Latest news with #MicrosoftWindows
Miami Herald
a day ago
- Miami Herald
Microsoft makes huge change to Windows
When was Microsoft Windows great? Was it ever great? That will depend on your experience and age. The oldest version of Windows I tried was version 3.11. It wasn't great. Windows 7 was decent. I suspect most would agree Windows Vista and Windows 8 weren't. Related: How Apple may solve its Google Search problem The operating system is a huge program. It consists of many smaller programs. The graphical interface you see when you use it is just a shell or desktop environment. The main program that interacts with hardware and controls all the other processes including the graphical interface, is called the kernel. Why do I have such a low opinion of Windows? I'd probably need a couple of articles to express my opinion on just that topic. For now, let's focus on one key problem: Microsoft's approach to how applications made by other companies interact with the Windows kernel. pop_jop/GettyImages If you use Microsoft (MSFT) Windows long enough, you'll eventually witness its infamous Blue Screen of Death (BSOD). Why does the BSOD happen? It happens when the kernel enters a state where it can't recover from an error. Applications can run in two modes, user mode or kernel mode. The application running in kernel mode can do pretty much anything, and if the developer hasn't been very careful, it can break stuff easily. For example, if you have a sound card with a Realtek chip, you need drivers for it. As the kernel controls the hardware, this driver should ideally be part of the kernel. That is the default approach on Linux. Windows does it better, right? Related: Apple WWDC underwhelms fans in a crucial upgrade I'll simplify things a bit here, saying that Windows drivers are applications that run in the kernel mode. Unlike Linux drivers, which are not applications but code that has been vetted by Linux developers to be merged into the kernel, Windows drivers are applications that sometimes misuse kernel-mode "powers" and behave like they're in the Wild West. I can't remember how many times I had to remove Realtek sound drivers from someone's machine while I was still working in IT. They are my favorite cause of BSOD. More Tech Stocks: Amazon tries to make AI great again (or maybe for the first time)Veteran portfolio manager raises eyebrows with latest Meta Platforms moveGoogle plans major AI shift after Meta's surprising $14 billion move Talking about BSODs, do you remember the CrowdStrike incident? In July 2024, CrowdStrike released an update that caused hundreds of millions of computers running Windows to be stuck on a BSOD. Needless to say, the CrowdStrike application that caused the problem was running in kernel mode (It has a "kernel driver" to be technical). David Weston, vice president of Enterprise and OS Security at Microsoft, wrote after the incident: "Kernel drivers are often utilized by security vendors for potential performance benefits." It seems that the incident made Microsoft think about whether the performance benefits are worth it. Weston announced on Microsoft's blog on June 26th that the company will deliver a private preview of the Windows endpoint security platform to a set of Microsoft Virus Initiative partners in July. "The new Windows capabilities will allow them to start building their solutions to run outside the Windows kernel. This means security products like anti-virus and endpoint protection solutions can run in user mode just as apps do," wrote Weston. Related: Analyst sends Alphabet warning amid search market shakeup It will be interesting to see if Microsoft mandates in the future that all cybersecurity vendors use this new userspace system. If they do, it might cause some backlash, as Microsoft would be the only one left with a kernel-mode performance advantage for its cybersecurity software. The company is also simplifying the "unexpected restart experience" (a kind name for a BSOD). They provided the picture, and it looks like that BSOD will become a black screen of death. The company will also introduce Quick Machine Recovery (QMR), a recovery mechanism for machines that cannot restart successfully. In a widespread outage, Microsoft can use QMR to deploy fixes to affected devices via the Windows Recovery Environment. It should be generally available later this summer, together with the new BSOD experience. Related: OpenAI makes shocking move amid fierce competition, Microsoft problems The Arena Media Brands, LLC THESTREET is a registered trademark of TheStreet, Inc.
Time of India
05-06-2025
- Business
- Time of India
LinkedIn CEO to take over Office, more AI duties in Microsoft executive shuffle
HighlightsRyan Roslansky, the Chief Executive Officer of LinkedIn, will take on additional responsibilities overseeing Microsoft's Office products, including Word and Excel. Roslansky will also oversee 'Copilot,' Microsoft's leading artificial intelligence product within the productivity software suite. Charles Lamanna, who leads 'Copilot' for business and industrial users, will now report to Rajesh Jha, who oversees Microsoft Windows and Teams. The CEO of LinkedIn will take additional responsibility for Microsoft's Office products, while an executive responsible for one of the company's leading business-to-business artificial intelligence products will start reporting to head of the company's Windows unit, according to a memo from Microsoft CEO Satya Nadella viewed by Reuters. Ryan Roslansky , who oversees the business-focused social network owned by Microsoft, will remain CEO of LinkedIn but also oversee products such as Word and Excel and also "Copilot," Microsoft's leading AI product, within the company's productivity software suite, the memo said. Roslansky will report to Rajesh Jha , who oversees Microsoft Windows and Teams, among other duties. The memo said existing Office leaders Sumit Chauhan and Gaurav Sareen will report to Jha as well. Also moving to report to Jha will be Charles Lamanna , who leads "Copilot" for business and industrial users, the memo said.
Techday NZ
04-06-2025
- Business
- Techday NZ
Study finds 84% of severe cyber incidents use LOTL methods
Bitdefender has released new research analysing 700,000 cybersecurity incidents to better understand the use of so-called 'living off the land' techniques (LOTL) by cybercriminals. LOTL techniques involve attackers exploiting commonly used applications and utilities already present in target environments, making them particularly difficult to identify and prevent using conventional security measures. According to the data collected by Bitdefender Labs, 84 per cent of major security incidents – defined as those with high severity – involved the use of LOTL binaries. This figure was corroborated by managed detection and response (MDR) data, which indicated that 85 per cent of incidents employed LOTL methods. The research specifically highlights how attackers leverage widely used backend tools like PowerShell, a Microsoft Windows command-line shell and scripting language, and Netsh, a network configuration utility. The most frequently abused tool was found to be appearing in one-third of major attacks. Bitdefender's team of several hundred security researchers conducted this foundational study as part of the development of GravityZone Proactive Hardening and Attack Surface Reduction (PHASR) technology. The company is sharing these initial findings in advance of a more comprehensive report. "Attackers are demonstrably successful in evading traditional defences by expertly manipulating the very system utilities we trust and rely on daily – and threat actors operate with a confident assertion of undetectability. This stark reality demands a fundamental shift towards security solutions like Bitdefender's PHASR, which moves beyond blunt blocking to discern and neutralise malicious intent within these tools," the report stated. The use of well-known tools such as and was common among both administrators and attackers. Notably, prevalence among attackers was unexpected compared to its more typical use by administrators for network management, firewall configuration, and routing. Other tools often targeted by attackers include used to query and modify Windows registry entries; the Microsoft C# Compiler; and which loads and executes functions from DLL files, frequently facilitating DLL sideloading attacks. Some tools, such as and were found to be used often by threat actors but rarely by administrators, presenting an additional challenge for traditional security monitoring, which tends to focus on more familiar administration tools. The research also identified a subset of tools primarily used by developers, such as and that are less recognised by security monitoring systems focused only on administration binaries. Their legitimate use in development environments allows them to evade detection more easily. Analysis also revealed that PowerShell was not used solely by administrators. The study found that 96 per cent of organisations in the dataset legitimately utilise PowerShell, with activity detected on 73 per cent of endpoints. Many third-party applications were discovered invoking PowerShell code without any visible interface, blurring the distinction between routine and potentially malicious use. A similar pattern was found with an older management tool now largely superseded by PowerShell but still in use by third-party applications to gather system information, despite its planned deprecation by Microsoft. Geographical comparisons demonstrated varying patterns in tool usage. In the Asia-Pacific (APAC) region, PowerShell was present in only 53.3 per cent of organisations studied, contrasting with a rate of 97.3 per cent in the Europe-Middle East-Africa (EMEA) region. Conversely, use of was higher in APAC compared with other regions. The report noted the significance of such differences. It said, "This underscores the importance of nuanced understanding, as even tools appearing outdated or unused can be critical for specific functions and disabling them can cause unforeseen disruptions." The findings directly informed the design of Bitdefender's PHASR technology, which adopts a targeted, behaviour-based approach to endpoint security. Rather than indiscriminately blocking entire utilities, PHASR analyses the actions performed within tools like or and allows or blocks specific behaviours based on baseline use and known malicious patterns. The report detailed PHASR's methodology: the technology monitors typical user and application behaviour on each endpoint, comparing ongoing activity with patterns characteristic of cyberattacks. This allows for proactive blocking of suspicious actions without impeding legitimate business operations or requiring constant policy updates. Highlighting the threat posed by the use of trusted tools, the report quoted the leader of the BlackBasta ransomware group, known as 'gg': "If we use standard utilities, we won't be detected... We never drop tools on machines." Referring to this observation, the report stated, "The staggering 84 per cent prevalence of Living off the Land (LOTL) techniques in major attacks directly validates this adversary perspective." The assessment of the ongoing challenge provided by these techniques was summarised as, "Attackers are demonstrably successful in evading traditional defences by expertly manipulating the very system utilities we trust and rely on daily – and threat actors operate with a confident assertion of undetectability." "This stark reality demands a fundamental shift towards security solutions like Bitdefender's PHASR, which moves beyond blunt blocking to discern and neutralise malicious intent within these tools."
Time of India
26-05-2025
- Time of India
How this TikTok trend promising free Spotify and Microsoft software updates is ‘dangerous' for you
Hackers are reportedly using short promotional videos disguised as offers for free Spotify Premium and Windows 365 on TikTok to spread malware. These ten-second videos, which have garnered millions of views on the platform, claim to provide an easy method to unlock paid subscriptions or features for popular services like Microsoft Windows, Office 365 and Spotify Premium, a report claims. The method involves a simple prompt to be typed into the PowerShell command-line tool in Windows. However, this command does not unlock any premium services. Instead, it downloads and installs malware designed to steal various types of private information from an infected PC. This stolen data can include personal documents, cryptocurrency, and social media login credentials. What cybersecurity researchers said about these TikTok videos According to a report by Forbes, a cybersecurity researcher at Trend Micro who discovered the attack said that traditional security tools are likely to miss this malware. This is because the malicious software is not delivered via typical methods such as email attachments or software exploits. Instead, it is unwittingly installed by users who are seeking free subscriptions. In a report on the attack, the company explained: 'There is no malicious code present on the platform for security solutions to analyse or block. All actionable content is delivered visually and aurally.' by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like 5 Books Warren Buffett Wants You to Read In 2025 Blinkist: Warren Buffett's Reading List Undo In a statement to Forbes, Trend Micro researcher Junestherry Dela Cruz said that the company believes AI is enabling the scam as the promotional videos all use similar synthetic voices and feature nearly identical shots and camera angles. Meanwhile, TikTok informed Forbes that it had removed all accounts identified by the researchers as dangerous but declined to elaborate further. However, the report didn't mention how many viewers installed the malware, but it noted that the videos were popular, as one clip promising to 'boost your Spotify experience instantly' received over 500,000 views, and two TikTok accounts posting 11 such videos collectively reached nearly 1 million views. In the comments on a video offering pro Windows features, which had over 550,000 views, one user asked, 'Is this safe?' One of the replies also reportedly warned of serious consequences, saying: 'My hard drive had been wiped after running the code,' and 'All my accounts were hacked because of these videos.' AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Mint
26-05-2025
- Mint
CERT-In issues high-risk advisory over critical Microsoft vulnerabilities: Report
The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-risk security advisory for users of Microsoft products,reported Business Standard. As per the publication, the alert, published on CERT-In's official platform, highlights serious vulnerabilities that could potentially expose users and organisations to a range of cyber threats. You may be interested in According to the advisory, the identified flaws reportedly affect a wide range of Microsoft services and tools, including Microsoft Windows, Microsoft Azure, Office, Developer Tools, Dynamics, System Centre, and extended security updates for older Microsoft products. CERT-In has raised concerns that the vulnerabilities could be exploited by attackers to gain elevated privileges, access confidential data, bypass security mechanisms, execute remote code, or initiate denial-of-service (DoS) and spoofing attacks. 'These multiple vulnerabilities in Microsoft products could be exploited to compromise system integrity and put sensitive information at risk,' the agency warned, urging IT administrators, cybersecurity teams, and general users to act promptly. As of now, Microsoft has not issued any official workaround or mitigation for the vulnerabilities. Users are being advised to install the latest security patches released by Microsoft in its May 2025 update to minimise potential risks. It is noteworthy that the advisory serves as a crucial reminder for organisations and individuals to remain vigilant and to ensure that all systems are updated regularly to avoid potential exploitation. Install the latest security updates as detailed in Microsoft's May 2025 release notes. Monitor systems for unusual activity and apply best practices in access management and endpoint security. Engage security professionals to assess vulnerabilities and ensure appropriate defences are in place. With cyberattacks growing increasingly sophisticated, CERT-In's alert underscores the importance of proactive cybersecurity measures in safeguarding digital infrastructure.
