Announcing the Windows Bounty Program

Posted on

Microsoft has announced the Windows Bounty Program for computer security professionals (or those that enjoy looking for security vulnerabilities). The target areas are the Windows Insider slow builds of Windows 10, Hyper-V, Microsoft Edge, Windows Defender Application Guard and the mitigation bypass and bounty for defense. The payouts for finding an exploitable vulnerability range from $500 – $250,000.

The overall program highlights:

  • Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
  • Bounty payouts will range from $500 USD to $250,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
  • All security bugs are important to us and we request you report all security bugs to secure@microsoft.com via Coordinated Vulnerability Disclosure (CVD) policy
  • For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog
Read More

Critical Flaws in Windows NTLM Protocol

Posted on

This Patch Tuesday from Microsoft includes patches for Windows that affects all Windows OS’s released since 2007. Swati Khandelwal has a post about the new vulnerabilities and how they could be exploited. Make sure you run Windows Update to grab the latest updates and protect yourself from these vulnerabilities.

Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a new domain administrator account and get control of the entire domain.

NT LAN Manager (NTLM) is an old authentication protocol used on networks that include systems running the Windows operating system and stand-alone systems.

Although NTLM was replaced by Kerberos in Windows 2000 that adds greater security to systems on a network, NTLM is still supported by Microsoft and continues to be used widely.

Read More

Windows Update Troubleshooter Tool

Several people have had issues with Windows Update, from Windows 8.1 not able to update to Windows 10 not updating to the latest Insider build. Microsoft has a Troubleshooting tool that can help find the issue and correct it.

While this is not a fix all for everything that could be wrong with Windows Update, and it might not fix your particular issue, it is a good place to start. Also, if you are in the Insiders Program, always be sure to check the release notes. There are some known issues that have caused problems updating in the past (Anti-virus could interfere, SD Card could interfere, etc..). This is a great place to start if you are having issues, though, and it does work very fast to fix any issues with Windows Update that you may have.

 

1. Go to The Microsoft Windows Update Troubleshooter page (https://support.microsoft.com/en-us/instantanswers/512a5183-ffab-40c5-8a68-021e32467565/windows-update-troubleshooter) and download the troubleshooter for your current operating system.

 

 

2. Run the file. This is a single file that can run on it’s own and does not require any installation. Select “Windows Update” and then click Next.

 

 

3. If it runs and cannot detect issues, it may need to be run as an Administrator, which is an option when it runs. The tool will run and check several things.

 

 

 

 

The Troubleshooting tool checks several things:

    • Default Windows Update data locations have changed?
    • Some security settings are missing or have been changed?
    • Check for missing or corrupt files.
    • Service registration is missing or corrupt.
    • Potential Windows Update Database error detected?

 

4. The tool will fix any found issues, and you can then close the troubleshooter. You can also click for a more detailed report to see what it did fix. From there, you can go back into Windows  Update and try the updates again.

 

 

If you click the View detailed information, you see what was checked and what was fixed.

 

Read More

Windows Feature Suggestion Box

Posted on

Microsoft has a new way to suggest ideas, features and suggestions for Windows – Windows Feature Suggestion Box. Using User Voice, it allows you to submit feedback for Windows. Users get to vote on the best submissions and Microsoft will look at the highest voted suggestions and see if they can implement them in a future update of Windows.

Users get 20 votes to start and can vote 1-3 times per suggestion. When you are out of votes, you can take away from previous voted suggestion. If a suggestion is added into Windows, you get those votes back. This is used for suggesting features and not for submitting bugs and errors to the Windows team.

Windows Phone has a similar User Voice available, and I have voted on and submitted several ideas over the years, and many have been implemented. Microsoft does listen and take these suggestions seriously.

It is a nice feeling when you suggest a feature and people vote on it. Seeing that feature in Windows, and knowing that you had a part in getting it in the product (one way or another).

Microsoft is moving in the right direction by taking a lot of input from users via the feedback tool in Windows 10 Technical Preview, Windows Feature Suggestion Box, MVP program, and other avenues.

Windows Feature Suggestion Box provides the Windows PC/Tablet user community with a channel for feedback. To help us build the best version of Windows ever, we created this forum to hear your ideas, suggestions and feedback. Please vote for a feature suggestion or submit your own!

How Does This Work?

Standard Disclaimer – our lawyers made us put this here 😉 Please note that the Windows Feature Suggestion Box is moderated and is a voluntary participation-based project. If your submission is not a product feature suggestion it may be removed. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos which you do not want to grant a license to Microsoft. Your submission is subject to these License Terms . Please limit your suggestions to 25 words or less.

 

UserVoice

Read More

“Confirmed” Windows 9 Free Upgrade for Windows 8 Users

Several sites are running with the story that Windows 9 will be a free upgrade to Windows 8 users. Now, this was a slip from a Indonesian Microsoft executive, and not the Microsoft corporation itself. If it is a valid rumor, it’s excellent news for everyone that is running Windows 8 right now. But, I would still take it with a grain of salt. It’s not necessary a “confirmation” with this. At most, it’s a likely rumor.

According to Diantoro, the Windows 9 upgrade will be available free of charge to all existing Windows 8 users once it’s released. Apparently, users will be able to easily install the Windows 9 update after downloading it from Microsoft, which is how Apple’s OS X updates have been rolled out to Macs for a few years now. For what it’s worth, some of the recent Windows 9 leaks did say that Microsoft already has a tool in place that will allow users to easily perform software updates.

Read More

Microsoft Windows #1 Software Business

Microsoft Windows is the number one software business, comprising $110 Billion of worth. Following Windows by a close margin is the popular Office Suite. Amazing how one piece of software could be so well received by the community. Microsoft protects it’s Windows OS from competition and piracy so much, probably because without it, it’d just be another software company out there.

Windows, now valued at $110 billion, has surpassed IBM’s Middleware ($107 billion). The figures come courtesy of Trefis, a financial analysis firm who track the most popular stocks in the US. Trefis has been tracking Microsoft’s Windows sales over the past year and has published its results for all to see. “While most of the businesses continued to retain their position, Microsoft’s Windows Operating System emerged as the single most valuable software business segment in 2010. Microsoft Windows Operating System (at $110 billion) surpassed IBM’s Middleware, which at $107 billion now stands at a comfortable second,” states Trefis.

Read More

Windows 8 and “The Cloud”

According to Softpedia, Windows 8 will need to move past the “To The Cloud!” agenda they are using with Windows 7. Sure, Windows Essentials is considered “Cloud” software. So is their Microsoft Office Online (Office 365), among others. What Microsoft isn’t teaching people is that “The Cloud” is actually just the Internet. The software that utilizes the connection to the Internet, for storage or as a place to access software (Software as a Service), is considered “Cloud Computing”. While I feel that the whole “Cloud” moniker is overused and misunderstood by many, and is definitely a huge buzz word that the marketing directors use to entice people to switch over to their remotely hosted servers or applications.

Also for the time being, Windows 7’s connection to the Cloud is largely limited to the rich clients packaged into the Windows Live Essentials 2011 suite.

At least this is the conclusion of the new “To the Cloud” marketing campaign put together for the successor of Windows Vista.

No less than four video advertisements have already been released, all of which embedded at the bottom of this article for your viewing pleasure.

Read More

Using Dual Monitors

Although I don’t recommend using the ancient tiny CRT monitors in this article, I do like using dual monitors for working. I like having email on a screen and everything else on another. It’s also great when using Visual Studio, or Tweetdeck or multiple browser windows. Dual monitors, if you have them available, are wonderful to increase desktop space and productivity. You can even have a video playing on one and do work on the other.

Once your monitor is set up, you can use your mouse to grab the title bar of a window and drag it to your new display. If a window does not move when you drag it, double-click the title bar first, and then drag it. Having two monitors will forever change the way you work with your computer. Be creative and experiment with the sizing of application windows and what information you can keep in constant view while doing multiple tasks.


Read More

New Extreme Windows Blog From Microsoft

The Windows Team Blog has started a new blog, aimed at the power user or enthusiast for Windows. This should have some great tips for the more advanced Windows users out there. I know I’ll be frequently visiting the blog. I’m about half way done with a Windows 7 book aimed at the same individuals, the power users.

Today we are launching a new blog called Extreme Windows. As you know (or don’t know) The Windows Blog is a network or family of blogs that together tell the company’s Windows story across different audiences spanning Windows, Windows Live, Internet Explorer and Windows Phone. Each individual blog has a distinct purpose and caters to a specific audience. For example the Windows Experience Blog focuses on the consumer audience – or the average PC user. Our goal for this blog, will cater to more advanced PC users – “power users” or what we call “enthusiasts”.

What exactly is an enthusiast you might ask? For Extreme Windows – we are defining enthusiast as someone with the following characteristics:

  • Passion for Technology – Someone who (IS) excited for technology and is always interested in learning more about and using the latest technology.
  • Understands the value of technology – Someone who is willing to spend what it takes to get top-of-the-line, state-of-the-art, and bleeding-edge technology.
  • Is a source of knowledge for others – Someone whose family, friends, co-workers and others rely on for great technology advice.
  • Read More