10 respectively.

Google now appears to have abandoned this effort. A redditor called crosfrog noticed that AltOs mode was now deprecated (via Android Police). Pixelbooks are going to be for Chrome OS only, after all.

The dual boot work was being done under the name Project Campfire. There appears to have been little development work on Project Campfire since last December. This suggests that Google actually decided not to bother with dual booting many months ago.

Read 1 remaining paragraphs | Comments

Posted in Chrome OS, dual boot, google, linux, microsoft, Open Source, Tech, Windows | Comments (0)