Microsoft Support & Discussions

It's easy to take and edit quick videos on the iPhone, but getting great audio isn't always as simple as pointing and shooting. The iPhone microphone isn't too shabby at close distances, but when you're trying to film in a crowded room, it's not quite enough. Here are a few of my favorite ways to avoid tinny or terrible sound when shooting iPhone video. Get closer to your subject when in a noisy environment One of the biggest audio mistakes beginning videographers make is trying to film someone speaking from across a room when there's no way to clearly hear their audio. Background noise, room echoes, and outdoor sounds can all contribute to poor quality here. Inst…

You can save thousands of bucks every year on your mobile phone bill by switching to FreedomPop. Learn more about how it's possible to get 100% free talk, text and 4G LTE data every month here. FreedomPop is offering over 65% off the certified pre-owned HTC Evo 4G LTE (here is the Android Central review of the HTC Evo 4G LTE), which works out to just $99.99, plus free shipping. Other top-notch handsets from Samsung, HTC, and LG are also discounted and offer the same access to free talk, text, and data services from FreedomPop. The icing on the cake is an unlimited talk and text trial for your first month. Continue reading...

When the Apple Watch ships this spring it'll come with an app currently called the Apple Watch Companion. The Apple Watch Companion will let you manage the Apple Watch's Home screen layout (similar to how iTunes on the desktop can manage the iPhone's Home screen layout) and change various settings. Initially made public by some code found in iOS 8.2 beta 4, some apparent screenshots of the app have now also been published, providing additional information. According to 9to5Mac, highlights include: A new clock face feature called Monogram has been added as a complication (a background detail you can choose to enable or disable). Like a real monogram, this feature will …

The classic life simulation game, The Sims, is bringing its latest iteration to Mac in February. The Sims 4 introduces a revamped graphics engine, new emotion-based gameplay, and a ton of interaction combinations. For those unfamiliar, players in The Sims guide their own custom-built people through the various trials of life, including professional, social, and romantic. Certain needs, like hygiene and fun, need to be addressed to keep your sims in a good mood. Over time, you build a home, career, and family. If you've already bought the PC version, you should still be able to play on Mac in February through Origin. Currently The Sims 4 goes for $59.99, or you can dr…

Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application, and an attacker reopens the application in the browser immediately after the user has logged off. Continue reading...

Severity Rating: Moderate Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Input Method Editor (IME) (Japanese). The vulnerability could allow sandbox escape based on the application sandbox policy on a system where an affected version of the Microsoft IME (Japanese) is installed. An attacker who successfully exploited this vulnerability could escape the sandbox of a vulnerable application and gain access to the affected system with logged-in user rights. If the affected system is logged in with administrative rights, an attacker could then install programs; view, change o…

Severity Rating: Moderate Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker places a specially crafted TrueType font on a network share and a user subsequently navigates there in Windows Explorer. In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnera…

Severity Rating: Important Revision Note: V1.1 (October 16, 2014): Corrected Updates Replaced entries in the Affected Software table for Windows 7 and Windows 2008 R2. This is an informational change only. Customers who have already successfully installed the update do not have to take any action. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is log…

Severity Rating: Moderate Revision Note: V2.0 (October 14, 2014): Bulletin rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this bulletin was originally released. Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Service Bus for Windows Server. The vulnerability could allow denial of service if a remote authenticated attacker creates and runs a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system. Microsoft Service Bus for Windows Server is not shipped with any Mi…

Today, we provide advance notification for the release of four Security Bulletins. One of these updates is rated Critical and three are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer, .NET Framework and Lync. As a reminder, we are now using a new format for our Security Bulletin Webcast, scheduled on Wednesday, September 10, at 11 a.m. PDT. You are no longer required to register, download the Live Meeting client, or dial in to a separate number. A link to the Webcast will be included in our blog next Tuesday. As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, Septem…

Every month for many years, we’ve released a number of updates focused on the continuous improvement of customers’ experiences with our technology. Historically, these updates happened at different times during the month, with the security-specific ones occurring on the second Tuesday of each month. Recently, to further streamline, we decided to include more of our non-security updates together with our security updates and begin the global release to customers on the second Tuesday of each month. This month we had our first roll out with additional non-security updates. A small number of customers experienced problems with a few of the updates. As soon as we became aw…

Today, we published the August 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered ten questions on air, with the majority focusing on the update for Internet Explorer. Here is the video replay: We are aware of some issues related to the recent updates and are working on a fix. For more information please read KB 2982791. We invite you to join us for the next scheduled webcast on Wednesday, September 10, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the September 2014 bulletin release and answer your bulletin deployment questions live on air. There’s no longer a need to register before this eve…

Today, as part of Update Tuesday, we released nine security updates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on the Critical updates first. Here’s an overview slide and video of the security updates released today: Click to enlarge Microsoft also revised Security Advisory 2755801: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer. For more information about …

Today, we provide advance notification for the release of nine Security Bulletins. Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer. As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, August 12, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s Updates. We will also plan to have our Security Bulletin Webcast, scheduled on Wednesday, August 1…

Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker sends a specially crafted input/output control (IOCTL) request to the Message Queuing service. Successful exploitation of this vulnerability could lead to full access of the affected system. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually enable the Message Queuing component are l…

Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. An elevation of privilege vulnerability exists in the way the Windows FASTFAT system driver interacts with FAT32 disk partitions. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges. Continue reading...

Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if an attacker convinces a user to open a specially crafted Microsoft Word file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on…

Severity Rating: Critical Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves fourteen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: Continue reading...

Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in ASP.NET MVC. The vulnerability could allow security feature bypass if an attacker convinces a user to click a specially crafted link or to visit a webpage that contains specially crafted content designed to exploit the vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through a web browser, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that a…

Severity Rating: Important Revision Note: V1.3 (October 2, 2014): Bulletin revised to clarify the conditions under which Windows 7 editions are affected. See the Update FAQ for more information. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow tampering if an attacker gains access to the same network segment as the targeted system during an active RDP session, and then sends specially crafted RDP packets to the targeted system. Continue reading...

Severity Rating: Important Revision Note: V1.3 (September 24, 2014): Bulletin revised to correct a missing Server Core installation entry in the Affected Software table for Microsoft .NET Framework 4 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (2898855). This is an informational change only. Customers running this affected software on Server Core installations who have already applied the 2898855 update do not need to take any action. Customers running this affected software on Server Core installations who have not already installed the update should do so to be protected from the vulnerabilities addressed in this bulletin. Summary: Th…

Severity Rating: Important Revision Note: V1.2 (September 24, 2014): Bulletin revised to change Known issues entry in the Knowledge Base Article section from None to Yes. Summary: This security update resolves a privately disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Continue reading...

Severity Rating: Important Revision Note: V3.0 (September 23, 2014): Bulletin rereleased to announce the reoffering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. See the Update FAQ for details. Summary: This security update resolves three privately reported vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow information disclosure if user clicks on a specially crafted URL. In all cases, however, an attacker would have to convince users to click on the specially crafted URL, typically by getting them to click the URL in an email message or in an Instant Messenger request. Continue reading...

Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit (EMET) 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might use in comprising systems. EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments. EMET helps to protect systems, even before new and undiscovered threats are formally addressed by security updates and antimalware software. This is what some customers have said about EMET: "EMET i…