Microsoft Support & Discussions

Welcome back to Weekend Reading! The past seven days were particularly rich with good stories, especially ones that inspire what’s known in Internet speak as “all the feels.” On Veterans Day, America’s annual celebration of those who have served in the armed forces, Microsoft created a heartwarming and inspiring slideshow. It featured former service members who currently work at the company talking about how their military service helped them become the people they are today. The slideshow was created to honor those employees, but also in the hopes that even more service members will consider spending the next stages of their career at Microsoft. Meanwhile, Skype in…

Yesterday we released our first major update to Windows 10. Terry Myerson shared details on the release in his blog and today we thought we’d package up ten great new consumer features for you to try once you install the November update. Since launching Windows 10, we’ve delivered hundreds of product updates to make Windows better than ever with new innovations including new features for Cortana, Microsoft Edge, Mail and Calendar, Maps, Groove, Photos, Skype, Xbox and much more. Windows 10 is faster than ever, in fact, if you upgrade from a Windows 7 PC, you will notice almost 30% faster start-up times on average. Here are some of the recent highlights available now in…

Soccer, or rather football aficionados in the UK may have had their computers infected whilst browsing the Premier League’s official fantasy website fantasy.premierleague.com. A malicious advert displayed on the sports portal which draws in over 16 million visitors per month according to SimilarWeb automatically redirected unsuspecting soccer fans to the Nuclear exploit kit. The Flash-based ad for a British yacht company was hosted on a highly suspicious server and distributed over https, making detection at the firewall or gateway much more difficult because it would encrypt the content of the page. The malvertising chain is familiar as it makes use of goo.gl UR…

Jan. 21, 2015 was an interesting day. It was the day Microsoft invited a small group of tech journalists to its Redmond, Washington, headquarters for a big announcement. In the past, news this momentous might have been accompanied by a famous rock band or fireworks, but when Microsoft unveiled Windows 10 and HoloLens, they were in an intimate, coffeehouse-style room sipping coffee with house music playing in the background. Elsewhere the world, Jan. 21 was an altogether different kind of day. As the sun rose over Sao Paolo, it promised to be a beautiful day – a day like any other. And then the police arrived at the apartment of a Microsoft executive in Brazil, burst…

Today, we reach our next milestone as the first major update to Windows 10 is now available* for PCs and tablets. With this update, there are improvements in all aspects of the platform and experience, including thousands of partners updating their device drivers and applications for great Windows 10 compatibility. Windows 10 also starts rolling out to Xbox One today and select mobile phones soon. But most importantly, with this free update we have reached the point in the platform’s maturity where we can confidently recommend Windows 10 deployment to whole organizations. Experience improvements in this update include: Performance in everyday tasks, such as boot…

Today I’m excited to announce the availability of Box for Windows 10! My name is Duncan Fisher and I work on the mobile applications product management team at Box and have been working on delivering the Box for Windows 10 experience. Windows 10 represents a huge opportunity for Box to deliver a seamless content collaboration experience to our joint customers from their desktop and mobile devices. With the new app, users can seamlessly access, manage and collaborate on their Box content across all their Windows 10 PCs and tablets. With 50,000 paying businesses, including 52% of the Fortune 500 and more than 40 million users, it’s critical for Box to ensure that custome…

Severity Rating: Critical Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Continue reading...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Click here to enter text. Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Continue reading...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts. Continue reading...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (November 10, 2015): Click here to enter text. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Continue reading...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. Continue reading...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key. Continue reading...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials. Continue reading...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content. Continue reading...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Continue reading...

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC Team Continue reading...

When I think of Virgin Atlantic and its brand, the first thing that comes to mind is adventurous. A brand that is willing to do things differently, to take risks, and above all make a flight an incredible, unforgettable adventure. With that in mind they came to us with a very specific objective in mind: come up with a new way to help their sales team engage with business customers and business travelers outside of traditional marketing and sales tactics that don’t provide the transformational impact they need. They wanted to give their team a sales tool to tell their story in a unique and unexpected way – to allow travelers to actually see and feel what a travel adventure…

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC Team

Furthering Microsoft’s investments in security technology, I am pleased to announce today that Microsoft has signed an agreement to acquire Secure Islands, an innovator in advanced information protection solutions. This acquisition accelerates our ability to help customers secure their business data no matter where it is stored – across on-premises systems, Microsoft cloud services like Azure and Office 365, third-party services, and any Windows, iOS or Android device. Businesses continue to face challenges protecting their data in a world where information travels beyond the boundary of the corporate network and across many devices outside company control. To work …

The new ransomware variant encrypts and scrambles file names, making it harder to know what to recover. The ransomware, which upon install encrypts files making it almost impossible to regain access, now scrambles file names making it even harder for victims to know which files are which. System restore points are also erased, taking away the option of returning to a previously saved state. Adding insult to injury, the malware also mocks the user, congratulating the user for becoming [sic] "part of large community," according to BleepingComputer, which first detailed the changes. The ransomware continues to use bitcoin as the means of payment, which like in p…