Sofia Elizabella Wyciślik-Wilson

If you were thinking that it has been a while since Microsoft updated PowerToys, you'd be right -- it's over a month since the last update was released. But now the company has pushed out PowerToys v0.59.0, and it's a significant release.

There are many things worthy of mention in this latest version of the utility collection, not least of which is the completion of adding ARM64 support. This is far from being all that PowerToys v0.59.0 has to offer though, there are also important changes and improvements to many individual components including Keyboard Manager, Power Rename and the much-loved FancyZones.

Continue reading →

Yesterday, Apple announced updates to all of its operating systems -- iOS, iPadOS, watchOS and macOS -- and the next version of its desktop operating system is called macOS Ventura. Also known as macOS 13, this will be a free upgrade for anyone with an eligible system and the hardware requirements cut far fewer people out of the loop than Microsoft did with Windows 11.

Apple shared details of the latest version of the OS at WWDC 2022, immediately making a developer preview available for download and promising that a public beta will launch in July. What can you expect to see in Ventura? There's a new app and window management tool called Stage Manager, the ability to use an iPhone as a webcam for a Mac, a greater focus on gaming than before, and much more.

Continue reading →

It is only a couple of months since Microsoft first talked about Windows Autopatch, a new service for users of Windows 10 and Windows 11 designed to ensure that software is kept up to date. The company has now released a public preview of the free service.

As well as keeping Windows 10 and Windows 11 updated, Windows Autopatch will also take care of updating firmware, drivers and Microsoft 365 apps. Microsoft says that the launch date for the service is July, so the release of a public preview gives interested users a chance to try it out a few weeks early.

Continue reading →

Microsoft has once again released a preview of an update for Windows that is due to get a full launch next Patch Tuesday. The KB5014023 update is available for Windows 10 versions 21H1 and 21H2, as well as Windows Server 20H2 and it fixes a number of issues.

Among the problems addressed by the optional update is an issue that caused file copying to be much slower than usual. Other notable changes include a fix for a GPU issue that caused apps to crash, and a fix for a problem that prevented Excel and Outlook from launching.

Continue reading →

Following on from the Follina security flaw, another Windows zero-day vulnerability has come to light. Dubbed SearchNightmare, the issue allows the search-ms URI protocol handler to be used to launch remotely hosted malware-ridden executables via a search window.

The protocol is normally used to perform local searches, but it can also be used to do the same with shared files on a remote host. An attacker could easily trick a victim into clicking a search-ms URI, and a method has been found to bypass the security warning that should be displayed by default.

Continue reading →

This week, we have written about the Follina zero-day vulnerability that allows for remote code execution on a victim's computer. Despite having been known about for a number of weeks, Microsoft is still yet to issue a patch for the actively exploited critical security flaw, instead simply offering details of a workaround.

As has been the case in the past, a third party has come to the rescue. Micro-patching firm 0patch has released a free fix for the vulnerability -- for Windows 11, Windows 10, Windows 7 and Windows Server 2008 R2 -- which is tracked as CVE-2022-30190 and relates to the Microsoft Windows Support Diagnostic Tool (MSDT) component of Windows.

Continue reading →

Microsoft has launched a new family of products called Entra. Microsoft Entra encompasses a number of identity and access management solutions including the existing Azure AD. The launch comes after the acquisition of CloudKnox Security last year, and is Microsoft's attempt to help boost security across multicloud environments -- or "secure access for a connected world".

Bolstering the product family, the company has also launched cloud permission management tool Microsoft Entra Permissions Management​, and Microsoft Entra Verified ID​ -- a system that allows for more secure interactions, based on decentralized identity standards. Microsoft has also announced public previews of Workload Identities​ and Lifecycle Workflows.

Continue reading →

The ability to edit sent messages is something that is common -- although far from universal -- in chat and social apps. The likes of Slack and Skype make it easy to make changes, such as correcting typos in messages, and it is an option that is said to be coming to Twitter at some point in the future.

But while the option to edit tweets may be some way off, users of WhatsApp may have this option sooner rather than later. The developers of WhatsApp are currently working on bringing a message-editing option to the mobile versions of the apps, as well as the desktop and web editions.

Continue reading →

Yesterday we wrote about a zero-day vulnerability called Follina which allows for remote code execution on a victim's computer. While the flow -- tracked as CVE-2022-30190 -- has been described as an Office vulnerability, it is really the result of a security issue with a component of Windows.

A problem exists in the Microsoft Windows Support Diagnostic Tool (MSDT) which is found in all supported versions of Windows, including Windows 11. The vulnerability has been billed as an Office vulnerability as using a malicious Word file is one of the easiest attack vectors to exploit the flaw. But what is worrying about the vulnerability, apart from the fact that Microsoft has not fixed it yet, is that the company was made aware of the fact that it was being actively exploited way back on April 12.

Continue reading →

In the coming weeks, Microsoft is expected to share details of a new Surface Laptop Go. However, it seems we may already know much of what to expect, after a listing for the yet-to-be-announced Surface Laptop Go 2 popped up on a Korean website.

While news of the upcoming device will interest those in the market for an updated model, the listing shows that there may not be a great deal to get excited about besides an upgraded processor.

Continue reading →

While Microsoft may be quick to point out security vulnerabilities in other companies' products, its own software is far from infallible. A good example of this is the recently discovered 'Follina' security hole that affects Microsoft Office.

The vulnerability can be exploited to launch PowerShell and execute a variety of malicious commands; all that a victim needs to do is open a specially crafted Word file. Tracked as CVE-2022-30190, Microsoft has released details of a workaround that helps to mitigate the issue.

Continue reading →

The Microsoft 365 Defender Research Team has shared details of several high-severity vulnerabilities found in a mobile framework used in popular apps associated with a number of big names.

The framework is owned by mce Systems, and is used in apps from numerous mobile providers. The apps -- from the likes of AT&T, Rogers Communications and Bell Canada -- are often pre-installed on Android handsets, but they have also been downloaded millions of times. If exploited, the vulnerabilities allow for local or remote attacks, including command injection and privilege escalation attacks.

Continue reading →

In a move that will please -- and surprise -- many, Microsoft has added WSL 2 distro support to Windows Server.

The new Windows Subsystem for Linux functionality is not available by default, as it requires the installation of a special update. This will be officially released on Patch Tuesday, but it is also available as a preview right now for anyone who does not want to wait.

Continue reading →

Trend Micro has issued a warning about the preview of the KB5014019 update for Windows 11, released by Microsoft a few days ago.

The security firm says that it is aware of a compatibility issue between the update and "the User Mode Hooking (UMH) component of several Trend Micro endpoint solutions". The problems affect both Windows 11 and Windows Server 2022.

Continue reading →

Broadcom has struck a deal with VMware that will see the chipmaker buying the cloud and virtualization software firm for around $61 billion in cash and stock. As part of the acquisition, Broadcom will also take on $8 billion of VMware's net debt.

When the deal is complete, Broadcom Software Group will rebrand and operate as VMware. As part of Broadcom, the new VMware will, the company says, "offer enterprise customers greater choice and flexibility to address the most complex IT infrastructure challenges".

Continue reading →