Microsoft Support & Discussions

More information has come to light on government surveillance, with new information revealing a campaign by the CIA to break through the security of Apple devices. Researchers working with the agency would apparently present their latest efforts at a yearly meeting called the "Jamboree". Tactics included creating a modified version of Xcode, the software used by developers to build apps for OS X and iOS, according to The Intercept: The security researchers also claimed they had created a modified version of Apple's proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, …

Apple has pledged to donate over $50 million to a number of organizations that are trying to encourage more women, minorities and veterans to seek employment in the tech industry. According to Fortune, Apple's money will be going to groups like the Thurgood Marshall College Fund, which supports students in historically black colleges and universities. Part of its money will also go to the National Center for Women and Information Technology. Finally, the report says that Apple is in talks with military leaders to offer veterans better technology training. Fortune spoke with Apple's human resources chief Denise Young Smith about their divisity funding plans, which …

Apple's tagline is a true one: The Apple Watch is coming, and soon. Here's what we think so far. At Apple's Spring Forward event, Rene and I got a chance to play with Apple's Watch collection in a bit more detail than either of us were allowed last Fall. Though we're going to reserve any sort of sweeping judgements about the Watch until we actually get some in-depth hands on time with them in April, here are our latest impressions of Apple's upcoming smartwatch. Gold is good Ren: Last fall, I only got a chance to try on Apple's baseline Watch Sport. This time around, I got to wear both the 38mm and 42mm Watch and Watch Edition… and boy, I wish I was in the ki…

The Mac is back and thinner than ever. We got some hands-on time with Apple's new battery-packed, taptically-enhanced, Retina-quality laptop after Monday's Spring Forward event, and boy, is it pretty. Here's what Rene and I thought about Apple's newest Mac — where it's going, what it's doing for the laptop space, and the accuracy of that Force Touch trackpad. So, about that trackpad... Ren: Let's get this out of the way first: I was incredibly skeptical over the MacBook's Force Touch trackpad. There are no vertical mechanics at play here — no BlackBerry Bold-esque glass depression, just touch-based brain trickery. As I said to Rene during the event, these…

All Apple Watch models have been confirmed to have 8GB of internal storage, but only 2GB will be available. That said, it's a watch and tells the time! The 2GB limitation (2GB for music and just 75MB for photos) is actually generous for a smartwatch. Most consumers store countless GBs worth of music on their iPhones and the new smart wearable is a perfect companion device to control said collections. This would help negate the need to waste iPhone battery through wakening the screen and unlocking the display to access playback controls. All three smartwatches from Apple, the Sport, Watch and Edition, will feature the same capacity. This extra storage enables i…

Apple has confirmed that they will offer battery replacements for the Apple Watch. Apple offers battery replacements for many of their products, including laptops, iPhones and iPads, so it isn't surprising that Apple would offer battery replacements for Apple Watch. Still, it's good to have that assurance. What isn't known, however, is how much a battery replacement will cost. From Techcrunch: Well, when it comes to the battery at least, owners of Apple Watch will be able to extend its lifespan. An Apple spokesman confirmed to TechCrunch the "battery is replaceable". Albeit, it's not clear how much it will cost to send in your wearable to Apple to get it returned…

Owners of Apple's upcoming versions of the MacBook, with its USB-C port, will be able to expand its storage space with the newly announced Porsche Design Mobile Drive from LaCie. USB-C ports offer a way for compatible devices to quickly connect thanks to the fact that it doesn't matter which end of the cable is used. This should make it easy to use the Porsche Design Mobile Drive on the MacBook when it is launched on April 10. LaCie says: The LaCie Mobile Drive was designed especially for Mac users. It features the same stylish, sophisticated aluminum finish as the latest MacBook. Plus, it is Time Machine compatible, so Mac users can use the LaCie Mobile…

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow security feature bypass if an attacker logs on to the system and runs a specially crafted application designed to increase privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted file or website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with …

Severity Rating: Critical Revision Note: V1.1 (March 10, 2015): Bulletin revised to better explain the attack vector for the DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096). Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or open a file in a working directory that contains a specially crafted DLL file. Continue reading...

Today, as part of Update Tuesday, we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI) broken down by each Common Vulnerabilities and Exposures (CVE), visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here. We released one new Security Advisory: Availability of SHA-2 code signing support for Windows 7 and Windows Server 20…

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker runs a specially crafted application on an affected system or convinces a user to visit a website that contains specially crafted PNG images. Continue reading...

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted JPEG XR (.JXR) image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. Continue reading...

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow Security Feature Bypass if a user runs a specially crafted application that is designed to cause Task Scheduler to improperly validate impersonation-level security. Continue reading...

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an instant messenger or email message that takes them to the attacker's website, and then convince them to click the specially crafted URL. …

Severity Rating: Critical Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with f…

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic. Continue reading...

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker creates multiple Remote Desktop Protocol (RDP) sessions that fail to properly free objects in memory. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Continue reading...

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an exploitable cipher suite is affected. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Continue reading...

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Continue reading...

In the wake of today's "Spring Forward" press event, Apple has updated its accessory store page with listing for a number of different USB-C adapters for its upcoming MacBook. The page shows both a USB-C VGA Multiport Adapter and a USB-C Digital AV Multiport Adapter, priced at $79 each.The VGA adapter also has a standard USB port for connecting more devices along with a port for a charging cable to power the new MacBook. The Digital AV adapter has both the USB and charging ports along with an HDMI port for connecting the MacBook to a large television or monitor. Apple has also listed a Apple 29W USB-C Power Adapter for $49 and a two meter USB-C Charge Cable …

Want a different color Sport Band? That'll be $49. Want a 42mm link bracelet? $449. While it looks like you'll only be able to buy an Apple Watch in a specific configuration from the store, don't fret — you'll be able to swap out bands as they've always promised. You will, have to pay for the privilege. How much for that privilege? That all depends on what you want. The rubber Sport Band will run $49 regardless of the size or color you opt for. And you can go all the way up to the 42mm link bracelet with its 140 discrete stainless steel components for $449. Between those you'll find the leather straps and the braided stainless steel Milanese loop. Here's exactl…

The Apple Watch is going to ship with a ton of apps, including the ones already announced, and the many more that are being finished right now. Apple reportedly worked with a hundred or so developers to help make sure some of the best and most popular apps would be ready and polished for the Apple Watch's launch. They run the gamut from news and information services to sport and leisure activities to education and entertainment to social networking and communication to, well, pretty much every category the App Store offers. You'll be able to get them on your Apple Watch by downloading them to your iPhone first. In some cases that'll mean updates to the existing …