Tom’s Hardware: Windows XP Offline Activation Enabled With This New Tool. “A recent blog post by TinyApps highlights the arrival of an offline tool that can successfully activate a Windows XP install. The new tool is safer than prior solutions, it isn’t a crack and it works completely offline. It doesn’t require online connectivity (a risky area for Win XP machines to tread), which is a considerable bonus.”
Bleeping Computer: Microsoft pushes OOB security updates for Windows Snipping tool flaw. “Now tracked as CVE-2023-28303, the Acropalypse vulnerability is caused by image editors not properly removing cropped image data when overwriting the original file. For example, if you take a screenshot and crop out sensitive information, such as account numbers, you should have reasonable expectations that this cropped data will be removed when saving the image. However, with this bug, both the Google Pixel’s Markup Tool and the Windows Snipping Tool were found to be leaving the cropped data within the original file.”
Krebs on Security: Microsoft Patch Tuesday, March 2023 Edition. “Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.”
Ars Technica: You can now run a GPT-3-level AI model on your laptop, phone, and Raspberry Pi. “Things are moving at lightning speed in AI Land. On Friday, a software developer named Georgi Gerganov created a tool called ‘llama.cpp’ that can run Meta’s new GPT-3-class AI large language model, LLaMA, locally on a Mac laptop. Soon thereafter, people worked out how to run LLaMA on Windows as well. Then someone showed it running on a Pixel 6 phone, and next came a Raspberry Pi (albeit running very slowly).”
The Verge: Microsoft accidentally offers Windows 11 upgrades to unsupported PCs again. “Microsoft has once again accidentally offered the Windows 11 upgrade to PCs with unsupported hardware. Twitter user PhantomOcean3 spotted the mistake earlier this week, where Microsoft was showing fullscreen prompts on unsupported hardware.”
Krebs on Security: Microsoft Patch Tuesday, February 2023 Edition. “Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different ‘zero-day’ vulnerabilities that are already being used in active attacks.”
The Verge: Microsoft to stop selling Windows 10 downloads on January 31st. “Microsoft says it will stop selling downloads for Windows 10 Home and Pro licenses later this month. Windows 10 will continue to be supported until October 2025.”
PC World: The old Windows Photos app is better than the new one, and you can still use it. “What’s known as Microsoft Photos Legacy still resides within the Windows Store, and there’s one good reason that you might still prefer it over the latest version: its superior content search capabilities.”
Bleeping Computer: Microsoft ends Windows 7 extended security updates on Tuesday. “Windows 7 Professional and Enterprise editions will no longer receive extended security updates for critical and important vulnerabilities starting Tuesday, January 10, 2023. Microsoft launched the legacy operating system in October 2009. It then reached its end of support in January 2015 and its extended end of support in January 2020.”
Ars Technica: Critical Windows code-execution vulnerability went undetected until now . “Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.”
PC World: Finally! Windows Snipping Tool will add screen recording. “The Windows Snipping Tool app is finally adding a screen recorder feature—a tool that PCWorld may care more about than you, honestly.”
The Register: Microsoft: Whoops, Patch Tuesday might screw your database connections . “Applications using the Open Database Connectivity (ODBC) interface may fail to connect after installing the November Patch Tuesday Windows updates, according to Microsoft. Users may see the apps that use the Microsoft ODBC SQL Server Driver have problems, with some attempts to access databases generating an error message when the connection fails, the software maker wrote this week in its Windows Health Dashboard.”
Ars Technica: How a Microsoft blunder opened millions of PCs to potent malware attacks. “For almost two years, Microsoft officials botched a key Windows defense, an unexplained lapse that left customers open to a malware infection technique that has been especially effective in recent months.”
Krebs on Security: Microsoft Patch Tuesday, October 2022 Edition. “Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.”
Bleeping Computer: Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws. “Today is Microsoft’s September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws. Five of the 63 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution, one of the most severe types of vulnerabilities.”
