OS Articles - H 2020 1 2 3 OS List - H 2021 2020 2019 2018 2017 2016 OS Blog OS Blog
Windows 10: Limiting the bandwidth used by Windows Update
15.5.2020 OS
When installing new updates via Windows Update or the Microsoft Store, Windows 10 can consume all of the available Internet bandwidth. A Windows 10 feature can allow you to specify how much Internet bandwidth these update processes can use so that it does not affect other programs.
With Windows updates ranging in sizes between 200MB and 500MB and feature updates, like the upcoming May 2020 Update, potentially being over 2GB, downloading them on slow or metered connections can quickly utilize all of a network's available Internet bandwidth.
The use of all the bandwidth will also cause other programs, such as browsers and games, to not work as well.
The good news is that since the Fall Creators Update (Windows 10 1709), a Delivery Optimization feature allows you to specify a percentage of the available bandwidth that Windows Update and the Microsoft Store will use when installing updates.
How to limit the bandwidth used by Windows Update
To limit the bandwidth used by Windows Updates in Windows 10, Windows Store and other Microsoft products, follow these steps:
Open Settings.
Head to Update & Security > Windows Update
On the Windows Update page, click on 'Advanced options'.
Scroll to the bottom of the page and click on 'Delivery Optimization'.
Now that you are in the Delivery Optimization settings page, click on the 'Advanced options' again, as shown below.
In the Delivery Optimization's advanced options page, put a checkmark in the “Limit how much bandwidth is used for downloading updates in the background” and “Limit how much bandwidth is used for downloading updates in the foreground”.
While the first option limits the bandwidth usage for Windows Update, the second option is for foreground activities such as Microsoft Store.
Drag the slider to set a limit as a percentage that you want to allocate to Windows Update and updates through the Microsoft Store.
For example, if you select 10%, only 10% of the available Internet bandwidth will be used for Windows Update-related activities.
Once you select the amount of bandwidth you wish to allocate, you can close the settings window.
With this setting enabled, when Windows 10 performs an update, it will only use the specified amount of bandwidth and thus allow other applications to continue using the Internet without issues.
It should be noted that decreasing the bandwidth available for updates will also cause these updates to download slower and for the update process to take longer.
Absolute bandwidth limits coming in Windows 10 2004
Windows 10 2004 is being released at the end of the month, and with it are updated Delivery Optimization settings that allow you to specify the exact amount of bandwidth that can be used for update processes.
Caption
Using this new feature, Windows 10 users will be able to choose between a specific number of Mbps that can be used or select a limit as a percentage.
Microsoft Adds DNS-Over-HTTPS Support for Windows 10 Insiders
15.5.20 Threatpost OS
Microsoft is letting Windows Insiders test-drive DNS-over-HTTPS protocol in a pre-release build of Windows 10.
Microsoft has announced the first testable version of DNS-Over-HTTPS (DoH) support, available for its Windows 10 operating system.
Support for the DoH protocol, which Microsoft first announced in November, is available in the Windows 10 Insider Preview Build 19628. This is accessible for members of Windows Insider, which is Microsoft’s open software-testing program that allows new features to be tested in pre-release, before they are widely rolled out.
“If you have been waiting to try DNS-Over-HTTPS (DoH) on Windows 10, you’re in luck: the first testable version is now available to Windows Insiders,” according to Microsoft on Wednesday. “If you haven’t been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the internet and is in an early testing stage, so only proceed if you’re sure you’re ready.”
Microsoft’s DoH support allows the Windows OS to use encrypted domain name server (DNS) sessions (as opposed to DNS queries being sent in clear text).
DoH support thus attempts fix a long-standing privacy issue for internet browsers: Even if users are visiting a site using the secure HTTPS channel, if their DNS query is sent over an unencrypted connection, anyone can sniff out the packets being sent. This can open up victims to MiTM attacks where DNS responses can be manipulated to re-route users to phishing or malware sites. It can also allow intermediaries — such as Internet Service Providers (ISPs) or governments – to see which websites internet users are visiting.
At a closer level, without DoH, DNS queries are made from an app to a DNS server using the settings received from a local network provider (typically an ISP). DoH on the other hand encloses DNS requests in encrypted HTTPS packets and sends them to a DoH server (called a DoH resolver), which then processes the request and sends the encrypted response back. In Microsoft’s case, three servers are currently supported that are used as DoH resolvers – Cloudflare, Google and Quad9 (all three provide DoH as part of their public offerings). Microsoft said that Windows needs to be configured to use one of these as a DNS server in order for DoH to be implemented.
The feature will be off by default in the preview build; users need to first make sure their Microsoft account is part of the Windows Insider program and that they are in the Fast Ring (the Fast Ring allows a certain number of Insiders who opted in to receive super-early builds for the next feature update of Windows 10). Then, they can verify that they’re running Build 19628 or higher, by running Windows Update and rebooting (by going to the Settings app > System > About).
To activate DoH, users can then:
Open the Registry Editor
Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters registry key
Create a new DWORD value named “EnableAutoDoh”
Set its value to 2
Since it was first proposed as a standard in 2018, DoH continues to gain traction, but it has been controversial. While organizations like the Electronic Frontier Foundation (EFF) have voiced support for encrypted DNS, some worry that the method swaps one privacy issue with another. Detractors argue that by routing traffic through a content distribution network management system (such as Cloudflare and others), new central repositories for DNS queries are being created that could be hacked or used to mine personal identifiable information (PII) data.
Despite these worries, in March 2018 both Google and the Mozilla Foundation had started testing versions of DoH: Google announced general availability of its Public DNS-over-HTTPS service last June, while the Mozilla Foundation in 2020 rolled out DNS-over-HTTPS by default for U.S.-based Firefox users.
Microsoft, for its part, did not say when the functionality will be widely available beyond the Windows Insider pre-release.
Windows 10 users get protection against PUAs
15.5.20 Net-security OS
Windows 10 users who upgrade to v2004 will finally be able to switch on a longstanding Windows Defender feature that protects users against potentially unwanted applications (PUAs).
What are PUAs?
Also called PUPs (potentially unwanted programs), PUAs are applications that often cannot be outright classified as malware, but still violate users’ security and privacy interests.
Some examples of PUAs:
Adware and ad-injectors (software that pushes ads onto users without their permission)
Software that tracks how users browse the internet (the goal is to sell that information to advertisers)
Software that pushes premium (paid) services on users and/or saddles them with such services
Software that installs a root certificate/a proxy server on a user’s device to monitor web traffic passing through it
Browser hijacking software (e.g., software that modifies users’ browser homepage and search page, steals cookies and hijacks their connections, and performs actions without their knowledge/consent), etc.
Reputation-based Windows protection against PUAs
Windows 10 v2004 (May 2020 Update), which is expected to be available for download later this month, will allow users to block the download and/or opening of potentially unwanted apps by simply switching on a control, which is available via the Windows Start menu:
Start > Settings > Update & Security > Windows Security > App & browser control > Reputation-based protection settings
The Block downloads option will work only for the Microsoft Edge browser, but Block apps will detect already downloaded and installed PUAs, no matter which browser the user uses.
The ability to block PUA downloads was already available to Edge users.
Also, the Windows Defender Antivirus has been able to detect and block PUAs for a while now, but only enterprise admins could enable the protection through Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, or via PowerShell cmdlets.
Kali Linux 2020.2: New look, new packages, new installer options
14.5.2020 Net-security OS
Offensive Security has released Kali Linux 2020.2, the latest iteration of the popular open source penetration testing platform.
Kali Linux 2020.2 changes
There are several cosmetic changes in this newest Kali Linux release:
Dark and light themes are now available for the KDE Plasma desktop environment
The login screen got new graphics and a new layout
New package logos for each tool
Other changes include:
PowerShell has become more accessible: it has been moved from the Kali Linux’s network repository to the kali-linux-large metapackage, meaning that it will be ready for use if users choose to install this metapackage during system setup or later, once Kali is up and running (through a simple command)
After recently switching the default “root/toor” credentials to “kali/kali” for desktop images and making the default user account a standard, unprivileged (non-root) user, Offensive Security decided to do the same for ARM images (“alternate flavors” of Kali for different ARM hardware)
New packages: the latest version of the GNOME desktop environment (v3.36), Joplin (an open source note taking and to-do application), Nextnet (a pivot point discovery tool), SpiderFoot (automated OSINT collection for reconnaissance), and Python 3.8. Also, the module for Python 2 has been re-included temporarily because some tools still need it
Kali’s Mobile pentesting platform, Kali NetHunter, got support for additional devices
New changes/options in the installer.
May 2020 Patch Tuesday: Microsoft fixes 111 flaws, Adobe 36
12.5.2020 Net-security OS
For the May 2020 Patch Tuesday, Microsoft has fixed 111 CVE-numbered flaws and Adobe 36, but none are under active attack.
May 2020 Patch Tuesday
Microsoft’s updates
For the third time in the last three months, Microsoft squashed over 100 CVE-numbered bugs. Of the 111 flaws fixed this time, 16 are rated critical and the rest important, but none of them are publicly known or under active attack.
Among the vulnerabilities of note that have been patched are:
CVE-2020-1135 – A vulnerability in the Windows Graphics Component that could allow attackers to elevate their privileges on a compromised system and do things like steal credentials, install malware, etc. The vulnerability is found in most Windows 10 and Windows Server builds and Microsoft deems it “more likely to be exploited.”
CVE-2020-1118 – A vulnerability in Windows’ implementation of Transport Layer Security (TLS) that could allow a remote, unauthenticated attacker to continually reboot the target system, resulting in a denial-of-service condition.
“An attacker can exploit this vulnerability by sending a malicious Client Key Exchange message during a TLS handshake. The vulnerability affects both TLS clients and TLS servers, so just about any system could be shut down by an attacker. Either way, successful exploitation will cause the lsass.exe process to terminate,” Trend Micro Zero Day Initiative’s Dustin Childs explained.
Richard Melick, Sr. technical product manager at Automox, urges Visual Studio Code users to patch CVE-2020-1192, a critical RCE flaw that can be triggered when the Python extension loads workspace settings from a notebook file.
Visual Studio Code is an extremely popular source-code editor developed by Microsoft. “Accounting for over 50% of the market share of developer tools, an attacker is not short of potential targets, and if successful, would have the ability to take control of the victim machine acting as the current user,” Melick noted.
“Once an attacker has gained access, they could be capable of stealing critical information like source codes, inserting malicious code or backdoors into current projects, and install, modify, or delete data. Due to the importance and popularity of Visual Studio Code, it is critical that organizations deploy this patch within 24 hours before this vulnerability is weaponized and deployed.”
Another Visual Studio Code has also been patched this month (CVE-2020-1171) and, despite being rated important, “there’s no indication as to why one is more severe than the other, so you should treat them both as critical,” Childs advised.
Melick also singled out CVE-2020-1024, a RCE flaw in Microsoft SharePoint, an increasingly popular team collaboration platform.
“If exploited successfully, this vulnerability would give an attacker the ability to execute arbitrary code from the SharePoint application pool and the SharePoint server farm account, potentially impacting all the users connected into and using the platform. If an attacker is able to access this critical component of the network, lateral movement throughout the connected filesystems would be difficult to contain. With Microsoft Sharepoint’s rise in use to support remote workers, addressing this vulnerability quickly is critical to securing a central hub of access to the full corporate network and data,” he pointed out.
The Microsoft SharePoint security updates also fix three additional RCEs (one of which appears to be very similar in nature to CVE-2020-1024), four XSS flaws, three spoofing vulnerabilities and one information disclosure weakness.
“Systems like SharePoint can often be difficult to take offline and patch, allowing RCE vulnerabilities to linger in your infrastructure,” noted Jay Goodman, strategic product marketing manager, Automox. “This gives attackers the ability to ‘live off the land’ and move laterally easily once access is gained via an existing exploit.”
Jimmy Graham, Senior Director of Product Management at Qualys, advises admins to prioritize browser, Scripting Engine, Media Foundation, Microsoft Graphics, and Microsoft Color Management patches for workstation-type devices, including multi-user servers that are used as remote desktops for users.
Adobe’s updates
Adobe has released security updates for Adobe Acrobat and Reader (for Windows and macOS) and for the Adobe DNG Software Development Kit (SDK) (for Windows and macOS).
The Acrobat and Reader updates carry fixes for 24 vulnerabilities, half of which are considered to be critical, as they can lead to arbitrary code execution or can be used to bypass a security feature. Cisco Talos has released more details about two of the remote code execution vulnerabilities (CVE-2020-9607 and CVE-2020-9609).
The DNG SDK update squash twelve security bugs, four of which could be exploited for remote code execution, the rest for disclosure of potentially sensitive information. Mateusz Jurczyk from Google Project Zero has been credited with reporting them. Users are urged to upgrade to version 1.5.1 of the SDK.
Windows 10 upgrade bug prevents HDR video streaming
10.5.2020 Bleepingcomputer OS
A bug is making it so users are unable to enable HDR video streaming after upgrading to Windows 10 1903 or later if they previously disabled the setting.
In a new support bulletin for Windows education versions, Microsoft states that if a user running Windows 10 1809 had disabled the "Stream HDR video" option and then upgraded to Windows 10 1903 or later, they may not be able to enable it again.
"In Windows 10, version 1809, you turn off the Stream HDR video switch and then upgrade to Windows 10, version 1903 or later. In this scenario, you can't re-enable the Stream HDR video switch to stream high-dynamic-range (HDR) videos," Microsoft stated in a new support bulletin.
To fix this issue, Microsoft says you can perform one of two steps; roll back to Windows 10 1809, enable the setting, and then upgrade again or make a change in the Registry.
If you have recently upgraded to Windows 10 1903 or later within the last ten days, you can restore back to Windows 1809 and enable the setting.
Then upgrade again to the latest version of Windows 10 and install all the available updates.
For those who do not wish to deal with the whole process of downgrading to Windows 10 1809 or are unable to, you can also fix it by making a Registry setting change.
Microsoft states that you can enable this feature again by setting the EnableHDRForPlayback value to 1 under the HKCU\Software\Microsoft\Windows\CurrentVersion\VideoSettings key.
To enable this key, open a Windows 10 elevated command prompt and execute the following command:
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\VideoSettings” /v EnableHDRForPlayback /t REG_DWORD /d 1
Making Registry changes
After running this command, users will need to reboot Windows, and on restart, and the feature will now be enabled on devices with supported monitors.
Windows 10's Game Mode reportedly causing freezes, FPS issues
10.5.2020 Bleepingcomputer OS
Gamers have been reporting that the Windows 10 Game Mode feature which should help them get more stable frame rates is instead causing stutters, freezes, and FPS issues while being enabled.
Users of Windows 10 systems with both AMD and NVIDIA graphics cards have mentioned experiencing serious performance issues in several games including Call of Duty: Warzone, League of Legends, Destiny 2, Terraria, and more.
AMD Radeon RX 580, RX 570, RX 480, R9 290, RX 5700 XT, as well as NVIDIA GeForce GTX 1080 Ti, 980, 950M, and other graphics cards from both vendors have been impacted according to hundreds of gamers who complained about these ongoing issues (1, 2).
Windows 10 Game Mode settings
This is quite puzzling seeing that Microsoft describes the Game Mode Windows 10 feature as being designed to prioritize the users' gaming experience.
It does this by blocking Windows Update from installing drivers and sending restart notifications while the user is in-game, as well as stabilize the game's frame rate depending on each game's requirements and the system it runs on.
The Game Mode feature is also turned on by default on all Windows 10 devices according to Microsoft's Xbox support site.
If you have been experiencing any of these issues, you should toggle off the Game Mode feature using the steps below to see if it helps:
Press the Start button, and then select Settings.
Choose Gaming > Game Mode.
Turn Game Mode On or Off.
However, based on information from the Windows support website, "some games automatically turn on Game Mode."
This means that even if you turn it off to get rid of the performance issues reported by AMD and NVIDIA users during the last week, it might still be re-enabled in the background without your knowledge.
The Game Mode feature was introduced in Windows 10 with the Creators Update (aka Windows 10 version 1703) on April 11, 2017.
"With Game Mode, it’s our goal to provide a better and more consistent gaming experience on Windows 10, by dedicating more system resources to your game," Microsoft said at the time.
Microsoft leak: Windows 10 2004 being released last week of May
10.5.2020 Bleepingcomputer OS
A new Microsoft Driver Shiproom Schedule has leaked that the May 2020 Update will start rolling out in the last week of May 2020.
Windows 10 2004, otherwise known as the May 2020 Update, was initially scheduled to be released on May 12th, 2020, as part of May's Patch Tuesday.
Due to the pandemic, Mary Jo Foley reported that the May feature update was pushed back from May 12th to May 28th, 2020.
Driver shiproom schedule leaks May 2020 Update release date
To increase the reliability and quality of updates, Microsoft does not allow drivers to be released one day before and after the "Latest Cumulative Updates" (LCU) released on Patch Tuesday and two days before and after a feature update.
To make it easier for developers to schedule the release of their drivers, Microsoft releases a Driver Shiproom Schedule that shows the dates that LCUs and feature updates are released.
Today, Microsoft released an updated 2020 Driver Shiproom Schedule, which now indicates that a feature update will be released between May 26th and May 28th, 2020.
2020 Driver shiproom schedule
Click to see full size
If we zoom into the May 2020 schedule, you can see that May 25th is the Memorial Day holiday in the USA, and the 26th, 27th, and 28th are enclosed in a yellow box. According to the legend, this yellow box indicates a feature update will be released.
May schedule with a zoomed-in legend
This schedule does not necessarily indicate which of the blocked off dates the feature update will be released, but just that those three days have been set aside and that drivers can not be released on those days.
It should be noted that the 2019 Driver Shiproom Schedule had set aside May 20th through May 22nd, 2019, for the release of Windows 10 1903. The feature update was eventually released on May 21st, 2019.
Intel graphics drivers now officially support Windows 10 2004
10.5.2020 Bleepingcomputer OS
Intel has released updated Windows 10 graphics drivers that are now officially compatible with Windows 10 2004 and add support for new DirectX 12 features.
Later this month, Microsoft is releasing the next Windows 10 feature update known as the May 2020 Update. This update will increase the version of the operating system to Windows 10 2004 and will introduce many new features.
With this release, the operating system will use Windows Display Driver Model 2.7, which includes a variety of new DirectX 12 graphics features.
To prepare for the release of Windows 10 2004, Intel has released Intel Graphics - Windows 10 DCH Drivers 27.20.100.8187, which is WDDM 2.7 compliant and adds support for DirectX 12 Shader Model 6.5.
"This driver is WDDM 2.7 compliant and ready for the Windows 10 May 2020 Update. It introduces support for Dolby Vision and the new DirectX* 12 Shader Model 6.5 compiler on 7th Generation Intel® Core processors or higher (Intel® HD Graphics 610 or higher)."
To be able to use these new features, a computer must be using a 7th generation Intel Core processors or later and Intel HD Graphics 610 and later.
New unlocked driver support
In the past, when users wanted to update their Intel display drivers, they needed to go to their hardware manufacturer and download OEM drivers configured to their specifications.
In most cases, this caused OEM Intel display drivers to be outdated compared to the versions that could be downloaded directly from Intel's site.
Intel's latest drivers, including version 27, are now 'unlocked' so users can freely upgrade their hardware with the generic DCH drivers released more frequently by Intel.
"We heard how much our users want the freedom to upgrade their systems to our regularly released generic graphics drivers and enable our latest game enhancements, feature updates, and fixes. As of this release, Intel Graphics DCH drivers are now unlocked to upgrade freely between Computer Manufacturer (OEM) drivers and the Intel generic graphics drivers on Download Center. Simply use the EXE and enjoy the update on your 6th Generation Intel Processor platform or higher, and don’t worry about your OEM customizations, they remain intact with each upgrade and the OEMs can maintain customizations separately via Microsoft* Windows Update," Intel explains.
To use this feature, users need to be using Windows 10 1709 or later and an Intel Processor generation 6th Gen or later.
Users can then follow these steps to install the generic DCH drivers on their computers:
Verify you're on a supported Processor generation (6th Gen+) and OS version (1709|RS3+)
Disconnect the internet connection so Windows Update won't automatically reinstall a previous OEM driver.
Open Device Manager > Display Adapters > right-click [Intel Graphics] > Uninstall Device
Important: Check-mark "delete the driver software for this device"
Click 'Scan for Hardware Changes'
Note: Many older versions can be stored on the system to roll back to
If another Intel Graphics is reinstalled, repeat 3 & 4 until Basic Display Adapter is shown, not the Intel driver.
Reboot
Install this driver
Reboot and reconnect internet
Verify this driver is installed in Device Manager
Run Windows Update in case there are OEM customizations to reinstall
Using this method, Windows 10 users will now be able to update their Intel graphics drivers more frequently while still using OEM customizations for their specific hardware.
Windows 10 Build 19624 released with Windows Update fixes
10.5.2020 Bleepingcomputer OS
Microsoft has released Windows 10 Build 19624 to the Fast ring with fixes for issues affecting the Windows Update service that can lead to errors and prevent updates from being correctly installed.
The Windows 10 Insider Preview Build 19624 fixes "an issue resulting in Windows Update failing with error code 0x800700b7," Windows Insider Program senior program manager Brandon LeBlanc explained.
Additionally, today's build also comes with a fix for "a deadlock that could result in Windows Update’s checking for updates not completing and showing as in progress until Settings was closed and reopened."
Hey Folks! While we await the new Surface toys, we have new flight for #WindowsInsiders in the Fast ring. Check out Build 19624! ^AL https://t.co/eAM3VFQMW2 pic.twitter.com/cNFVSoCzrE
— Windows Insider (@windowsinsider) May 6, 2020
Microsoft has also updated the 'Optional Updates Available' section shown within Windows Update's settings to allow users to copy the displayed text.
The build also comes with a couple of Windows Update known issues where the update process might hang for some devices while for others it may fail to update with an 0xc0000409 error code.
This new Windows 10 Preview build also provides Insiders with quick access to trusted info regarding the coronavirus pandemic via the Windows search bar.
If you are a Windows Insider in the Fast ring, you can update to the Insider Preview Build 19619.1000 by going into Settings -> Update & Security -> Windows Update and then checking for new updates.
General changes & improvements
We’re temporarily turning off the new search box in the default apps Settings pages while we work on improving performance and reliability.
We’re updating the VPN connection logic based on feedback, so that if you disconnect from a VPN network, it will now uncheck the option to auto-connect (similar to how it’s handled for Wi-Fi).
Based on feedback we’re updating the text of the Add a Device dialog so the list of examples under Bluetooth includes controllers.
We’re updating the Optional Updates Available section that appears in Windows Update settings, so that you will now be able to copy the text in case you need it.
Fixes
We’ve fixed an issue that was causing unexpected flickering across Windows shell surfaces and apps in the last two builds.
We’ve fixed an issue causing IIS configuration to be set to default after taking a new build.
We’ve fixed an issue causing a transient access error when quickly switching between WSL distros using the File Explorer integration.
We fixed an issue impacting explorer.exe reliability for some Insiders recently.
We fixed an issue resulting in Settings and the taskbar volume flyout crashing recently when selecting certain endpoints from the audio endpoint list.
We fixed a race condition that could result in VPN not auto-connecting (if it was set up to do that) after upgrade.
We’ve fixed an issue where the battery icon on the lock screen always shows close to empty, regardless of actual battery levels. If you’re still experiencing this issue, please report it in the Feedback Hub.
We fixed a recent issue where if you opened your laptop after it’d been asleep, and it was connected to an external monitor with an external camera, Windows Hello would recognize you but not dismiss the lock screen.
We fixed an issue that could result in your device bug checking after it’d been asleep.
We fixed an issue resulting in certain Bluetooth mice being very slow to reconnect to your device after it’d been asleep.
We fixed an issue preventing you from navigating out of the Connect app’s settings dialog using a mouse.
We fixed an issue resulting in Windows Security’s Core Isolation feature failing to enable on certain devices recently.
We fixed an issue resulting in Windows Update failing with error code 0x800700b7.
We fixed a deadlock that could result in Windows Update’s checking for updates not completing and showing as in progress until Settings was closed and reopened.
We fixed an issue where some of the buttons and links on the Language Settings page weren’t the correct color when using high contrast.
We fixed an issue where the text in the Optimize Drives window under Scheduled Optimization section would be truncated in a number of different languages and at certain text scaling levels.
Known issues
We’re aware Narrator and NVDA users that seek the latest release of Microsoft Edge based on Chromium may experience some difficulty when navigating and reading certain web content. Narrator, NVDA and the Edge teams are aware of these issues. Users of legacy Microsoft Edge will not be affected. NVAccess has released a NVDA 2019.3 that resolves the known issue with Edge.
We’re looking into reports of the update process hanging for extended periods of time when attempting to install a new build.
We’re looking into an issue where some may devices fail to update to this build with error code 0xc0000409. If you experience this error, you may consider pausing updates until a future flight.
We’re working on fixing an issue for a future Insider Preview build where in Settings > Privacy the Documents and Downloads sections show a broken icon next to their page name (just a rectangle).
Microsoft releases May Office updates with fixes for auth issues
10.5.2020 Bleepingcomputer OS
Microsoft released the May 2020 non-security Microsoft Office updates with fixes for several issues and performance improvements to Windows Installer (MSI) editions of Office 2016 and Office 2013.
For instance, the KB4484328 update fixes an issue leading to blank authentication prompts being displayed when offline auth is enabled in Microsoft Office 2016
KB4484337 fixes another auth issue affecting PowerPoint 2016 where the password dialog box remains enabled even after disabling it using the DisablePasswordUI registry key.
Microsoft also fixed issues causing Outlook to crash when a user forwards a message with removed attachments or when users try to mark messages as read from the Unread folder in KB4484343.
May 2020 Office non-security updates
Four of the Office May 2020 non-security updates apply to the entire Microsoft Office 2016 software suite, while five others fix problems impacting Microsoft Outlook 2016, Microsoft PowerPoint 2016, Microsoft Project 2016, Microsoft Word 2016, and Skype for Business 2015.
The updates published today by Microsoft can be manually downloaded and installed from the Download Center or by using the Microsoft Update service for automatic installation.
The Microsoft Office updates released today apply to Microsoft Installer (.msi)-based Office products and do not apply to Office subscription or Office 2016 Click-to-Run editions like Microsoft Office 365 Home.
The list of updates issued today and the Office product they apply to is available below.
Product Knowledge Base article
Microsoft Office 2016 KB4484339
Microsoft Office 2016 KB4484328
Microsoft Office 2016 KB4484327
Microsoft Office 2016 KB4484325
Microsoft Outlook 2016 KB4484343
Microsoft PowerPoint 2016 KB4484337
Microsoft Project 2016 KB4484345
Microsoft Word 2016 KB4484341
Skype for Business 2015 KB4484289
Some of these updates may require a reboot
It is also important to mention that, after applying some of these updates, you may also be asked to restart your computer.
If your Office installation starts misbehaving after the update, you can easily uninstall the problematic update using these steps:
Go to Start, enter View Installed Updates in the Search Windows box, and then press Enter.
In the list of updates, locate and select the offending update, and then select Uninstall.
Depending on the Office update you install, you may also have to install other updates for the issue to be completely fixed on your Windows device.
Microsoft also fixed a total of 55 security updates and five cumulative updates for seven different products as part of last month's Office security updates.
Five of them patched critical bugs allowing potential attackers to run scripts as the current user and to remotely execute arbitrary code on unpatched systems.
LineageOS outage caused by hackers breaching main infrastructure
9.5.2020 Bleepingcomputer OS
Administrators of LineageOS Android custom operating system were on high alert on Saturday after hackers breached their main infrastructure, causing a full outage.
The attackers exploited a high-severity vulnerability in the open source “Salt” management framework that was disclosed to the public on April 30, a day after maintainers released new versions that fixed the issue.
All systems down
In just two days, the intruders scanned the internet for vulnerable Salt master installations and acted against them. In a short tweet, LineageOS reported the attack saying that it occurred on may 2, around 8 p.m. PST and that the source code remained unaffected.
source: LineageOS
Although the incident forced LineageOS to take offline all its service, it did not impact the signing keys that authenticate distributions because they are stored on hosts separate from the main infrastructure.
Builds were also unaltered as they had been “paused due to an unrelated issue since April 30th,” according to details on the project’s status page.
In all, the intrusion affected the following services: mail servers, download mirrors, statistics, the download portal, and the Gerrit Code Review collaboration system used in development.
Sunday morning at 3 a.m. the LineageOS team managed to restore the website, email, wiki, and some internal services. At the moment, Gerrit is also up and running.
Bugs reported earlier this week
Salt is a server management tool from SaltStack for event-based automation and remote task execution. Designed for infrastructures and configuration management for any app stack, it is typically deployed on servers in data centers and cloud setups.
Researchers at F-Secure on April 30 published details about two vulnerabilities in Salt that are exploitable to achieve remote code execution with root privileges.
One of them, identified as CVE-2020-11651, is an authentication bypass on the master server that allows pushing to client servers (minions) commands that are executed as root.
The other, tracked as CVE-2020-11652, is a path traversal that provides access to the entire filesystem of the master server.
In the advisory, F-Secure said that “any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours.” More than 6,000 vulnerable Salt instances were exposed to the public internet at the time of the report.
Office 365 to stop data theft by disabling external forwarding
9.5.2020 Bleepingcomputer OS
Microsoft is planning to put a stop to enterprise data theft via email forwarding by disabling Office 365's email forwarding to external recipients by default.
The company also wants to add improved external email forwarding controls which will allow Office 365 admins to enable the feature only to select employees in their organizations.
"External forwarding of email is a tactic used by attackers to exfiltrate data out of an organization and controlling that process is difficult," Microsoft explains on the new feature's Microsoft 365 roadmap entry.
"With this new feature, we are adding support for more granular controls that allow the Office 365 administrators to easily enable external forwarding for the right people in the organization through the outbound spam policy."
The new feature is planned to be generally available and start to roll out to all environments with an Office 365 Advanced Threat Protection (ATP) plans starting with the fourth quarter of 2020.
How to stop auto-forwarding for emails
Until external email forwarding will be disabled by default, Microsoft provides step by step instructions on how to stop it manually to prevent hackers from stealing proprietary information by exfiltrating it to outside email addresses under their control.
To do this, you will have to create a custom mail flow rule by following these steps:
• Go to the Exchange admin center, select Exchange, mail flow, and on the rules tab, select the plus sign and choose to create a new rule.
• Select More options. Name your new rule.
• Then open the drop-down to apply this rule if, select the sender and then is external internal.
• Select Inside the organization, and then OK.
• Choose to add condition, open the drop-down, select The message properties, then include the message type.
• Open the select message type drop-down, choose Auto-forward, then OK.
• Open the Do the following drop-down, select Block the message, then reject the message and include an explanation.
• Enter the message text for your explanation, then select OK.
• Scroll to the bottom and select Save.
Once the rule has been created, attackers will no longer be able to enable auto-forwarding for that user's mailbox.
A video tutorial for this entire procedure is also embedded below.
Increase your org's security
Redmond also has a list of ten measures you can take to boost your organization's data security for both Microsoft 365 Business Standard and Microsoft 365 Business Premium service plans.
The list of tasks you need to go through to increase the security of your organization:
1. Set up multi-factor authentication (MFA) to prevent hackers from taking over accounts if they know the password.
2. Train your users to use strong passwords, protect their devices, and enable security features on Windows 10 and Mac PCs.
3. Use dedicated admin accounts.
4. Raise the level of protection against malware in mail (guidance on how to do that is available in this training video).
5. Protect against ransomware by blocking file extensions commonly used for ransomware using mail flow rules.
6. Stop auto-forwarding for email.
7. Use Office Message Encryption.
8. Protect your email from phishing attacks using an ATP anti-phishing policy.
9. Protect against malicious attachments and files with ATP safe attachment policies.
10. Protect against phishing attacks with ATP Safe Links.
Part of a broader push to secure Office 365
This new Office 365 ATP feature is part of a larger effort to make the cloud-based email filtering service secure by default as Microsoft also wants to include a new feature that will block email sender domains automatically if they fail DMARC authentication.
Redmond is also working on including automated malicious content blocking in Office 365 regardless of admin or user custom configurations unless manually overridden.
Once this new feature will be enabled, Office 365 will honor EOP/ATP malware analysis (detonation) verdicts to automatically block known malicious files and URLs.
In October 2019, Microsoft also enabled Authenticated Received Chain (ARC) for all hosted mailboxes to improve anti-spoofing detection. The ARC protocol supplements the DKIM and DMARC email authentication protocols as part of Internet Mail Handlers' effort to combat email spoofing especially when dealing with forwarded messages.
Debloating Windows 10 and increasing privacy with SharpApp
9.5.2020 Bleepingcomputer OS
A new utility called SharpApp has been released that helps you debloat and increase privacy in Windows 10 by uninstalling preinstalled apps and disabling various telemetry settings.
Developed by MirinSoft, SharpApp is a frontend to various PowerShell scripts that will automate the process of uninstalling preinstalled apps (debloating), disabling various Windows 10 telemetry features, and quickly installing a variety of useful applications.
"SharpApp is a free and portable tool building upon a PowerShell engine and community powered script files for disabling telemetry functions in Windows 10, uninstalling preinstalled apps, installing software packages and automating Windows tasks with integrated PowerShell scripting," SharpApp's GitHub repository reads.
Using SharpApp in Windows 10
When started, users will be presented with a screen asking what privacy templates they would like to install, which will install a variety of PowerShell scripts that can be executed to perform different tasks.
Caption
When first using SharpApp, MirinSoft recommends that all users utilize the 'Basic Template', which is already preinstalled, to enable various privacy settings in Windows 10. They also recommend that all users run this template every time they upgrade Windows 10, as telemetry settings may have been reset.
To add further functionality, users can also install the "Interactive template" and "Silent template" PowerShell scripts to perform interactive or automated removal of preinstalled Windows apps, turn off data collection, or install common and popular software on the computer.
To use an installed template, users need to go to the 'Scripting' section and then select the 'Installed PowerShell scripts' dropdown to see a list of installed PowerShell scripts.
As you can see below, SharpApp comes with the appsPrivacyTemplate (disables telemetry in third-party apps) and the basicPrivacyTemplate (disables Windows 10 telemetry) scripts already preinstalled.
Preinstalled Templates
When you select a particular script, the PowerShell script and a brief description of what will be changed is displayed.
basicPrivacyTemplate PowerShell script
To run the basicPrivacyTemplate script, select it from the drop-down and then click 'Run Script'.
After applying the basicPrivacyTemplate, you can always revert these changes by executing the '_undobasicPrivacyTemplate' script.
Debloating Windows 10
To debloat Windows 10 and remove unnecessary preinstalled apps, you can install the 'Interactive template' from the Windows section and then run the 'Windows10Debloater' script, as seen below.
Windows10Debloater
This process can take a while, so please be patient while it is running. You can tell that the script is running as the 'Run Script' button will now be renamed to 'Processing'.
To illustrate how the Windows10DeBloater script works, below is what my Windows 10 Start Menu looked like before running the script.
Original Start Menu
Below is how the Start Menu looked after the script finished.
After Windows 10 Debloating
Other utilities
In addition to the various PowerShell scripts that can be executed, SharpApp also includes an Apps, Telemetry, and Packages section that allows you to manually remove preinstalled applications, block Windows 10 telemetry hosts, and install popular software.
For example, below is the 'apps' section where it lists all preinstalled apps and allows you to remove them manually.
Apps section to manually remove preinstalled apps
The 'telemetry' section makes it easy to install various HOSTS files from WindowsSpyBlocker that block hostnames associated with Microsoft and Windows telemetry.
Finally, the 'packages' section offers a list of popular utilities, security software, and applications that you can create Ninite installers for and deploy on the computer.
Packages section allows you to install popular programs
Overall, SharpApp is a useful tool for quickly disabling various telemetry settings in Windows 10, removing unwanted preinstalled apps, and quickly install popular software.
If you give it a try, let us know what you think.
Microsoft Edge getting improved security, work at home features
3.5.2020 Bleepingcomputer OS
Microsoft is testing a new version of Edge with Insiders and it comes with multiple new features including improved SmartScreen support.
Microsoft Edge Dev v84.0.495.2 updates SmartScreen, which is a feature that blocks you from visiting web sites and download that are known to exhibit malicious behavior.
When downloading a file, SmartScreen checks it against a Microsoft database and will only allow you to run it if the app has been determined to be safe.
After Edge's latest update, SmartScreen can now potentially block unwanted apps that are downloaded as ClickOnce or DirectInvoke apps.
ClickOnce is a deployment method that allows developers to create Windows applications that can be installed with minimal user interaction and are safe updating.
DirectInvoke technology allows an application to open a file based on its URL rather than having it downloaded first to the local file system.
By adding support for both of these technologies, Microsoft Edge can now block a large range of malicious documents from being opened.
Here's the full changelog:
Added the ability for Guided Switch to offer to switch to personal profiles instead of just work or school profiles.
Added a keyboard shortcut (Alt+Shift+R on Windows) to show the options bar in Immersive Reader.
Added support for SmartScreen to block potentially unwanted apps that are downloaded as ClickOnce or DirectInvoke applications.
Added the ability for developers to debug Edge instances that are running in headless mode.
Multiple profile improvement
For Microsoft Edge 83 and newer, Microsoft says it's rolling out another new feature that will help you get to your work content more easily when you use multiple profiles.
The feature is called 'Automatic Profile Switching' and Microsoft says it will switch you to your work profile when you navigate to a work site.
"When we detect this, we will prompt you to switch to your work profile to access that site without having to authenticate to it. When you choose the work profile you want to switch to, the website will simply open in your work profile," Microsoft said.
Windows 10 Search now gives easy access to COVID-19 info
3.5.2020 Bleepingcomputer OS
Windows 10 is now making it easier to access the latest Coronavirus information via new buttons show in Windows Search.
Starting this week, when clicking in the Windows Search field, a new section called "Get the latest coronavirus updates" will be displayed.
New Coronavirus section in Windows Search
This section contains a 'View interactive map' button that opens Bing's COVID-19 tracker and a 'See Headlines' button that opens up to the latest Coronavirus news on MSN.
Microsoft has already started to rollout out this new Windows Search feature to 33 markets and will continue to roll it out worldwide over the next week.
COVID-19 Tracker released as an app
Microsoft has also released the Bing COVID-19 Tracker as a standalone app in the Microsoft Store.
COVID-19 Tracker app
In our tests, the app can be a little buggy and tends to crash when being resized.
Otherwise, it provides the same information as can be seen on Bing.
Microsoft releases Windows 10 Build 19619 with freeze fixes
3.5.2020 Bleepingcomputer OS
Microsoft has released Windows 10 Insider Preview Build 19619 to Insiders in the Fast ring with fixes for frequent freezes on some systems, music controls to the Your Phone app, and quick access to COVID-19 info from search.
"We fixed an issue resulting in some Insiders experiencing bugchecks with error DPC WATCHDOG VIOLATION in the last few builds," Windows Insider Program senior program manager Brandon LeBlanc said. "This is also believed to be the root cause of some Insiders experiencing their PC frequently freezing."
This new Windows 10 Preview build also provides Insiders with quick access to trusted info regarding the coronavirus pandemic via the Windows search bar.
If you are a Windows Insider in the Fast ring, you can update to the Insider Preview Build 19619.1000 by going into Settings -> Update & Security -> Windows Update and then checking for new updates.
The most notable changes found in this new Windows 10 Insider build are detailed below.
Your Phone app music and audio controls
Microsoft has added new controls to the Your Phone app allowing Windows insiders to control the music and audio playing on their smartphones from their Windows 10 devices.
"Now you can access and control the audio apps playing from your phone directly within the app, without needing to split your attention between devices or breaking your workflow," LeBlanc added.
"Your audio tracks will remain in sync between your phone and PC, and you can switch between multiple sources using the dropdown in the player. Give it a try and let us know what you think!"
Your Phone music controls (Microsoft)
The new Your Phone audio controls added in the Windows 10 Insider Preview Build 19619 allow users to:
See and interact with audio apps playing on their smartphone.
Viewing audio title track details synced to the track playing on the phone.
Control tracks from their computers, including play, pause, previous/next.
Switch between audio sources using the audio player dropdown menu.
To use the Your Phone app, you need a device running Windows 10 October 2018 Update or later, a smartphone running Android 7.0+, and audio apps that provide controls within Android's notifications.
Some of the apps supported by this new Your Phone feature are Spotify, Pandora, Amazon Music, Google Play Music, YouTube Music, Xiami Music, and Google Podcast.
At the moment the music controls feature is slowly rolling out to Your Phone users therefore it might take a few days until it will land on your device.
General changes & improvements:
If the Sync button under Settings > Time & Language > Time fails due to network connectivity, the error now tells you that’s the issue.
Fixes:
We fixed an issue while typing into the browser that could result in the Japanese IME unexpectedly being in Private mode even though the browser wasn’t in inPrivate mode.
We fixed an issue causing many Schannel errors to appear in the System event log.
We fixed an issue resulting in some unexpected characters showing up in the text strings of intl.cpl’s Additional Settings > Currency.
We fixed an issue resulting in stordiag.exe crashing on launch if you tried to open it while running a repro mode trace while filing feedback under the “Disks and Storage” context in the Feedback Hub.
Known issues:
We’re aware Narrator and NVDA users that seek the latest release of Microsoft Edge based on Chromium may experience some difficulty when navigating and reading certain web content. Narrator, NVDA and the Edge teams are aware of these issues. Users of legacy Microsoft Edge will not be affected. NVAccess has released a NVDA 2019.3 that resolves the known issue with Edge.
We’re looking into reports of the update process hanging for extended periods of time when attempting to install a new build.
We’re still investigating an issue where the Documents and Downloads sections under Privacy show a broken icon next to their page name (just a rectangle).
We’re investigating reports that the battery icon on the lock screen always shows close to empty, regardless of actual battery levels.
We’re investigating reports of IIS configuration being set to default after taking a new build. You will need to back up your IIS configuration and restore it after the new build is installed successfully.
Quickly switching between WSL distros using the File Explorer integration could cause a transient access error. We’ve identified the cause of this issue and are releasing a fix soon.
Microsoft releases Sysmon 11 with auto-backup of deleted files
3.5.2020 Bleepingcomputer OS
Microsoft has released Sysmon 11, and it now comes with an important feature that allows you to monitor for and automatically archive deleted files on a monitored system.
If you are not familiar with Sysmon, or System Monitor, it is a Sysinternals tool that is designed to monitor systems for malicious activity and log those events to the Windows event log.
Sysmon 11.0
This allows administrators to detect malicious activity occurring on their network after they are breached or to perform incident response and digital forensics to learn more about how an attack took place.
Why monitoring file deletions is important
With the release of version 11, Sysmon can now monitor for file deletions and automatically archive files when they are deleted.
This tool extremely useful for incident responders when performing digital forensics or mitigation of security breaches.
When attackers breach a network, they will use a variety of tools to spread laterally throughout a network.
After gaining full access to a network and harvesting it of any valuable data, attackers will then commonly deploy malware, such as ransomware, on to the victim's network to encrypt all of the devices.
These tools and malware executables are then commonly deleted by the attackers, so that incident responders and researchers are unable to analyze them for weaknesses or to learn how they breached the network.
With the addition of Sysmon's new file deletion monitoring and archiving feature, gaining access to the tools and malware executables used in an attack will be much easier for incident responders.
By having these files, researchers will learn more about the tactics, techniques, and procedures (TTP) of an attacker that allow better defenses to be created.
Using Sysmon's new file deletion monitoring
To download Sysmon 11, you can go to its Sysinternal's Sysmon page or download it from https://live.sysinternals.com/sysmon.exe. Once downloaded, you need to run it from an elevated command prompt, as it requires administrative privileges to run.
By default, Sysmon will monitor basic information such as process creation and file time modifications, but it is possible to configure it to log many other events.
To use the new Sysmon 11 file deletion and archiving feature, we need to add the new ArchiveDirectory and FileDelete configuration options to our Sysmon configuration file.
This configuration file can then be loaded into Sysmon with the following command:
sysmon -i sysmon.xml
A basic configuration file that enables the file deletion monitoring and the archiving of all deleted files to the \DeletedFiles folder can be seen below.
Enable file deletion monitoring and archiving
In our configuration file, we are specifying that the ArchiveDirectory is named "DeletedFiles". This option tells Sysmon to store a copy of the deleted file in the root of the drive in a folder called DeletedFiles. This folder name can be changed to anything of your choosing.
For the "FileDelete" option we used an onmatch="exclude" configuration, but did not specify anything to exclude. This option will cause Sysmon to monitor all files that are deleted.
Once Sysmon is started with the above configuration file, it will begin logging file deletion events to Applications and Services Logs/Microsoft/Windows/Sysmon/Operational in the Event Viewer.
Below you can see an example of a file called rw.exe being deleted from the %Temp% folder.
File Deletion Event
Based on our configuration, when a file is deleted from the C:\ drive, it will be archived in the C:\DeletedFiles. All archived files will be named in the format of "sha1-hash.extension".
For example, the above file was archived as C:\DeletedFiles\C24FEDB9B8A592722D5A9ADB34D276FC3B329D6F.exe.
This archive directory is protected with a System ACL and to access it you will need to download the psexec.exe program and launch a cmd prompt with System privileges using the following command:
psexec -sid cmd
After the new command prompt is launched, we can go into the C:\DeletedFiles folder to access the deleted files.
Archived deleted files
The above example is just a small sample of what System Monitor can do when monitoring for malicious activity.
For those who want to learn more about Sysmon, it is strongly recommended that you read the documentation on Sysinternals' site and to play around with the tool.
There is no better way to learn how to use this program then by creating a configuration files and see what events are written to the event log.
If you want to use a premade Sysmon config file that was designed to monitor malicious traffic and threats, you can use SwiftOnSecurity's Sysmon configuration file on GitHub.
Microsoft investigating Windows 10 KB4549951 BSOD reports
2.5.2020 Bleepingcomputer OS
Microsoft is investigating Bluetooth issues, failures to install, and blue screen reports received from users who have installed or attempted to install the KB4549951 cumulative update released during this month's Patch Tuesday.
KB4549951 provides customers with security fixes for devices running Windows 10, version 1909, and Windows 10, version 1903, and it can be installed automatically by checking for updates via Windows Update or manually from the Microsoft Update Catalog.
Windows admins can also distribute the update to users via Windows Server Update Services (WSUS). Customers who have automatic updates enabled don't need to take any further actions.
As we have reported last week, users are reporting a wide assortment of issues when installing and after deploying KB4549951, ranging from blue screens of death (BSODs), failures to install, networking issues, display issues, and system freezes when trying to use streaming services.
Others are saying that their Windows 10 installation is completely broken with their devices being unable to boot again after installing the KB4549951 update.
Microsoft is investigating reports
While Microsoft hasn't yet acknowledged these issues, an update has been added to KB4549951's entry on April 24, as well as a new known issue to the Windows 10 health dashboard one day after BleepingComputer's article on the users' reports.
"We have seen social media reports related to KB4549951 that mention Bluetooth, a stop error with a blue screen, and other related issues," Microsoft says.
"To date, we have not seen these issues reflected in telemetry, support data, or customer feedback channels. We continuously investigate all customer feedback and are closely monitoring this situation."
Microsoft is asking customers who have been experiencing issues related to the KB4549951 to report them via the Feedback Hub.
"Please provide feedback using the keyboard shortcut Windows + F or go to the Start menu and select Feedback Hub so that we can investigate," Microsoft says.
What to do about KB4549951 issues
Users who haven't yet installed the KB4549951 cumulative update and want to prevent it from causing any issues during and after the install process, can pause new updates or block this specific update from installing using the steps detailed in this tutorial that should help you prevent new Windows 10 updates from ruining your day.
If you have already deployed the update on your device and the issues you are experiencing are making your Windows 10 computer unusable and you can follow the procedure described below to roll back KB4549951 — of course, if you are willing to remove the security fixes it comes with.
According to the update's details from the Microsoft Update Catalog, KB4549951 can be removed "by selecting View installed updates in the Programs and Features Control Panel."
Uninstalling the KB4549951 update
The step by step procedure requires you to open Control Panel, go to Programs and Features, and then click on View installed updates in the left sidebar.
Next, you have to right-click on its entry and confirm when asked if you are sure that you want to uninstall it. Next, you'll have to click 'Yes' when asked and then restart your device.
How to prevent new Windows 10 updates from ruining your day
2.5.2020 Bleepingcomputer OS
Every month, Microsoft releases new Windows 10 updates that are designed to fix security vulnerability, fix bugs and performance issues, and add new features. Unfortunately, due to coding bugs, the size of the Windows user base, and the varied hardware it is installed on, there are always bugs encountered after new updates are released.
Some of these bugs, though, are critical as they could break features, drivers, Windows, or the device itself if you have incompatible software or the update itself is botched.
For example, a recent Windows 10 update for November 2019 and May 2019 Update computers is causing dreaded Blue Screen of Death (BSOD) and data loss.
Others reported a wide range of issues, including broken Bluetooth, internet connectivity issues, reduced performance, freezes and installation issues, and other problems.
Even worse, in February 2020, Windows 10 KB4532693 was released to fix security issues with Edge and other core components, but several users encountered a file deletion bug caused by an incorrect user profile.
Fortunately, Microsoft allows Windows 10 Home, Pro, and Enterprise customers to control when and how Windows 10 installs monthly and half-yearly updates. If a driver or update causes problems, you can delay updates, or you can uninstall it and block Windows from downloading it again.
The only time we suggest that you install updates immediately is when Microsoft releases fixes on Patch Tuesday for know vulnerabilities that are being actively exploited or that require immediate attention.
In this guide, we'll walk you through the steps to control and manage Windows Updates to delay or block a particular update that you don't find suited for your device or until you know that the update is not causing problems.
Method 1: Pause updates
For those who want to completely pause new updates until you know they are not problematic, Windows 10 Home, Pro, and Enterprise customers can do so via the settings app.
For Windows 10 Home users, the pause feature works for only 28 days and 7 days in the preview builds. On the other hand, Windows 10 Pro and Enterprise users can delay the update for more than 28 days via the Settings app and as well as Group Policy.
To pause updates, follow these steps:
Open Settings.
Go to Update & security.
Click 'Choose Advanced options'.
Under the 'Pause updates' section, select a date under the 'Pause until' section to prevent updates from being installed until that day.
For more detailed info on Group Policy and Registry, you can see our dedicated article: How to Pause Windows 10 Automatic Updates To Avoid Critical Bugs.
Method 2: Uninstall Windows Updates with Settings and Control Panel
Open Start menu
Click on the cog icon to open Settings.
In Settings, head into Update & security.
Click on the 'View Update History' or 'View installed update history'.
Click on 'Uninstall updates', and a screen displaying the list of recent Windows Updates will be shown.
After determining the update that you want to uninstall, select the update and click on the 'Uninstall' button.
When asked, click 'Yes' to confirm you wish to uninstall the update.
A reboot may be required to finish the process, so make sure to save your work before restarting Windows.
For more detailed info on removing updates with Command Prompt and PowerShell, you can see our dedicated article: How to Uninstall Windows 10 Updates Manually.
Method 3: Block a particular update
If a specific update is causing issues with your device, you can pause it with Microsoft's "Show or hide updates" troubleshooter.
You can download and run the "Show or hide updates" troubleshooter from here. Once the app is downloaded, launch it and hide the update that you don't want to install again.
This feature only works when you have removed the update, as highlighted in the third method.
WSLFetch creates colorful Windows 10 WSL Linux information
2.5.2020 Bleepingcomputer OS
If you want to show off what Windows Subsystem for Linux distribution you are using in Windows 10, you can do so in style using the WSLFetch utility.
Similar to Neofetch, WSLFetch is a tool bundled with the WSL Utilites (WSLU) package that prints out colorful Linux ASCII logos along with some basic information about the distro that you are running.
While the Ubuntu WSL distro includes the 'wslfetch' command, all of the other Linux distributions offered on the Microsoft Store require you to install the WSLU package first.
Below we will provide information on how to install WSLFetch in your WSL distributions as well as enhance it to show more details about the device's hardware.
Ubuntu
In Ubuntu 20.04, the WSLU package is installed by default, so you can run the wslfetch command after installing the distribution from the Microsoft Store.
When running wslfetch, the script will display a colorful ASCII Ubuntu logo as well as basic information about the install, such as the Windows build, development branch, Linux distribution version, Linux kernel version, and how long the distro has been running (uptime).
WSLFetch output for Ubuntu 20.04
It is not known if the previous Ubuntu 18.04 LTS version had this command available by default.
Debian
Debian does not have the WSLU package installed, so you need to manually install it using the following commands:
sudo apt update
sudo apt install gnupg2 apt-transport-https
sudo apt install wget
wget -O - https://access.patrickwu.space/wslu/public.asc | sudo apt-key add -
echo "deb https://access.patrickwu.space/wslu/debian buster main" | sudo tee -a /etc/apt/sources.list
sudo apt update
sudo apt install wslu
When done, you can now run the wslfetch command to print out an ASCII Debian logo along with some basic information, as shown below.
WSLFetch output for Debian 10
Kali Linux
To install the WSLU package on Kali Linux, you need to enter the following commands:
sudo apt update
sudo apt install gnupg2 apt-transport-https
wget -O - https://access.patrickwu.space/wslu/public.asc | sudo apt-key add -
echo "deb https://access.patrickwu.space/wslu/kali kali-rolling main" | sudo tee -a /etc/apt/sources.list
sudo apt update
sudo apt install wslu
When done, wslfetch will display the following screen:
WSLFetch output on Kali Linux
OpenSuse/SUSE
Finally, like most other distributions, OpenSUSE and SUSE do not have the WSLU package installed by default.
To install WSL in OpenSUSE/SUSE, use the appropriate commands depending on what distro you are installing.
OpenSUSE install commands:
sudo zypper addrepo https://download.opensuse.org/repositories/home:/wslutilities/openSUSE_Leap_15.1/home:wslutilities.repo
sudo zypper up
sudo zypper in wslu
SUSE install commands:
SLESCUR_VERSION="$(grep VERSION= /etc/os-release | sed -e s/VERSION=//g -e s/\"//g -e s/-/_/g)"
sudo zypper addrepo https://download.opensuse.org/repositories/home:/wslutilities/SLE_$SLESCUR_VERSION/home:wslutilities.repo
sudo zypper addrepo https://download.opensuse.org/repositories/graphics/SLE_12_SP3_Backports/graphics.repo
sudo zypper up
sudo zypper in wslu
When done, wslfetch will display a screen similar to the following image.
WSLFetch output for Open Leap 15.1
Enhancing WSLFetch
Unlike Neofetch, WSLFetch only displays information about the Linux distribution that you are using and does not show any information about a computer's hardware.
The nice thing about WSLFetch is that it is a shell script, which means you can easily modify it to show more information about the Windows 10 device that the distribution is installed.
For example, you can see how BleepingComputer enhanced WSLFetch to also report the number of packages installed, the installed CPU, and the total memory in the system.
Enhancing WLSFetch to show hardware info
To improve WSLFetch so that it shows more detailed information, you can edit the /usr/bin/wslfetch script and capture the output of additional commands into variables in the script.
These variables are all located in the same location, as shown below.
Information variables
These variables are then outputted in the following section of the script:
Outputting the variables
To add additional information for the number of packages, installed CPU, and total memory, BleepingComputer added the following variables:
Packages:
packages=$(echo "$wslsys" | grep -Po '^Packages Count: \K.*')
CPU:
cpuinfo=$(cat /proc/cpuinfo | grep "model name"| uniq | awk -F':' '{print $2}' | sed -e 's/^[[:space:]]*//')
Total memory:
meminfo=$(awk '$3=="kB"{if ($2>1024^2){$2=$2/1024^2;$3="GB";} else if ($2>1024){$2=$2/1024;$3="MB";}} 1' /proc/meminfo | column -t | awk 'NR==1{print $2 $3}')
We then modified the output of the script to include these variables.
info_text=("${t}Windows 10 Linux Subsystem${reset}"
"${t}${USER}${reset}@${t}${hostname}${reset}"
"${t}BUILD:${reset} ${build}"
"${t}BRANCH:${reset} ${branch}"
"${t}RELEASE:${reset} ${release}"
"${t}KERNEL:${reset} ${kernel}"
"${t}UPTIME:${reset} ${uptime}"
"${t}PACKAGES:${reset} ${packages}"
"${t}CPU:${reset} ${cpuinfo}"
"${t}MEMORY:${reset} ${meminfo}"
"${reset}"
)
Being able to easily extend WSLFetch can make it a much more informative, fun, and useful tool to use.
Let us know what else you have added or how you improved the WSLFetch utility.
Update 4/26/20: WSL Utilities is not created by Microsoft, but instead https://wslutiliti.es/ and Patrick Wu.
Ubuntu 20.04 LTS for Windows 10 Released on Microsoft Store
25.4.2020 Bleepingcomputer OS
In their first Windows LTS release in two years, Canonical has released Ubuntu 20.04 for the Windows 10 Subsystem for Linux on the Microsoft Store.
The last release of Ubuntu was almost two years ago on May 2018 when Ubuntu 18.04 LTS was released and version 20.04 includes a wide range of improvements, program updates, and fixes.
WSLFetch in Ubuntu 20.04
For users who had previously installed the Ubuntu 18.0.4 LTS release, you may have issues upgrading it, but there is a workaround.
According to bkendig on Reddit, you can perform an upgrade to Ubuntu 20.04 using the following command:
sudo do-release-upgrade -d
If you run into an error stating "sleep: cannot read realtime clock: Invalid argument", you should follow the steps in the Reddit post to move the /bin/sleep file temporarily, create an empty version, and then move it back after the upgrade.
The command shared by bkendig to temporarily move the sleep command is:
sudo mv /bin/sleep /bin/sleep~ ; touch /bin/sleep ; chmod +x /bin/sleep
Once the upgrade is done, move /bin/sleep~ to /bin/sleep and you should be good to go.
For users of Ubuntu 18.04 who rarely use it, it is far easier to remove the old versions and just install Ubuntu 20.04 from the Microsoft Store.
Microsoft Edge: New feature and improvements coming soon
25.4.2020 Bleepingcomputer OS
Microsoft's Chromium-based Edge browser was released in January to consumers and enterprises and new features, and Microsoft has been busy adding new features to the browser to make it stand out from Google Chrome.
Some of these new features include a built-in QR code generator, Collections, and tight integration into Windows 10 and networking domains.
Below are some of the new features coming to Microsoft Edge and currently found in the Canary builds.
Extensions Sync
As Microsoft Edge is built on the Chromium browser, it is able to install not only browser extensions designed for Edge, but also those that are created for Chrome.
This gives Microsoft Edge a wide variety of extensions that become available for users.
For those who use a lot of extensions, synchronizing them among different devices can become a chore.
To help with this, Microsoft is creating an extensions sync feature so that your extensions will be synchronized between all devices that you log in with the same account.
Collections Features
Microsoft Edge has a unique feature called Collections that allows users to collect and compare shopping items, collect and combine information from platforms like Wikipedia, and put together your event or research information in a dedicated panel for later reference.
In the next release, Microsoft is improving the Collections feature by allowing users to save all their open tabs into a new or existing collection. You could then reopen all of those tabs from another device that you are logged into.
Other minor improvements
Microsoft is also testing a bunch of minor improvements, including a new dropdown UI when browsing in fullscreen mode, so you can access tabs quickly.
There are also improvements to the PDF reader and new group policies so that administrators can more easily manage the browser.
Microsoft has also resolved various bugs that caused protected video on certain websites to not work, and another issue where canceling an autofill payment card authentication sometimes crashes the browser.
QR code generator
Finally, Microsoft is working on an experimental QR code generator for Edge that would allow users to easily share websites by scanning a QR code.
In Canary builds, the QR code generator is available as an experimental flag that you need to manually enable from the edge://flags "#sharing-qr-code-generator' flag. You can do this by going to edge://flags and searching for 'QR' as shown below.
Once enabled, Edge would display a “QR code” icon in the address bar and you can click on it to generate the code.
Users will be starting to see the new features in the stable release of Edge 84 and later. If you want to try these changes today, you need to download Edge Canary or Beta builds.
Windows 10 KB4549951 update fails to install, causes BSODs
25.4.2020 Bleepingcomputer OS
The Windows 10 KB4549951 cumulative update is reportedly failing to install and is causing blue screens of death (BSOD) after installation reboots, among other issues, according to user reports.
KB4549951 is a cumulative update with security fixes released as part of this April 2020 Patch Tuesday for Windows 10, version 1909 and for Windows 10, version 1903.
To install KB4549951, you can either check for updates via Windows Update or manually download it for your Windows version from the Microsoft Update Catalog. Admins can distribute the update to users in their enterprise environments via Windows Server Update Services (WSUS).
For users with automatic updates enabled, installing this cumulative update requires no additional actions.
Microsoft says that they are not currently aware of any issues with the KB4549951 update according to this Windows support entry.
KB4549951 installation failures
Even though usually there are workarounds to install problematic updates manually when encountering errors, users who had to deal with KB4549951 failing to install have reported via Microsoft's official Feedback Hub, on the Microsoft Community website, and via Reddit that none of the them helped.
0x80070bc2, 0x800f0900, 0x80070003, 0x80073701, 0x800f080a, 0x800f0986, and 0x80070002 errors while attempting to install KB4549951 were spotted and reported by multiple users since the cumulative update was released by Microsoft on April 14.
"It downloads and installs. During restart, I get msg that it could not install and it restores my PC back to before update," one user says on Microsoft's Feedback Hub. "Last failed install attempt on 4/21/2020 - 0x80070003 troubleshooter could not fix problem."
"Having now spent two hours waiting for these two updates to download and install then on restart it tells me we were unable to install so resetting back to how it was," another report adds.
Some of the KB4549951 issues reported via the Feedback Hub
Also causing BSODs and networking issues
More than a fair share of the user reports we saw since KB4549951 was released more than a week ago are mentioning blue screens of death (BSODs) after the system crashes during the restart that follows the update's installation process. In most of these cases, the device will reboot and will remove the update on its own.
"Windows Update KB4549951, released in the past week, caused a "BLUE SCREEN OF DEATH" on my laptop with the error message "BOOT DRIVE INACCESSIBLE", one report says.
"I came to this conclusion after 3 system restores, uninstalling recent updates sequentially and checking update reviews online. It appears that this specific update causes a system CRITICAL issue. Unfortunately, I can't pause updates for longer than a month so this is a ticking time-bomb if it's not fixed!"
Other users have also reported problems with their Windows 10 devices being unable to boot again after installing the KB4549951 cumulative update.
"My perfectly working PC died while automatically installing KB4549951 (never rebooted). Tried automatic repair, all other repair options including uninstall latest update," one Feedback Hub report says.
"Nothing worked. It was stuck in the BSoD loop, stating 'Critical Process Died'. SrtTrail log stated, 'A recently serviced boot binary is corrupt.' So I decided to clean install the Windows again. Formatted C drive, fresh clean install. Again after automatic update installing KB4549951 the system crashed and is going into 'automatic repair' mode."
Windows 10 BSOD after CRITICAL_PROCESS_DIED error
Display issues and freezes when using streaming services
Other users have experienced combinations of multiple errors ranging from their files being deleted, WiFi networking and display issues [1, 2] that, in some cases, made their devices unusable.
"Since installing this update I have had a variety of serious issues. BSOD, Wifi connectivity issues, Display adaptor issues and a general system slowdown," a Feedback Hub report details."Streaming has become impossible on any service from Netflix to iTunes. The nastiest one is when the display goes into hibernation, the explorer goes into recovery mode and I have to restart the whole system. Not happy. when will there be a fix?"
Similar issues caused by streaming services are reportedly leading to system freezes according to other reports, with the problems disappearing once the cumulative update is uninstalled.
"Immediately after installing KB4549951 all streaming services (netflix/stan/ect) through both Edge and Chrome caused hard freezing the instant any video began playback (even the previews)," a Feedback Hub reports reads. "This issue was only triggered through playback via browser, gaming and videos on HDD were unaffected."
"This issue was reproduced consecutively about 10 times while trying various settings to isolate the cause. Immediately after uninstalling KB4549951, postponing updates and restarting PC, the issue was resolved and playback via browser was normal. Event Viewer shows no critical or unexpected events outside of the PC being terminated incorrectly."
As usual, it's important to understand that these issues are most probably affecting a limited number of users and that rolling back the update will most likely fix any issues you might be experiencing.
Uninstalling KB4549951
Before uninstalling the KB4549951 Cumulative Update, you should know that you would also be removing mitigation for vulnerabilities affecting the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Virtualization, Microsoft Graphics Component, Windows Kernel, Windows Media, Windows Shell, Windows Management, Windows Fundamentals, Windows Virtualization, Windows Storage and Filesystems, Windows Update Stack, and the Microsoft JET Database Engine.
If the issues you are experiencing after installing this cumulative update are making your Windows device unusable and you are willing to remove the security fixes it comes with, follow the procedure described below to roll back KB4549951.
Microsoft says in the update's details from the Microsoft Update Catalog that it can be removed "by selecting View installed updates in the Programs and Features Control Panel."
The step by step procedure requires you to open Control Panel, go to Programs > Programs and Features, and click on View installed updates in the left sidebar.
Next, right-click on KB4549951's entry in the list and confirm when asked if "Are you sure you want to uninstall this update?". Next, you'll have to click 'Yes' when asked and then restart your device.
Uninstalling the KB4549951 update
Window 10 update weakened Google Chrome's security
25.4.2020 Bleepingcomputer OS
A Windows 10 kernel bug made it possible to escape Google Chrome's sandbox, a security researcher with Google Project Zero found. The vulnerability was introduced with version 1903 of the operating system on May 21, 2019.
Google Chrome's sandbox is a secure environment that downgrades browser processes to low permissions and cuts them from the rest of the system to prevent damage if hijacked by a malicious actor.
"For all the good, it does have its weaknesses. The main one being the sandbox’s implementation is reliant on the security of the Windows OS," James Forshaw, a security researcher in Google's Project Zero team of zero-day hunters explained.
"Changing the behavior of Windows is out of the control of the Chromium development team. If a bug is found in the security enforcement mechanisms of Windows then the sandbox can break."
Abusing Windows 10 kernel bugs
And this is exactly what happened after a token security feature bypass vulnerability that slipped into the Windows 10 kernel with the May 2019 Update (also known as 19H1) broke some of the security premises that Chromium developers relied upon to secure the browser's sandbox.
Before Windows 10 1903, new sandboxed processes were given restricted resource access "to block write access as that would typically grant an attacker leverage to compromise other parts of the system by writing files or registry keys."
However, after the May 2019 Update, Forshaw found that something had changed and this process was no longer working as expected.
"A security feature bypass vulnerability exists when Windows fails to properly handle token relationships," as Microsoft explains in a security advisory issued earlier this month.
"An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape."
The security researcher was able to use this bug to create a complicated chain of execution that allowed escaping the Chrome sandbox "as used for the GPU Process on Chrome/Edge or the default content sandbox in Firefox."
Sandbox escape execution chain
Sandbox escape execution chain (James Forshaw)
To escape Chrome's sandbox he also chained several additional Windows weaknesses which, although weren't sufficient to allow for a sandbox escape on their own, were helpful in successfully escaping it when paired with the Windows 10 1903 bug.
The final execution chain used by the Project Zero security researchers includes almost 20 different steps needed to escape Chrome's sandbox but you can get a quick overview via the diagram embedded above.
The security feature bypass vulnerability is being tracked as CVE-2020-0981 and it was patched by Microsoft as part of the April 2020 Patch Tuesday.
You can install this update automatically via Windows Update or manually after downloading it from Microsoft's Update Catalog site.
Small OS changes can lead to major issues
"I hope this gives an insight into how such a small change in the Windows kernel can have a disproportionate impact on the security of a sandbox environment," the researcher said.
"It also demonstrates the value of exploit mitigations around sandbox behaviors. At numerous points, the easy path to exploitation was shut down due to the mitigations."
"It’d be interesting to read the post-mortem on how the vulnerability was introduced. I find it likely that someone was updating the code and thought that this was a mistake and so 'fixed' it.
Perhaps there was no comment indicating its purpose, or just the security critical nature of the single line was lost in the mists of time. Whatever the case it should now be fixed, which indicates it wasn’t an intentional change."
You can find all the details on how Forshaw was able to escape Google Chrome's sandbox by abusing the Windows 10 kernel bug introduced with in May 2019 in this highly detailed (and very technical) write-up.
Update April 22, 18:22 EDT: Added more info on the Windows token security feature bypass vulnerability used to escape Chrome's sandbox.
Microsoft releases OOB security updates for Microsoft Office
25.4.2020 Bleepingcomputer OS
Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications.
Last month, Autodesk issued security updates for their Autodesk FBX Software Development Kit that resolves remote code execution and denial of service vulnerabilities caused by specially crafted FBX files.
An FBX file is an Autodesk file format that is used to store 3D models, assets, shapes, and animations.
To exploit these vulnerabilities, an attacker would create a malicious FBX file that would exploit "buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities" to perform a DoS attack or remotely execute code.
Microsoft Office uses the Autodesk FBX library
As the Microsoft Office 2016, Microsoft 2019, Office 365, and Paint 3D applications utilize the Autodesk FBX library, Microsoft has released today new security updates that resolve these remote code execution and DoS vulnerabilities in their products.
In an advisory titled "ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library", Microsoft explains that opening malicious FBX files in Office applications could lead to remote code execution.
Microsoft is announcing the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications. Details about the vulnerabilities can be found here - https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002
Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerabilities, an attacker must send a specially crafted file containing 3D content to a user and convince them to open it.
The security updates address these vulnerabilities by correcting the way 3D content is handled by Microsoft software.
How to install the Microsoft Office security updates
To install these security updates now, Office users can open an Office application, click on the File menu option, and then select Account.
When the account page opens, on the right, you will see a section titled "Office Updates" with a button labeled 'Update Options'. Click on this button and select Update Now.
Office Updates section
Microsoft Office will now check for and install any available updates.
Downloading Office updates
Once the updates are downloaded and installed, Microsoft Office will need to restart your Office applications. Be sure to save any open documents before doing so.
Windows 10 KB4550945 update released with Windows Update fixes
25.4.2020 Bleepingcomputer OS
Microsoft has released a Windows 10 update that fixes multiple bugs in Windows 10, version 1909 and Windows 10, version 1903, including issue causing Windows Update to stop responding and the lock screen to stop appearing.
The optional non-security KB4550945 update was published as part of the optional monthly “C” release and it only comes with Windows 10 quality improvements.
More information on the different types of monthly quality updates released by Microsoft each month is available in the Windows 10 update servicing cadence primer.
Additional info on optional updates starting May 2020 can be found in a Windows message center announcement regarding the timing for upcoming Windows optional C and D releases.
KB4550945 will be automatically installed when checking for updates using Windows Update and you can also manually install it from the Microsoft Update Catalog.
KB4550945 highlights
Updates an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image error message appears.
Updates in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
Updates an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
Updates an issue that generates unexpected notifications when you change the default application settings.
Updates an issue that causes Windows Update to stop responding when you check for updates.
Updates an issue that fails to print content that is outside of the margins of a document.
Full list of changes in KB4550945
Addresses an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image exception dialog box appears.
Addresses in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
Addresses an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected.
Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
The Group Policy Object (GPO) policy "Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Do not require Ctrl+Alt+Del Computer" is disabled.
The GPO policy “Computer Configuration\Administrative Templates\System\Logon\Turn off app notifications on the lock screen” is enabled.
The registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\DisableLogonBackgroundImage is set to 1.
Addresses an issue that generates unexpected notifications related to changing the default application settings.
Addresses an issue that causes the sign in screen to be blurry.
Addresses an issue that causes Windows Update to stop responding when you check for updates.
Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfingerprintenrollment Uniform Resource Identifier (URI).
Addresses an issue with Bluetooth group policy settings on Microsoft Surface Pro X devices.
Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
Addresses a reliability issue in WDF01000.sys.
Addresses an issue that causes an error in logman.exe. The error is, "A user account is required in order to commit the current Data collector Set properties."
Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
Addresses an issue that causes the Trusted Platform Module (TPM) initialization to fail with system event error 14 and prevents Windows from accessing the TPM.
Addresses an issue that causes communication with the TPM to time out and fail.
Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
Addresses an issue that fails to print content that is outside of the margins of a document.
Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.
Addresses an issue that causes the Clipboard service to unexpectedly stop working.
New Microsoft 365 Personal and Family released with AI editor
25.4.2020 Bleepingcomputer OS
Microsoft 365 Personal and Family consumer subscriptions are now generally available to replace some Office 365 plans and to add more features for both free and premium accounts.
The new Microsoft 365 subscriptions for home users were announced on March 30 Yusuf Mehdi, Microsoft's corporate vice president for modern life, search and devices.
Microsoft 365 Personal and Family subscriptions are a collection of free apps and services designed to help consumers create, share, connect, and collaborate over the web and using apps designed for various desktop and mobile platforms.
Mehdi said that Office 365 was rebranded as Microsoft 365, an upgraded line of services infused with "artificial intelligence (AI), rich content and templates, and cloud-powered experiences" that will slowly roll out to 38 million subscribers in the coming months.
Microsoft 365 Personal and Family subscriptions also come with everything Office 365 had to offer, including premium desktop Office apps, 1 TB of OneDrive cloud storage per person (up to 6TB for family plans), 60 Skype minutes, and advanced antimalware and antiphishing security features.
The pricing for Microsoft 365 Personal and Microsoft 365 Family remains the same as it was for Office 365 subscriptions, with $6.99 USD a month for personal subs and $9.99 USD per month for families of up to six people.
Microsoft 365 Personal and Family highlights
The big start of the newly added Microsoft 365 features is the AI-powered Microsoft Editor writing virtual assistant accessible across Word, Outlook.com, and the web as a standalone browser extension.
Microsoft Editor provides easy access to spelling and basic grammar corrections and refinements, as well as rewrite suggestions to allow for more impact and clarity in your writing in more than 20 languages.
"Refinements and advanced grammar checking are available only when you sign in to Editor with your Office 365 or Microsoft 365 subscription account," explains Microsoft."When you sign in with a free Microsoft account, Editor will still help you with basic spelling and grammar issues."
Microsoft 365 Personal and Family customers will also get access to a handful of more features that will roll out at a later time, including but not limited to:
• Money in Excel will soon allow you to manage, track and analyze all your money and spending in a single place.
• Microsoft Family Safety App, which empowers families in a variety of ways with both free and premium offerings, including managing screen time across Windows PCs, Android, and Xbox.
• New features in Microsoft Teams that make it easier to connect, organize, and collaborate with family and friends.
More information about Microsoft 365 Personal and Family subscriptions, as well as more details on the market and language availability of the newly added or incoming features, are available here.
A comparison between the Microsoft 365 Family (formerly Office 365 Home) and Microsoft 365 Personal (formerly Office 365 Personal) can be made by going here.
"Today is just the first step in delivering new features and value that helps us all navigate life," Mehdi said today. "Microsoft 365 Personal and Family subscriptions are generally available today worldwide, with additional benefits added over time."
80% of all exposed Exchange servers still unpatched for critical flaw
12.4.2020 Bleepingcomputer OS
Over 350,000 of all Microsoft Exchange servers currently exposed on the Internet haven't yet been patched against the CVE-2020-0688 post-auth remote code execution vulnerability affecting all supported Microsoft Exchange Server versions.
This security flaw is present in the Exchange Control Panel (ECP) component —on by default— and it allows attackers to take over vulnerable Microsoft Exchange servers using any previously stolen valid email credentials.
Microsoft patched this RCE bug on the February 2020 Patch Tuesday and tagged it with an "Exploitation More Likely" exploitability index assessment, hinting at the vulnerability being an attractive target for attackers.
Cyber-security firm Rapid7, the one behind the Metasploit penetration testing framework, added a new MS Exchange RCE module to the pen-testing tool on March 4, following multiple proof-of-concept exploits having surfaced on GitHub.
Both the NSA and CISA later issued warnings that urged organizations to patch CVE-2020-0688 as soon as possible seeing that multiple APT groups have already started exploiting it in the wild.
82.5% of all found Exchange servers not yet patched
Starting March 24, Rapid7 used its Project Sonar internet-wide survey tool to discover all publicly-facing Exchange servers on the Internet and the numbers are grim.
As they found, "at least 357,629 (82.5%) of the 433,464 Exchange servers" are still vulnerable to attacks that would exploit the CVE-2020-0688 vulnerability.
To make matters even worse, some of the servers that were tagged by Rapid7 as being safe against attacks might still be vulnerable given that "the related Microsoft update wasn’t always updating the build number."
Part of Rapid7's CVE-2020-0688 scan (Rapid7)
Furthermore, "there are over 31,000 Exchange 2010 servers that have not been updated since 2012," as the Rapid7 researchers observed. "There are nearly 800 Exchange 2010 servers that have never been updated."
They also found 10,731 Exchange 2007 servers and more than 166,321 Exchange 2010 ones, with the former already running End of Support (EoS) software that hasn't received any security updates since 2017 and the latter reaching EoS in October 2020.
Rapid7's results line up with a report from Kenna Security from March 13 saying that only 15% of all Exchange servers they found were patched for CVE-2020-0688 until March 11.
Tom Sellers
@TomSellers
If your org uses Microsoft Exchange I *strongly* recommend you make sure the patch for CVE-2020-0688 (Feb 11) is installed.
Unpatched means phished user = SYSTEM on OWA servers.@Rapid7 Project Sonar found at least 357,629 unpatched hosts.
Blog post: https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/ …
114
7:31 PM - Apr 6, 2020
Twitter Ads info and privacy
85 people are talking about this
Patch against CVE-2020-0688 ASAP
"There are two important efforts that Exchange Administrators and infosec teams need to undertake: verifying deployment of the update and checking for signs of compromise," Rapid7 Labs senior manager Tom Sellers further explained.
User accounts compromised and used in attacks against Exchange servers can be discovered by checking Windows Event and IIS logs for portions of encoded payloads including either the "Invalid viewstate" text or the __VIEWSTATE and __VIEWSTATEGENERATOR string for requests to a path under /ecp.
Since Microsoft says that there are no mitigating factors for this vulnerability, the only choice left, as Rapid7 also advises, is to patch your servers before hackers find them and fully compromise your entire network — unless you're willing to reset all user accounts' passwords to render previously stolen credentials useless.
Download links to security updates for vulnerable Microsoft Exchange Server versions needed to deploy the update and related KB articles are available in the table below:
Product Article Download
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30 4536989 Security Update
Microsoft Exchange Server 2013 Cumulative Update 23 4536988 Security Update
Microsoft Exchange Server 2016 Cumulative Update 14 4536987 Security Update
Microsoft Exchange Server 2016 Cumulative Update 15 4536987 Security Update
Microsoft Exchange Server 2019 Cumulative Update 3 4536987 Security Update
Microsoft Exchange Server 2019 Cumulative Update 4 4536987 Security Update
New Microsoft Edge features will make you more productive
12.4.2020 Bleepingcomputer OS
The Chromium-based Microsoft Edge, which was released earlier this year, will be getting some interesting new features.
Microsoft recently confirmed that it's working on Vertical tabs and Smart copy features for its new browser.
With these features, Microsoft aims to improve your productivity. In this article, we'll take a closer look at each of them.
Vertical tabs
One of the new features that Microsoft Edge will receive is Vertical Tabs, which will move the tab bar from the top to the left side in a vertical layout. Unlike the traditional tab bars, Vertical tabs bar support drag and drop, so you can easily reorganize the active tabs.
This feature is for users with dozens of tabs open at any given time. When you open a lot of tabs, there's less space for you to see tabs names. In that case, you won't be able to see the name of a tab and you'll accidentally close a tab as a result.
"I find myself losing track or I’ll accidentally close a tab as a result. Utterly frustrating as that is usually exactly the one page I needed,” said Liat Ben-Zur, Corporate Vice President, Microsoft Edge.
With vertical tabs, you can find and manage many tabs at once as you can scroll through the list and all tab names will be visible.
According to Liat Ben-Zur, vertical tabs is expected to ship in the Insider channels (Canary, Dev and Beta) in the next few months.
Vertical tabs is projected to go live in Microsoft Edge stable channel later this year. If you can't wait, you can try Chromium extension called 'Vertical tabs' to get similar functionality right now.
You can install this extension in both Google Chrome and Microsoft Edge. To install Chrome extension in Edge, open settings and enable option to allow add-ons from third-party stores. And simply install the extension from the Chrome web store.
Smart Copy Feature
Edge is getting another feature called 'Smart copy', which could be a pretty useful feature for those who find it harder to copy and paste web content such as tables in documents and emails.
Microsoft says the feature will ensure that the pasted text retains its formatting. For example, if you copy a table from a website and paste it in your email with smart copy feature, the pasted table will retain its original formatting.
This feature will also begin rolling out to testers later this year.
Microsoft Edge is now 2nd most popular desktop browser, beats Firefox
12.4.2020 Bleepingcomputer OS
The Microsoft Edge browser is now being used by more people than Mozilla Firefox making it the 2nd most popular desktop browser.
While Google Chrome is still far greater than all the other browsers combined at 68.5% market share, for the first time the desktop version of Microsoft Edge has surpassed Mozilla Firefox in market share.
Browser Market Share (NetMarketShare)
In March 2019, NetMarketShare records Mozilla Firefox's popularity at 9.27%, but over the year the browser has slowly been losing market share as it reached 7.19% in March 2020.
Microsoft Edge, on the other hand, had a market share of 5.20% in March 2019 and finished off a 12-month run at 7.59%, 0.40% higher than Mozilla Firefox.
This brings the market share for the top 10 most popular desktop browsers at the end of March 2020 at:
Chrome 68.50%
Edge 7.59%
Firefox 7.19%
Internet Explorer 11 5.60%
Safari 3.62%
QQ 2.41%
Sogou Explorer 1.88%
Opera 1.14%
Yandex 1.01%
UC Browser 0.42%
Microsoft Edge's lead is not large by any means, but it continues to show how Firefox loses ground as Microsoft's Chromium-based Edge increases in popularity.
With Microsoft Edge now being Chromium-based, it gains the advantage of being able to use all of the extensions available in the Chrome web store and also increases its compatibility and performance to the same level as Google Chrome.
As Windows 10 is running on a billion devices and the new Microsoft Edge to soon be pushed out to all of them via Windows Update, we should expect to see Edge continue to outstrip Firefox as it eats into Chrome's market share.
How to Use Windows 10 to Stay Focused While Working From Home
4.4.2020 Bleepingcomputer OS
So there you are, working from home but you can't help noticing notification alerts popping up on your desktop and the Windows 10 Action Center. Should you open them or focus on the work that you need to get done?
The good news is that your Windows 10 device boasts a feature that can help you concentrate on work, rather than being distracted by random WhatsApp forwards, Slack messages, notifications, and promotional alerts.
This Windows 10 feature is called 'Focus Assist', which is designed to help prioritize and manage your notification settings so that you are not distracted and can focus on the task at hand.
How to enable and use Focus Assist
Getting started with Focus Assist is very easy.
Simply open the Windows 10 Start Menu and search for 'Focus assist settings' and open the search result when it appears.
Using the Focus assist settings page you can enable the feature and configure it as needed for your specific work environment and needs.
The first thing you will see are three options - Off, Priority only, and Alarms only.
Selecting the 'Off' setting will turn Focus Assist off and you will be shown all notifications as they are sent by your applications.
The 'Priority Only' feature allows you to declutter your notifications feed by selecting the specific alerts, apps, and contacts that you wish to immediately see notifications from.
In simple terms, you can choose what apps you want to see notifications from and hide apps that disturb you the most.
After selecting 'Priority only', you should click the Customize your priority list option to choose what kind of notifications you want to receive. You can also prioritize apps and block the ones you don't receive notification from.
The last Focus Assist option is 'Alarms only' and this turns off all notifications except alarms that you have scheduled in Calendar or the bundled Windows 10 Alarms and Clocks app.
Automatic rules make using Focus Assist easier
You can further customize the Focus Assist experience with 'Automatic Rules' to determine when notifications will appear.
For example, you can choose what times of day you don't want to see notifications. This is helpful while working at home as you can specify a time range that you will be working and Windows 10 will block notifications during that time.
Focus Assist can also be used to disable notifications while you're gaming or when you are not doing work (home).
As always, you can turn Focus Assist off by simply selecting the 'Off' option. Once disabled, this will permit all notifications on your computer.
Using the Focus Assist Quick Action
To make it easier to quickly launch and disable the Focus Assist feature, you can use a Quick Action in the Windows 10 Action Center.
When you click on the Action Center button (Action Center button), you will be shown numerous buttons at the bottom of the screen.
One of these buttons is labeled 'Focus assist' and can be clicked on numerous times to enable the 'Priority only' or 'Alarm only' features or simply turn Focus Assist off.
Using the Focus Assist Quick Action
Focus assist is a great feature that allows you to focus on the task at hand rather than being distracted by alerts being sent by your apps or Windows.
If you are working from home, you should give it a try and see if it helps you get your work done quicker and more efficiently.
Windows PCs Exposed to Attacks by Critical HP Support Assistant Bugs
4.4.2020 Bleepingcomputer OS
Several critical HP Support Assistant vulnerabilities expose Windows computers to remote code execution attacks and could allow attackers to elevate their privileges or to delete arbitrary files following successful exploitation.
HP Support Assistant, marketed by HP as a "free self-help tool," is pre-installed on new HP desktops and notebooks, and it is designed to deliver automated support, updates, and fixes to HP PCs and printers.
"Improve the performance and reliability of your PCs and printers with automatic firmware and driver updates," HP says. "You can configure your options to install updates automatically or to notify you when updates are available."
HP computers sold after October 2012 and running Windows 7, Windows 8, or Windows 10 operating systems all come with HP Support Assistant installed by default.
Some critical flaws patched, others not so much
Security researcher Bill Demirkapi found ten different vulnerabilities within the HP Support Assistant software, including five local privilege escalation flaws, two arbitrary file deletion vulnerabilities, and three remote code execution vulnerabilities.
HP PSIRT partially patched the vulnerabilities in December 2019 after receiving an initial disclosure report from Demirkapi during October 2019.
Another patch was issued in March 2020 after the researcher sent an updated report in January to patch one of the flaws that was left untouched previously and to fix a newly introduced one.
Several Critical Vulnerabilities on most HP machines running Windows, https://t.co/0hrP6YXT74
— Bill Demirkapi (@BillDemirkapi) April 3, 2020
However, HP failed to patch three of the local privilege escalation vulnerabilities which means that even if you are using the latest HP Support Assistant version, you are still exposed to attacks.
This type of vulnerability is commonly exploited by malicious actors during the later stages of their attacks to elevate permissions and establish persistence. This allows them to further compromise the targeted machines after the target machine was infiltrated.
"It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine," Demirkapi explained in his detailed technical description.
Patched and unpatched vulnerabilities (Bill Demirkapi)
Mitigation measures
To fully mitigate all flaws Demirkapi found, you will need to uninstall the vulnerable software by removing both HP Support Assistant and HP Support Solutions Framework from your computer.
If you rely on them to keep your devices' software up to date, you should know that HP Support Assistant requires you to opt-in to have automatic updates enabled by default.
If you don't have automatic updates enabled or you don't want to toggle them on, you will have to manually update the app by checking for the latest version or install the latest release by downloading from HP's support website.
Full details including the discovery process and exploitation methods for each of the vulnerabilities Demirkapi discovered in HP Support Assistant are available within Demirkapi's extensive write-up.
Video demos of proof-of-concept exploits for one remote code execution variant and for a local privilege escalation flaw are embedded below.
Critical flaws in Dell bloatware
This is not the first time Demirkapi found critical vulnerabilities within software that comes pre-installed on major vendors' computers, including Lenovo and Dell.
For instance, he previously discovered a remote code execution flaw tracked as CVE-2019-3719 and impacting most Dell machines that come with the SupportAssist Client software installed by default.
Demirkapi also found a local privilege escalation vulnerability affecting Dell's SupportAssist Client which comes "preinstalled on most of all new Dell devices running Windows operating system."
SupportAssist "proactively checks the health of your system’s hardware and software," according to Dell and it will send "necessary system state information" to Dell for troubleshooting when issues are detected.
How to Mitigate the Windows Font Parsing Zero-Day Bug via GPO
4.4.2020 Bleepingcomputer OS
Active Directory (AD) admins can mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-day found in the Windows Adobe Type Manager Library in large AD environments using group policies.
Microsoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devices attempting to exploit two unpatched vulnerabilities in the Adobe Type Manager Library.
The security flaws impact devices running both desktop and server Windows releases, including Windows 10, Windows 8.1, Windows 7, and multiple versions of Windows Server.
Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing guidance to help reduce customer risk until the security update is released. See the link for more details. https://t.co/tUNjkHNZ0N
— Security Response (@msftsecresponse) March 23, 2020
To exploit the security issues, attackers can trick victims into opening maliciously crafted documents or viewing them via the Windows Preview pane — the Outlook Preview Pane is NOT an attack vector.
Microsoft already shared a number of workarounds designed to block or reduce the risks behind attacks abusing these vulnerabilities, including disabling the Preview and Details panes in Windows Explorer, disabling the WebClient service, and renaming the vulnerable library (ATMFD.DLL).
However, Microsoft's workarounds aren't easy to implement to mitigate attacks in an enterprise AD environment.
To mass mitigate the issue on corporate devices running versions of Windows vulnerable to abuse, you can do it in one go with the help of group policies as Microsoft MVP Sylvain Cortes explained in a blog post.
Using GPOs for corporate mitigation
First of all, open the GPMC console and create a new GPO by right-clicking on the 'Group Policy Objects' folder.
Afterward, go to the User Configuration>Policies>Administrative Templates>Windows Components>File Explorer and enable these two GPO options to disable previewing locally and over the network:
• Turn off display of thumbnails and only display icons
• Turn off the display of thumbnails and only display icons on network folders
Image: Sylvain Cortes
"Close you GPO and link this GPO with all the automation office user accounts in your organization (in a nutshell, all the user accounts which can be used on your workstation)," Sylvain added.
Next, create a new GPO using GPMC from a workstation and disable the WebClient service from the Computer Configuration>Policies>Windows Settings>Security Settings>System Services section.
This GPO has to be linked with all other workstation computer accounts in your organization to have WebClient disabled everywhere.
Image: Sylvain Cortes
Both GPOs should be reverted once Microsoft releases a patch for the actively exploited RCE vulnerabilities affecting the font parsing component in all supported versions of Windows.
Microsoft said that it's working on a fix for this zero-day flaw and hinted at a future release during this month's Patch Tuesday (on April 14).
Last week, Acros Security, the company behind the 0Patch platform, released microcode patches that mitigate the risk of exploitation on devices running Windows 7 64-bit and Windows Server 2008 R2, which are not enrolled in Microsoft's Extended Security Updates (ESU) program.
Microsoft Updates Windows 10 PowerToys With New Utilities
4.4.2020 Bleepingcomputer OS
Microsoft updated the open-source Windows 10 PowerToys toolset with new utilities for quickly switching between windows, for previewing files in Windows Explorer, and for batch resizing images from the context menu.
The three new tools named Window Walker, PowerPreview, and Image Resizer come together with FancyZone improvements and over 100 bugfixes.
To get started with Microsoft's Windows 10 PowerToys 0.16.0, you have to download the installer from GitHub, install them on your Windows computer, and then access them via the PowerToys system tray icon.
PowerToys' settings dialog allows you to easily toggle each of the built-in tools as well as to configure them to automatically start on login if needed.
Bulk image resizing via the context menu
The newly added Image Resizer PowerToy is a Windows shell extension that helps resize large numbers of files using search and replace, and it also provides regular expressions support to replace filename parts easier.
"After installing PowerToys, right-click on one or more selected image files in File Explorer, and then select Resize pictures from the menu," Microsoft explains,
"Image Resizer also allows you to resize images by dragging and dropping your selected files with the right mouse button. This allows you to save your resized pictures in another folder."
You can customize several settings that will help you resize your images to obtain the best possible results, including adding preset sizes, the fallback encoder, and the file format to be used for the output images.
ALT+TAB alternative
Microsoft also added Window Walker, a text-based Alt+Tab with search that will help you switch between running processes and windows open on your Windows desktop.
Using this new PowerToy, you can find any open window and bring it to the foreground using only your keyboard and without the need to touch your mouse.
"As you are searching for an app, you can use the keyboard up and down arrows to see an Alt-Tab style preview of the windows," Microsoft says.
To launch and use Window Walker on your computer, you have to hit the WinKey + Ctrl key combo and start typing.
Boost your Windows File Explorer's preview pane
This new PowerToys release also adds custom preview handlers under the PowerPreview moniker that will allow you to get a quick preview of SVG images and Markdown documents (for now).
"Preview handlers are called when an item is selected to show a lightweight, rich, read-only preview of the file's contents in the view's reading pane," Microsoft explains. "This is done without launching the file's associated application."
You can create your own custom preview handler and learn how to integrate it into PowerToys using documentation provided by Microsoft here.
Once successfully integrated within PowerToys, the new preview handler should appear under the File Explorer Preview in the PowerToys settings user interface.
PowerToy quick launcher also in the works
Microsoft is also working on developing and adding a quick launcher dubbed PowerLauncher to the PowerToys toolset, a new utility that would allow you to launch apps faster than using the Windows Start menu.
PowerLauncher should replace third-party launchers such as Launchy, Executor, Listary, and Wox, and Windows built-in options like using the Win+R shortcut, Windows Search via the Win+S shortcut, or the search bar.
This launcher will also come with auto-completion, suggestions while typing, context menu, and search history, as well as opening PowerShell instances or running apps in administrator mode.
PowerLauncher will launch with the Win+Space shortcut and will be able to override the Win+R or Win+S key combos to replace these keyboard shortcuts' default behavior.
PowerLauncher auto-complete
PowerLauncher context menu
PowerLauncher history
The first PowerToys preview release for Windows 10 was delivered by Microsoft on September 5 and it came with only two tools, the Windows Key Shortcut Guide and the FancyZones window manager.
The Windows 10 PowerToys are inspired by the Windows 95 era PowerToys project and they provide "power users with utilities to squeeze more efficiency out of the Windows 10 shell and customize it for individual workflows."
Microsoft also plans to other PowerToys at a later time, including but not limited to a 'Maximize to new desktop widget', an animated GIF screen recorder, and a tool to kill unresponsive processes.
Improvements and fixes in PowerToys 0.16.0
The PowerToys 0.16.0 version released today also features over 100 bug fixes, as well as FancyZone enhancements, and various testing improvements.
Fixed over 100 issues!
FancyZone improvements:
• Multi-Monitor improvement: Zone flipping switching now works between monitors!
• Simplified UX: Removed layout hot-swap and flashing due to multi-monitor lacking
New Utilities:
• Markdown Preview pane extension
• SVG Preview pane extension
• Image Resizer Window Shell extension
• Window Walker, an alt-tab alternative
Testing improvements:
• 54 UX Functional tests
• 161 new Unit tests
Windows 10 KB4554364 Update Fixes Internet Connectivity Issues
4.4.2020 Bleepingcomputer OS
Microsoft has released an out-of-band Windows 10 update to fix a bug that was causing internet connectivity issues on devices with proxies, including virtual private networks (VPNs).
Earlier this week, Microsoft stated that there was a bug in Windows 10 that was causing popular apps such as Microsoft Teams, Microsoft Office, Office 365, and Outlook to not be able to connect to the Internet if using a VPN.
"Devices using a manual or auto-configured proxy, especially with a virtual private network (VPN), might show limited or no internet connection status in the Network Connectivity Status Indicator (NCSI) in the notification area. This might happen when connected or disconnected to a VPN or after changing state between the two. Devices with this issue, might also have issues reaching the internet using applications that use WinHTTP or WinInet. Examples of apps that might be affected on devices in this state are as follows but not limited to Microsoft Teams, Microsoft Office, Office365, Outlook, Internet Explorer 11, and some version of Microsoft Edge."
Today, Microsoft released the out-of-band (OOB) Windows 10 update titled ' 2020-03 Cumulative Update for Windows 10 Version 1909 for x86-based Systems (KB4554364)' that resolves this issue.
"Addresses an issue that might display a limited or no internet connection status in the notification area on devices that use a manual or auto-configured proxy, especially with a virtual private network (VPN). Additionally, this issue might prevent some devices from connecting to the internet using applications that use WinHTTP or WinINet,"
Microsoft suggests that you only install this update if you are affected by this issue.
This OOB update is not being offered using Windows Update and must be installed manually from the Microsoft Catalog.
For instructions on how to install this update for your operating system, see the KB for your OS listed below, all of which were released March 30, 2020:
Windows 10, version 1909 (KB4554364)
Windows 10, version 1903 (KB4554364)
Windows 10, version 1809 (KB4554354)
Windows 10, version 1803 (KB4554349)
Windows 10, version 1709 (KB4554342)
Microsoft Edge to Warn Of Credentials Leaked in Data Breaches
4.4.2020 Bleepingcomputer OS
Microsoft Edge is introducing a new feature called "Password Monitor" that will alert users if their login credentials have been leaked in data breaches.
As long as a user is using login auto-fill, Microsoft Edge will alert them if their credentials have been exposed in a data breach through alerts on the New Tab page or when you visit the affected web site.
Password Monitor Alert
If the 'More Information' button is clicked in the alerts, the user will be brought to the Password Monitor page where they can see the leaked credentials and easily click on a button to change the password on the breached site.
You can see this new Password Monitor feature in action in the demonstration below.
Password Monitor in action
With data breaches becoming an almost daily occurrence, Microsoft Edge is not the only browser to offer a feature like this.
Both Chrome and Firefox have released or are working on similar features that provide better security for user's credentials and allow them to use unique passwords at every site that they visit.
Office 365 Rebrands as Microsoft 365 With New Consumer Features
4.4.2020 Bleepingcomputer OS
Microsoft has announced today that they are rebranding the Office 365 service as Microsoft 365 with thelaunch of a new consumer subscription package that includes Office applications, OneDrive, and Outlook. a new Family Safety App, and Teams for Consumer.
Starting on April 21st, Office 365 will become Microsot 365 with the release of a new consumer subscription called 'Microsoft 365 Personal and Family '.
This new subscription includes numerous improvements designed specifically with consumers in mind ranging from AI writing tools to a new parental control system that not only works on Windows but also Android devices.
Microsoft Editor: AI-driven writing tools
Microsoft 365 is introducing new AI-enhanced writing tools that make it easier for students and consumers to write confidently.
This includes an improved AI-driven Microsoft editor that offers rewrite suggestions, grammatical advice, and the reporting of typos similar to the service offered by Grammarly.
For students who are writing essays, Word will also include a similarity checker that helps students avoid plagiarism by making sure you are including the proper citations.
In addition to natively adding this editor to Microsoft Outlook for the Web, Microsoft will be releasing a web browser extension that will be available cross-platform and in 20 different languages.
Personal finances with Money in Excel
Microsoft is releasing a new dynamic template for Excel called "Money in Excel" that allows you to connect to financial accounts and import your data.
This allows you to see all of your linked financial information including banking accounts and credit card information to give a quick snapshot of your finances and allow you to budget accordingly.
This service will also you to work with over 10,000 financial institutions.
New Family Safety service
Microsoft is introducing a new Family Safety parental control service that allows parents to monitor and restrict the activity of kids on their Windows 10 systems and Android devices.
Using Family Safety, parents can monitor what apps and services their children are using and set up content filters that restrict the content they can view.
Family Safety monitor on Android device
For each app, parents can restrict how much time a child can use a particular app, such as Netflix shown below. When their allocated time is almost done, the child will be notified and they can request more time be added by their parents.
Restrict usage time in Netflix
The Family Safety apps also includes a 'Your Family' view that lets parents and children seen where all of their family members are similar to the popular Life360 app. This allows a parent to monitor the activity of their children and for kids to know how long they have before a parent gets home.
The family monitoring service also reports a member's driving behavior, top speeds, or how often they picked up their phone while driving.
To increase privacy, members can decide what information they wish to share with their family and their driving history is not shared with insurance companies or other third-party organizations.
This app is expected to come out later this year.
Microsoft Teams for Consumers
This summer, consumers will be able to add a personal account to Microsoft Teams so that family members can collaborate, plan events, share information, and share photos.
To make sensitive information such as passwords, frequent flyer information, and bank account information available to other family members, information can be saved in a 'Safe' that is protected with encrypted and multi-factor authentication.
Similar to Microsoft Teams used by businesses, the consumer version will also include a chat functionality that family members can use to communicate on the go and also a video conferencing feature that works on both Android and iOS.
Microsoft states that they will not sell any data used by Microsoft Teams for Consumers and that the service is designed to allow families to manage busy schedules and offer a repository of information needed for a family to be more productive.
Microsoft Teams for Consumers will be released for preview this summer and available in the fall.
Microsoft Cloud Services See 775% Growth As More Work Remotely
4.4.2020 Bleepingcomputer OS
As an increasing amount of countries, U.S. states, and companies move towards a remote workforce and social distancing, Microsoft has seen an explosive 775% growth in its cloud services due to the increased demand in video conferencing, remote collaboration software, remote Azure active directory services, and game console use.
In a new report regarding the state of Microsoft's Cloud services, Microsoft details its explosive cloud growth and how they are increasing capacity and adjusting features to maintain a reliable service.
"In response to health authorities emphasizing the importance of social distancing, we’ve seen usage increases in services that support these scenarios—including Microsoft Teams, Windows Virtual Desktop, and Power BI," Microsoft stated in their blog post.
Due to this increased usage, Microsoft has seen a 775 percent increase in their cloud services for regions that have enforced social isolation and shelter-in-place orders.
Microsoft Teams has also seen an explosion in usage due to users working remotely with more than 44 million daily users and 900 million meetings and calling minutes in a single week.
Microsoft's new Windows Virtual Desktop has also seen a 3 times growth as organizations start utilizing the service to offer remote workers organization-managed Windows 10 virtual desktops.
Finally, there has been a 42% surge in the use of Microsoft's Power Bi data visualization tools by governments using it to share COVID-19 dashboards with citizens.
Changes made to reduce the load
While Microsoft states that they have not had any service disruptions due to this increased growth, it has forced them to start increasing capacity, reroute new services to less utilized regions, and reduce the functionality of some product services.
"We are expediting the addition of significant new capacity that will be available in the weeks ahead. Concurrently, we monitor support requests and, if needed, encourage customers to consider alternative regions or alternative resource types, depending on their timeline and requirements," Microsoft explained.
On March 18th, Microsoft announced that it had to reduce some of the functionality of its Microsoft 365 features to handle the increased capacity. Then on March 24th, Microsoft once again had to further reduce functionality in their OneNote, SharePoint, and Stream products to reduce the load on their servers.
With schools closed, more people are also using Xbox Live during their free time. Due to this, Microsoft has made some changes in the service such as performing higher-bandwidth activities, like game updates, during off-peak hours to continue offering a reliable service.
How to Replace Windows 10 System Programs With Non-Microsoft Apps
4.4.2020 Bleepingcomputer OS
Windows 10 contains programs, such as Notepad and Task Manager, that we have come to love and use often as part of our daily use of a Windows computer. Sometimes, though, you may find that you want to replace these programs with more feature-rich third-party programs, but still be able to launch them like you have gotten used to.
While we can install third-party programs and just use them directly, some users, like myself, prefer to simply type 'notepad' or 'calc' like we have been doing for many years and still have these new third-party programs launch instead of the original Microsoft programs.
To do this, we can use the Image File Execution Options Registry Registry key to make Windows launch a third-party program whenever Microsoft Notepad or the Windows Calculator is launched.
For those who are not familiar with the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options (IFEO) Registry key, it was added by Microsoft to allow you to assign a debugger to a program so that the debugger is automatically started when the program is launched.
The good news is that we can also use this key to our advantage to replace a Windows program, such as the system protected Notepad.exe and Calc.exe programs, with a third-party replacement.
It should be noted to use this trick, you will need to modify the Windows Registry.
As doing so incorrectly could cause Windows to not operate correctly, you should only perform these steps if you are comfortable editing the Registry.
Using the IFEO key to replace Windows programs
As we previously stated, when you create an IFEO key, you are going to add a program that is automatically launched when you attempt to launch another program, such as Notepad in Windows.
When creating an IFEO key, you simply add a new key with the program's executable name that you want to replace under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" key. Then under that key, create a REG_SZ "Debugger" value that contains the full path to the program you wish to launch instead.
For example, the popular Notepad replacement Notepad2 creates an IFEO key when it is installed to have it replace the Windows Notepad. We will use this example, to illustrate how IFEO keys are used.
As you can see below, a new key called notepad.exe (the executable we are replacing) is created under the IFEO key. A "Debugger" value is created under the notepad.exe key that specified that the "C:\Program Files\Notepad2\Notepad2.exe /z" command should be executed when Notepad.exe is executed.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]
"Debugger"="\"C:\\Program Files\\Notepad2\\Notepad2.exe\" /z"
In the Registry file above, it is important to notice that the quotes are escaped (\") and that there is the use of double backslashes (\\). This is only needed when using Registry files.
When using the Registry Editor (Regedit.exe), you can simply enter the command you wish to execute as normal. If there are any spaces in the file path, you must enclose the path to the program in quotes as seen below.
Registry Editor
With the above key created, whenever you run Notepad in Windows, the operating system will execute the command C:\Program Files\Notepad2\Notepad2.exe" /z instead.
When creating IFEO keys to launch a program, that program may need to have certain command line arguments added for it to work properly. This is especially the case when you want these programs to automatically open a document you specify as an argument.
For example, the Notepad++ notepad replacement, need to be executed the following way for it to work properly:
"%ProgramFiles(x86)%\Notepad++\notepad++.exe" -notepadStyleCmdline -z /f
As an example, if we wanted to make it so Notepad++ opens when we launch notepad, we would create the necessary Registry key using these steps:
As you cannot launch programs via Windows Search, we need to launch the Registry Editor via the Run: dialog. To do that, press the Windows key + the R key at the same time to open the Run: dialog and then type Regedit and press the OK button.
Windows will display a UAC prompt asking if you wish to allow the Registry Editor to make changes to the system. Press the Yes button to continue.
Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options key.
Right-click on Image File Execution Options and select New > Key. When it asks what the name of the new key should be, type notepad.exe.
Now click on notepad.exe in the left pane and then right-click in the right pane and select New > String Value as shown below.
New String Value
When it prompts you to enter a name for the value, enter Debugger.
Now double-click on the Debugger value and past the follow text into its Value data field and then press the OK button.
"%ProgramFiles(x86)%\Notepad++\notepad++.exe" -notepadStyleCmdline -z /f
When done, there should now be a notepad.exe key with a Debugger value created as shown below.
Notepadd++ replacement
You can now close the Registry Editor.
Now when you start Notepad, Notepad++ will open instead.
This same method can be used for other programs to replace Task Manager with Process Explorer or to swap out the standard Windows Calculator with another program.
As those programs do not typically require any command-line arguments, you can simply set the Debugger value to the file path of the new replacement and not have to worry about special arguments that need to be added as we did with Notepad++.
Before making these Registry changes, you should also check if the program you are installing can make these Registry changes for you.
Microsoft's Windows 10 Dockable 'News Bar' Now In Beta
29.3.2020 Bleepingcomputer OS
Microsoft is releasing a new app for Windows 10 called the "Windows News Bar" that will display a docked bar containing news stories from Microsoft News and acts as a stock picker for monitored stocks.
Previously spotted by Windows sleuth WalkingCat in February, the Microsoft Store page has been recently been updated with screenshots of the actual program in use.
The News Bar is being developed through Microsoft News where they state that the offered news will be shown from over 4,500 news outlets.
"Microsoft's Windows News Bar works just like the Windows Taskbar. It's there when you need it, where you need it and how you need it. Customize its appearance in settings to find the experience that's just right for you. If you want to focus, don't worry, you can minimize the News Bar at any time and then bring it back when you're ready for it again", the Microsoft Store page reads.
Testing the Windows News Bar
When running, the News Bar will allow you to display a docked bar on the top, bottom, left, or right side of the screen that contains a continuously updated list of news stories based on your selected region.
BleepingComputer has tested the app and you can see the different ways the News Bar can be docked below. The bottom right picture also shows you how it looks with transparency enabled.
News Bar docked on bottom
News Bar docked on top
News Bar Images on right
News Bar images and text right transparent
Click on images to see full size
When clicking on stories, the selected articles will be loaded in the default browser in Windows 10.
The News Bar settings will allow you to customize where the bar is docked, whether you wish to show images or text, and if the bar should be transparent.
News Bar Settings
News Bar Settings
The News Bar requires Windows 10 April 2018 Update or later and is currently in Beta. To install it, users need to 'Redeem a code' and it not known when it will be publicly available.
Windows 10 Search Getting New Features for Business Customers
29.3.2020 Bleepingcomputer OS
Microsoft developers are currently working on adding the Microsoft Search offering to the Windows 10 search boxes of Office 365 enterprise customers.
The new feature is in development and Microsoft says that it should arrive on users' desktops sometime during this year's fourth quarter.
"We're bringing Microsoft Search to the Windows 10 search box," the update's Microsoft 365 roadmap entry reads.
"Microsoft Search is an enterprise search experience that increases productivity and saves time by delivering more relevant search results for your organization."
Microsoft 365 search in Windows 10
According to Redmond's support website, Microsoft Search can help users search across Microsoft 365 and get results from multiple Office 365 data sources including SharePoint, Microsoft OneDrive for Business, and Microsoft Exchange Server.
Microsoft is also designed to make result suggestions based on the customers' Office 365 activity and to allow pinpointing shared files a lot easier.
"Microsoft Search is on by default and any administration you do applies to Microsoft Search in all the apps," Microsoft explains.
After Microsoft Search will be brought to the Windows 10 search box, users will be able to find content stored by their organization within Microsoft 365 or indexed via connectors.
Microsoft highlights the following among the potential benefits of having Microsoft Search support brought to the Windows 10 search box:
• Users get results that are relevant in the context of the app they search from. For example, when they search in Microsoft Outlook, they find emails, and not SharePoint sites. When they search in SharePoint, they find sites, pages, and files.
• Whichever app users are working in; Microsoft Search is personal. Microsoft Search uses insights from the Microsoft Graph to show results that are relevant to each user. Each user might see different results, even if they search for the same words. They only see results that they already have access to, Microsoft Search doesn’t change permissions.
• Users don’t need to remember where the information is located. For example, a user is working in Microsoft Word and wants to reuse information from a presentation that a colleague shared from their OneDrive. There’s no need to switch to OneDrive and search for that presentation, they can simply search from Word.
• When in Bing, users get results from within their organization in addition to the public web results.
The Microsoft Search extension for Chrome fiasco
In late January, Microsoft previously tried to forcibly deploy the 'Microsoft Search in Bing quick access' Google Chrome extension for some Office 365 ProPlus users.
This would have forced the browser to use Bing as the default search engine, helping the Office 365 customers to "access relevant workplace information directly from the browser address bar."
At the time, the company said that it was planning to roll out the extension starting in mid-February to enterprise customers running with Office 365 ProPlus, Version 2002, through the targeted monthly channel.
Microsoft Search in Bing welcome screen (Microsoft)
However, following users' outrage, Microsoft decided to backpedal on its decision a few weeks later, in February, pausing the rollout and saying that "administrators will be able to opt in to deploy the browser extension."
"In the near term, Office 365 ProPlus will only deploy the browser extension to AD-joined devices, even within organizations that have opted in," Microsoft said. "In the future, we will add specific settings to govern the deployment of the extension to unmanaged devices."
New Windows 10 Bug Causes Internet Connectivity Issues, Fix in April
29.3.2020 Bleepingcomputer OS
All supported Windows 10 and Windows Server versions are affected by a new bug that could cause applications to be unable to connect to the Internet.
According to a new post by Microsoft, when a Windows user is using a manual or auto-configured proxy, they may have issues connecting to the Internet with applications that utilize the WinHTTP or WinInet Windows networking APIs. This bug has a greater chance of affecting VPN users.
"Devices using a manual or auto-configured proxy, especially with a virtual private network (VPN), might show limited or no internet connection status in the Network Connectivity Status Indicator (NCSI) in the notification area. This might happen when connected or disconnected to a VPN or after changing state between the two. Devices with this issue, might also have issues reaching the internet using applications that use WinHTTP or WinInet. Examples of apps that might be affected on devices in this state are as follows but not limited to Microsoft Teams, Microsoft Office, Office365, Outlook, Internet Explorer 11, and some version of Microsoft Edge."
Microsoft has stated that popular applications that rely on the affected APIs include Outlook, Microsoft Office, and Microsoft Teams.
This bug is affecting all supported Windows 10 and Windows Servers versions ranging from version 1909 to 1709.
To fix this bug, Microsoft says affected users may be able to resolve the bug by rebooting their computer.
An out-of-band (OOB) update to fix this issue is being targeted for release in early April.
Windows 10 Insider Build 19592 Brings New 2-in-1 PC Experience
29.3.2020 Bleepingcomputer OS
Microsoft has released Windows 10 Insider Preview Build 19592 to Insiders in the Fast ring, which brings back new tablet experience for 2-in-1 convertible PCs.
If you are an Insider on the Fast Ring, you can download the new build now by going into Settings -> Update & Security -> Windows Update and then checking for new updates.
The notable changes in this build are listed below.
To see the full release notes and fixes for this Windows 10 insider build, you can read the blog post.
New tablet experience for 2-in-1 convertible PCs
With this build, Microsoft is rolling out a new 2-in-1 convertible PC tablet experience to Windows Insiders.
This experience was previously rolled out to a limited group of Insiders in 20H1 Build 18970 through Build 19013, and after refinements, is being rolled out again so more Insiders can test the following new features:
This new experience allows users entering tablet posture to stay in the familiar desktop experience without interruption with a few key touch improvements:
Taskbar icons are spaced out
Search box on taskbar is collapsed into icon-only mode
Touch keyboard auto invokes when you tap a text field
File explorer elements will have a little more padding, to make them comfortable to interact with using touch
New 2-in-1 tablet experience
Source: Microsoft
This feature will roll out to a limited amount of users at first and expand to more users as time goes on. Microsoft will first roll it out to Insiders that have never detached their keyboard before, or have their tablet mode settings set to Don’t ask me and don’t switch.
Changes to the Windows Search platform
With this build, Microsoft has updated the logic in the Windows Search file indexer that finds better times to index your files so that your computer doesn't get bogged down by the indexing process while you are using the computer.
Microsoft has also modified the indexing process to limit the number of times the content is indexed that does not have much impact on your searches.
Microsoft Fixes Windows Defender Scan Bug With New Update
29.3.2020 Bleepingcomputer OS
Microsoft has silently fixed the "items skipped during scan" Windows Defender bug that was causing some items to be excluded from scans if they were stored on a network device.
The issue was fixed with the release of the KB4052623 update for the Windows Defender antimalware platform that will increment the scan engine's version to 4.18.2003.8 and will prevent future notifications of files being skipped from appearing.
KB4052623 can be installed by Windows 10 customers with devices running Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016.
The bug fixed with this update was reported by scores of Windows 10 users starting with the March Patch Tuesday after they started receiving "Items skipped during scan" alerts saying that "The Windows Defender Antivirus scan skipped an item due to an exclusion or network scanning settings."
This happened even when users didn't have any exclusion's configured within their systems' Windows Defender preferences as BleepingComputer was able to confirm.
One day later, BornCity's Günter Born discovered a simple workaround to get rid of these notifications by enabling network scanning although Microsoft documentation recommends against scanning network files.
The bug was caused by a Windows Defender scanner engine update that automatically disabled network scanning for newer versions, after previously having them enabled before the updates released during this month's Patch Tuesday.
Windows Defender alert caused by this bug
Microsoft's decision to turn off network scanning in Windows Defender might have been prompted by a high network traffic issue as detailed in KB4052623's description.
"Enterprises that use Network Protection in either Audit or Block mode may experience greater than expected network traffic departing their networks to Microsoft Defender SmartScreen-associated domains," the knowledgebase article says.
"This affects customers who are running version 4.18.2001.10. We are working on a service update to address this issue. In the interim, you can work around this issue by temporarily disabling Network Protection."
All users should get the KB4052623 update automatically through Windows Update during the next few days, even if they have them paused.
You can also download and install the update on your own from the Microsoft Update Catalog if you're not keen on waiting for Microsoft to roll it out to your device.
Microsoft Pauses Optional Windows Cumulative Updates Starting in May
29.3.2020 Bleepingcomputer OS
Due to the ongoing Coronavirus pandemic, Microsoft will stop releasing optional Windows cumulative updates starting in May 2020. This includes all supported Windows 10 and Windows Server versions.
As employees move towards working remotely and thus an adjusted work schedule, companies have started to pause the release of new versions of their software to prevent critical bugs from arising and not having the manpower to respond to them.
This was already seen with Google pausing new versions of Chrome and Microsoft following with the pausing of new Edge versions.
When Microsoft releases updates, they release what is called the "B" updates on the second Tuesday of every month, which is known as Patch Tuesday. These updates are considered mandatory as they contain security updates for vulnerabilities discovered or fixed since the last Patch Tuesday.
Microsoft also releases the optional cumulative "C" and "D" updates on the third and fourth weeks of each month. These updates are typically bug fixes and are considered optional to install as the fixes will ultimately be rolled into the following month's Patch Tuesday release.
Today, Microsoft announced that starting in May 2020 it will pause all optional non-security updates for all supported versions of Windows, including Server versions and prioritize their focus on security updates.
"We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2)."
Microsoft emphasizes that this will not impact their monthly scheduled B release on Patch Tuesday and those updates will continue as normal to ensure users are protected and can continue to be productive.
Microsoft also states that security will be their primary focus during the outbreak. This means that if a critical vulnerability is discovered, we would also continue to see out-of-band (OOB) security updates released.
Unfortunately, as many bugs in the Windows operating system are fixed in the optional cumulative updates (C & D), fixes that are not high priority may take a bit longer to resolve.
Windows 10 Optional Cumulative Update KB4541335 Released
28.3.2020 Bleepingcomputer OS
Microsoft is rolling out March optional cumulative update for Windows 10 November 2019 Update (version 1909) and Windows 10 May 2019 Update (version 1903) with several fixes and improvements.
This is an optional update and it won't download or install automatically on your device unless you manually select 'Download and install' in Windows Update page. The key changes include fixes for an issue that prevents the mute button from working on certain devices with the Your Phone app and fix for a bug crashing File Explorer.
Like every Windows Update, you can open the Settings app and click on the Windows Update option to install the patches. If you own multiple PCs or if you would like to patch the PCs manually, you can learn more about it here.
KB4541335 comes with the following improvements for Windows 10 November 2019 Update (version 1909) and Windows 10 May 2019 Update (version 1903):
Addresses an issue that causes an error when printing to a document repository.
Addresses an issue that displays a misleading reset message for Win32 apps that are converted to Universal Windows Platform (UWP) apps, such as Microsoft Sticky Notes, Microsoft OneNote, and so on.
Addresses a drawing issue with the Microsoft Foundation Class (MFC) toolbar that occurs when dragging in a multi-monitor environment.
Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
Addresses a performance issue in applications that occurs when content that is protected by digital rights management (DRM) plays or is paused in the background.
Addresses an issue that causes attempts to take a screenshot of a window using the PrintWindow API to fail.
Addresses an issue that causes File Explorer to close unexpectedly when using roaming profiles between different versions of Windows 10.
Addresses an issue that fails to return search results in the Start menu Search box for users that have no local profile.
Addresses an issue that causes applications to close unexpectedly when a user enters East Asian characters after changing the keyboard layout.
Addresses an issue that prevents the mute button from working on certain devices with the Microsoft Your Phone app.
Addresses an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone.
Addresses an issue in which table formatting fails in the PowerShell Integrated Scripting Environment (ISE) during a remote session. The error message is, "Remote host method get_WindowsSize is not implemented".
Addresses an issue with reading logs using the OpenEventLogA() function.
Addresses an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS. DNS zone. This occurs when DC computer names contain one or more uppercase characters.
Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
Addresses an issue that causes authentication in an Azure Active Directory environment to fail and no error appears.
Addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is "The server's clock is not synchronized with the primary domain controller's clock."
Addresses an issue that causes authentication to fail when using Azure Active Directory and the user’s security identifier (SID) has changed.
Addresses an issue that prevents some machines from automatically going into Sleep mode under certain circumstances because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
Addresses an issue that prevents some machines from running Microsoft Defender ATP Threat & Vulnerability Management successfully.
Improves support for non-ASCII file paths for Microsoft Defender ATP Auto IR.
Addresses a performance issue with the Windows Runtime (WinRT) API that sends specific absorption rate (SAR) back-off values.
Addresses an issue in which a Windows.admx template is missing one of the SupportedOn tags.
Addresses an issue that prevents applications from closing.
Addresses an issue that creates the Storage Replica administrator group with the incorrect SAM-Account-Type and Group-Type. This makes the Storage Replica administrator group unusable when moving the primary domain controller (PDC) emulator.
Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) settings from roaming to enable the signature files that are used for new messages, forwarded messages, and replies.
Addresses an issue that prevents the Network Policy Server (NPS) accounting feature from functioning. This occurs when NPS is configured to use SQL for accounting with the new OLE (compound document) database driver (MSOLEDBSQL.dll) after switching to Transport Layer Security (TLS) 1.2.
Addresses an issue that prevents standard user accounts that are configured with the maximum User Account Control (UAC) settings from installing Language Features On Demand (FOD) using the System settings.
Addresses an issue that causes attempts to complete the connection to a virtual private network (VPN) to fail; instead, the status remains at “Connecting.”
Microsoft Cuts Back More Office 365 Features to Handle High Load
28.3.2020 Bleepingcomputer OS
Microsoft announced today new temporary changes to Office 365 services to adjust to the ever-increasing demand and the growing number of new Microsoft 365 customers working from home during the COVID-19 pandemic.
As detailed in the MC207439 announcement published today in the Office 365 Admin message center, Microsoft made several changes to OneNote, SharePoint, and Stream features in response to the high usage load.
"We've made some temporary service changes to prioritize core service functionality," Microsoft tweeted. "These changes are described in MC207439, which is available to service admins."
Last week, Microsoft made another series of tweaks to some non-essential Office 365 capabilities designed to deal with the growth in demand, reducing user presence check frequency, the interval at which the other party is shown as typing in chats, and the video resolution.
To have an idea on the number of new users actively using Office 365 services on a daily basis these days, the Microsoft Teams teamwork hub, one of its Office 365 enterprise subscription services, saw a huge influx of 12 million new daily active users within a single week bringing the total to 44 million.
Microsoft 365 temporary feature changes
"As a part of our commitment to customers and Microsoft cloud services continuity during these unprecedented times, we're making temporary adjustments to select capabilities within Microsoft 365," today's announcement says.
The new adjustments include OneNote tweaks dealing with editing now only available online, SharePoint video resolution downgrading and moving backend operations after working hours, as well as Stream meeting recording video resolution automatically set to 720p.
The full list of temporary adjustments to OneNote, SharePoint, and Stream features:
• OneNote:
- OneNote in Teams will be read-only for commercial tenants, excluding EDU. Users can go to OneNote for the web for editing.
- Download size and sync frequency of file attachments have been changed.
- You can find details on these and other OneNote related updates as http://aka.ms/notesupdates.
• SharePoint:
- We are rescheduling specific backend operations to regional evening and weekend business hours. Impacted capabilities include migration, DLP and delays in file management after uploading a new file, video or image.
- Reduced video resolution for playback videos.
• Stream:
- People timeline has been disabled for newly uploaded videos. Pre-existing videos will not be impacted.
- Meeting recording video resolution adjusted to 720p
The announcement also says that Microsoft 365 services are actively monitored so that new feature adjustments can be made whenever needed to avoid high load and user experience degrading.
"Microsoft is actively monitoring performance and usage trends to ensure we're optimizing service for our customers worldwide, and accommodating new growth and demand," a Microsoft spokesperson told BleepingComputer when asked about the cause of these recent developments.
"At the same time, these are unprecedented times and we’re also looking at what steps we can take to proactively prepare for these high-usage periods."
Microsoft cloud services continuity commitment
"As demand continues to grow, if we are faced with any capacity constraints in any region during this time, we have established clear criteria for the priority of new cloud capacity," Microsoft explained in a blog post published yesterday.
"Top priority will be going to first responders, health and emergency management services, critical government infrastructure organizational use, and ensuring remote workers stay up and running with the core functionality of Teams. We will also consider adjusting free offers, as necessary, to ensure support of existing customers."
These feature adjustments come on the heels of a large scale Microsoft Teams outage that took place last Monday, affecting EU and US users between March 16 and March 17, with chat messages not being sent, team member management not working, and the admin portal being unreliable.
Microsoft also announced on March 5th that Microsoft Teams will be free during the next six months to give businesses a helping hand while moving towards a remote workplace during the novel coronavirus outbreak.
"These are certainly unprecedented and challenging times. It is not business as usual," Redmond added. "But, together, we can and will get through this."
Windows Defender Fix For Windows 10: Enable Network Scanning
28.3.2020 Bleepingcomputer OS
A really simple fix for the Windows Defender alert that states items were skipped during a scan has been discovered and it involves just enabling network scanning.
Over the weekend, we reported that for the past few weeks Windows 10 users were receiving alerts stating that items were skipped when they performed scans using Windows Defender.
These alerts stated that "Windows Defender Antivirus scan skipped an item due to an exclusion or network scanning settings" but did not provide any further information as to what was causing it.
Günter Born who first reported about this issue has now discovered a fix that just entails enabling the scanning of network files.
Strangely, Microsoft states in their documentation that scanning network files is not recommended, but leaving scanning disabled will continue to display these alerts.
"Indicates whether to scan for network files. If you specify a value of $False or do not specify a value, Windows Defender scans network files. If you specify a value of $True, Windows Defender does not scan network files. We do not recommend that you scan network files," Microsoft documentation states.
To enable network scanning, simply open a PowerShell (Admin) window and enter the following command:
Set-MpPreference –DisableScanningNetworkFiles 0
You can confirm that the changes have been made, by using the Get-MpPreference command before and after the above command as shown below.
Before and after the Set-MpPreference command
For network scanning to be enabled, the DisableScanningNetworkFiles must be set to False.
So what happened?
It seems that in the older Windows Defender engines network scanning was enabled by default.
In an older Windows 10 VM from right before the March Patch Tuesday updates, using the Get-MpPreference clearly shows that network scanning is enabled in the older engines.
Older Windows Defender engines
After waiting a little while for the engines to update, you can see that the Windows Defender preferences show that network scanning has now been disabled by a newer engine.
Newer Windows Defender engines
It is not known why Microsoft decided to make this change, but the alerts appear to just indicate that network scanning was skipped.
If these alerts are bothering you, you can fix it by enabling network scanning as described above.
Windows Defender Bug in Windows 10 Skips Files During Scans
28.3.2020 Bleepingcomputer OS
For the past couple of weeks, Windows 10 users have been reporting that Windows Defender scans are skipping files due to a configured exclusion or network scanning setting.
The users who report receiving these messages, though, do not have any exclusions configured in the Windows Defender preferences.
Even still, when they conduct a Quick Scan or Full Scan using Windows Defender, a Windows 10 Action Center notification will be created that states that items were skipped during the scan with the following message:
Items skipped during scan
The Windows Defender Antivirus scan skipped an item due to an exclusion or network scanning settings.
In conversations with Günter Born who first reported it at BornCity, he told BleepingComputer that 80% of his German readers confirm the behavior, while 20% are not receiving it.
In tests conducted by BleepingComputer, were too were able to replicate the same reported issue as seen in the alert below when performing scans in Windows 10.
Action Center alert generated by Windows Defender Bug
It is not clear when this issue started, but according to various reports [1, 2] it has been happening since around March 10th, 2020, which coincides with the March Patch Tuesday.
What is strange is that this issue is being reported under different Antimalware Client versions and does not affect everyone running the same engine version.
For example, in my tests, this issue was occurring in engine versions 4.18.2003.6. Others reported it is also occurring in version 4.18.2003.6-1.
Antimalware Client Version: 4.18.2003.6
Engine Version: 1.1.16800.2
Antivirus Version: 1.311.1767.0
Antispyware Version: 1.311.1767.0
After receiving the notification, I checked my exclusions and as you can see there are none configured.
No configured exclusions
To be 100% sure there were no hidden exclusions or strange network settings, I used the following PowerShell command to pull the Windows Defender preferences.
Get-MpPreference | findstr /i "net exc"
As you can see, we have no configured exclusions and our network settings are configured to the default preferences.
Exclusion and network preferences configured in Windows Defender
This is a strange bug to be sure as there appears to be no common denominator that can be seen in affected users.
BleepingComputer has contacted Microsoft about the bug but has not heard back at this time.
How to Make the Windows 10 Taskbar Completely Transparent
28.3.2020 Bleepingcomputer OS
Many users enjoy modifying their Windows 10 experience by changing user interface characteristics beyond what Microsoft intended. One popular mod is to make the Windows 10 taskbar completely transparent without any blur effects.
Out of the box, Windows 10 offers a Transparency setting that can be enabled under Settings > Personalization > Colors and then toggling on the 'Transparency effects' setting.
Windows 10 Color Settings
When enabled, though, you are left with an opaque experience where the color and text are shown through the taskbar, but it is not completely transparent as shown below.
Standard Windows 10 Transparency effects
Using the Windows Registry you can tweak it further so it becomes a bit more transparent by adding a DWORD (32-bit) value named UseOLEDTaskbarTransparency under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Registry key and settings its value to 1.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"UseOLEDTaskbarTransparency"=dword:00000001
This can be done via the Registry Editor using the following steps below:
As you cannot launch programs via Windows Search, we need to launch the Registry Editor via the Run: dialog. To do that, press the Windows key + the R key at the same time to open the Run: dialog and then type Regedit and press the OK button.
Windows will display a UAC prompt asking if you wish to allow the Registry Editor to make changes to the system. Press the Yes button to continue.
Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced key.
Right-click on Search and select New and then DWORD (32-bit) Value as shown below.
You will be prompted to enter the name of the new value. Type UseOLEDTaskbarTransparency and press Enter on the keyboard. Double-click on UseOLEDTaskbarTransparency and set the value to 1 and then press the OK button.
When done, you should have an UseOLEDTaskbarTransparency value set to 1 as shown in the image below.
UseOLEDTaskbarTransparency Value Created
You can now close the Registry Editor and restart Windows Explorer or restart your computer.
Now go back into Settings > Personalization > Colors and toggle the Transparency effects setting from On to Off and then back to On again for the Registry change to go into effect.
You will now find that the taskbar has become a bit more transparent, but there is still a noticeable overlay effect.
More transparency through a Registry tweak
Going completely transparent
If you want to make your Windows 10 taskbar completely transparent, you will need to use a third-party program such as Classic Shell or TranslucentTB.
For this guide, we chose TranslucentTB as it is a small app whose only purpose is to make the taskbar completely transparent.
To get started, simply install the TranslucentTB app from the Microsoft Store and launch it. Once launched, it will automatically make your taskbar completely transparent.
Fully transparent taskbar using TranslucentTB
When you couple this with a high-resolution desktop background, you can achieve a beautiful effect where your taskbar icons appear to float on top of the background.
TranslucentTB with Desktop Background
Using TranslucentTB you can also configure it to automatically change the transparency effects of the taskbar as you perform different actions such as opening the Start Menu or use the search field.
For those looking to modify their Windows 10 desktop experience but are not ready for a complete overhaul, TranslucentTB is a great place to start.