Microsoft pushes OOB safety updates for Windows Snipping resource flaw

March 26, 2023 Laurent

Microsoft released an crisis security update for the Windows 10 and Home windows 11 Snipping instrument to deal with the Acropalypse privateness vulnerability.

Now tracked as CVE-2023-28303, the Acropalypse vulnerability is brought about by image editors not properly getting rid of cropped impression knowledge when overwriting the unique file.

For case in point, if you just take a screenshot and crop out delicate info, these as account quantities, you must have sensible anticipations that this cropped data will be taken off when saving the graphic.

Having said that, with this bug, equally the Google Pixel’s Markup Tool and the Home windows Snipping Tool were being observed to be leaving the cropped information in just the first file.

For instance, in the impression beneath, you can see how excess facts is saved immediately after the IEND file marker, which denotes the stop of a PNG file. Normally, there must be no knowledge following the IEND marker.

Cropped data mistakenly saved after IEND marker — **Cropped info mistakenly saved right after IEND marker**
*Source: BleepingComputer*

This excess info could be applied to partially get well the cropped picture material, probably exposing delicate material that was under no circumstances meant to be general public.

Security researchers have advised BleepingComputer that the variety of general public images impacted by this flaw may well be high, with VirusTotal by itself web hosting around 4,000 pictures influenced by the Acropalypse bug.

For that reason, on providers catering to graphic web hosting, the amount of Acropalypse-impacted photographs is very likely a lot better.

Microsoft releases OOB protection update

As BleepingComputer noted, Microsoft was testing a fix for the Windows 11 Snipping Device bug in the Home windows Insider Canary channel.

Previous evening, Microsoft publicly introduced protection updates for both of those the Windows 10 Snip & Sketch and Windows 11 Snipping Device application to take care of the Acropalypse flaw.

“We have produced a safety update for these equipment by way of CVE-2023-28303. We advocate customers apply the update,” Microsoft informed BleepingComputer.

Soon after setting up this security update, Home windows 11 Snipping Resource will be model 10.2008.3001., and Home windows 10 Snip & Sketch

… Read More... Read More

Microsoft 365 trial provide blocks entry to Windows 10 desktops

February 8, 2023 Laurent

Home windows 10 end users are reportedly getting blocked from accessing their desktops by total-display demo presents for the Microsoft 365 productivity suite (previously Office 365).

These features (titled “Access granted: We are giving you a free demo of Microsoft 365 Family members”) are being pushed by means of full-screen notifications that give the users no alternative but to enter their payment info to activate the trial.

They are displayed all through the Home windows Out of Box Encounter (OOBE) ahead of loading the Home windows desktop.

The only options available to individuals observing these entire-monitor promos are to “Try for no cost” and “No, thanks.”

After clicking “No, thanks,” the person gets despatched to a “Verify your payment alternative” display screen where by the only solution left is to “Commence demo, get afterwards.”

Though these kinds of screens are revealed soon after doing clean up Windows installs and putting in feature updates, they commonly contain an solution for “Skip for now” on the base left side of the screen. Nonetheless, this time, Microsoft has changed that button with a “Privateness and Cookies” link.

“Home windows 10 avoiding me from booting into desktop with no to start with non-consensually getting pressured to acknowledge their cost-free demo and $100 regular monthly thereafter (definitely I cancelled soon after but WTF Microsoft),” a Reddit user who uploaded a video clip of this happening stated.

“Looks like they unintentionally switched more than the strings for no thanks and attempt it buttons. The try it button must actually be the no thanks button,” someone else chimed in.

Microsoft looks to be tests other layouts and pushing unique delivers due to the fact other individuals have noted viewing 50% promos with “Future” and “No, many thanks” buttons at the base.

Equally, clicking the “No, many thanks” button would just take them to a new monitor exactly where they are questioned to enter their payment information and facts and only given the solution to “Acquire now.”

“Exact same issue virtually occurred to me previous night time. I stored wanting to know why “no thanks” retained

… Read More... Read More

Google, Amazon, Microsoft, Meta, Twitter severance packages in contrast

January 23, 2023 Laurent

Google headquarters is found in Mountain See, California, United States on September 26, 2022. (Photo by Tayfun Coskun/Anadolu Agency by using Getty Visuals)

Anadolu Agency | Anadolu Agency | Getty Photos

Tech organizations have laid off tens of hundreds of personnel in modern months as the field grapples with a lessened chance urge for food from investors and raises in borrowing prices. Laid-off personnel throughout the tech sector enter an uncertain task current market, with head depend reductions taking put throughout all encounter degrees and teams. Couple of firms, with the doable exception of Apple, have been immune.

Laid-off personnel will acquire severance offers of various dimensions and length, depending on where by they work. This is what some of the greatest tech names have promised their staff.

Alphabet

On Friday, CEO Sundar Pichai reported Google would lay off 12,000 personnel across “product or service areas, features, degrees, and locations.” Laid-off U.S. workers will get fork out by the notification time period and receive a 16-7 days foundation severance deal with an extra two months for each individual calendar year of employment at Google, Pichai claimed in a memo to workforce.

Laid-off workers will also have “at least” 16 weeks of share vesting accelerated and receive 6 months of health-care protection, he explained.

A Securities and Exchange Commission filing from Google mum or dad firm Alphabet disclosed the memo from Pichai but did not specify the price of the layoffs.

CNBC previously reported that staff had been anticipating layoffs with mounting stress and that at a heated September 2022 all-fingers conference staff members pushed again against Pichai’s value-reducing attempts.

Microsoft

On Wednesday, Microsoft explained it was laying off 10,000 workforce as the program maker predicted slower profits advancement for the forthcoming 12 months. The cuts will just take area by the stop of March, with a spokesperson telling CNBC that revenue and internet marketing groups would see deeper cuts than engineering.

CEO Satya Nadella reported in an employee memo that some would study this 7 days if they were being dropping their employment.

Benefit-eligible U.S. personnel are to acquire severance,

… Read More... Read More

PriceWaterhouseCoopers (PwC) Acquires AWS, Microsoft Azure Cloud Consulting Corporations

July 22, 2022 Laurent

by Sharon Florentine • Jul 1, 2022

PriceWaterhouseCoopers (PwC) has acquired two cloud consulting firms that focus in Amazon World wide web Expert services (AWS) and Microsoft Azure. Financial conditions of the promotions had been not disclosed.

The initial offer consists of PwC Middle East earning a strategic financial commitment in Zero&One particular. The next offer involved PwC US buying Applications Consulting Training Methods (Functions).

These are technological innovation M&A deal number 589 and 590 that ChannelE2E has covered so significantly in 2022.

PwC Makes a Pair of Cloud Consulting Acquisitions

PwC, based mostly in London, was founded in 1998 by the merger of Coopers & Lybrand. The organization has 277,846 staff stated on LinkedIn. PwC’s locations of know-how include things like assurance, tax and advisory expert services, IT consulting, cybersecurity and managed stability products and services.

PwC’s hottest acquisitions require:

Zero&1, started in 2017, is centered in Dubai, United Arab Emirates with an supplemental locale in Beirut, Lebanon. The organization has 41 workforce shown on LinkedIn. Zero&One’s areas of know-how contain cloud, AWS, major knowledge, blockchain, cloud migration, disaster restoration, backup, growth, IaaS, SaaS, equipment discovering, synthetic intelligence, high availability, fault-tolerance, authorities cloud, wise metropolis and IoT.
Acts has 152 personnel and is dependent in Jacksonville, Florida. Acts regions of know-how contain cloud, Microsoft Azure, cloud engineering and technology answers. The acquisition of Acts will lengthen the reach of PwC’s cloud practical experience in economical services and accelerate cross-business modernization of Microsoft cloud expert services, the providers explained.

PwC Acquisitions: Govt Views

Ali Hosseini, chief electronic officer, companion, PwC

Ali El Kontar, CEO, Zero&1

Ali Hosseini, main digital officer and partner, PwC Center East, commented on the Zero&Just one expense:

“The expense in Zero&1 grows our cloud functionality and existing proposition at a time in which AWS has dedicated to opening a variety of AWS data centers in the UAE. Investing in Zero&One, the initial and only neighborhood AWS Premier Companion in the Center East, gives us end-to-finish cloud transformation functionality, from tactic to execution. With bilingual abilities and a presence in the UAE and Lebanon,

… Read More... Read More

Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws

July 10, 2022 Laurent

Tag CVE ID CVE Title Severity .NET and Visual Studio CVE-2022-30184 .NET and Visual Studio Information Disclosure Vulnerability Important Azure OMI CVE-2022-29149 Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Important Azure Real Time Operating System CVE-2022-30179 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important Azure Real Time Operating System CVE-2022-30178 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important Azure Real Time Operating System CVE-2022-30180 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important Azure Real Time Operating System CVE-2022-30177 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important Azure Service Fabric Container CVE-2022-30137 Azure Service Fabric Container Elevation of Privilege Vulnerability Important Intel CVE-2022-21127 Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) Important Intel ADV220002 Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities Unknown Intel CVE-2022-21123 Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) Important Intel CVE-2022-21125 Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) Important Intel CVE-2022-21166 Intel: CVE-2022-21166 Device Register Partial Write (DRPW) Important Microsoft Edge (Chromium-based) CVE-2022-2011 Chromium: CVE-2022-2011 Use after free in ANGLE Unknown Microsoft Edge (Chromium-based) CVE-2022-2010 Chromium: CVE-2022-2010 Out of bounds read in compositing Unknown Microsoft Edge (Chromium-based) CVE-2022-2008 Chromium: CVE-2022-2008 Out of bounds memory access in WebGL Unknown Microsoft Edge (Chromium-based) CVE-2022-2007 Chromium: CVE-2022-2007 Use after free in WebGPU Unknown Microsoft Edge (Chromium-based) CVE-2022-22021 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate Microsoft Office CVE-2022-30159 Microsoft Office Information Disclosure Vulnerability Important Microsoft Office CVE-2022-30171 Microsoft Office Information Disclosure Vulnerability Important Microsoft Office CVE-2022-30172 Microsoft Office Information Disclosure Vulnerability Important Microsoft Office CVE-2022-30174 Microsoft Office Remote Code Execution Vulnerability Important Microsoft Office Excel CVE-2022-30173 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2022-30158 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2022-30157 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Windows ALPC CVE-2022-30160 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Important Microsoft Windows Codecs Library CVE-2022-29119 HEVC Video Extensions Remote Code Execution Vulnerability Important Microsoft Windows Codecs Library CVE-2022-30188 HEVC Video Extensions Remote Code Execution Vulnerability Important Microsoft Windows Codecs Library CVE-2022-30167 AV1 Video Extension Remote Code Execution Vulnerability Important Microsoft Windows

… Read More... Read More

Tech Activities this 7 days Microsoft Ignite 2021, internet site advancement instruction, some others

November 29, 2021 Laurent

Hello there. Welcome to an additional 7 days which is, of training course, also the start of a New Month. This week is packed with enjoyable routines that we just can’t wait to share.

We have curated a listing of some tech events which will be keeping this 7 days. These activities occur up amongst November 1 and November 6, 2021.

Microsoft Ignite 2021

Microsoft will be internet hosting its second Ignite conference of the calendar year this 7 days. The meeting will assistance consumers join with authorities to get solutions to inquiries relevant to deploying and controlling Microsoft technologies.

Microsoft Ignite

Vital speakers at the event will incorporate Microsoft’s tech leaders, Satya Nadella, Vasu Jakkal, James Phillips, Alysa Taylor, Jared Spataro, Mitra Azizirad, among other individuals. They will be talking on the latest in cloud, productivity, collaboration, stability, and application development.

The event will incorporate solution demos, Q&A periods with Microsoft experts, complex deep dives, and much more.

At this celebration, Microsoft will announce new options and solutions that are aimed at IT execs. It is reasonable to be expecting information about Azure, Microsoft Teams, and extra.

Date: November 2-4, 2021
Time: 4:00 PM WAT
Location: Virtual

Sign-up In this article.

Sustainable Good Cities and Digital Economic system Discussion board

Tech Events this week; Microsoft Ignite 2021 and many others.

Afritex initiative will be web hosting its Sustainable Clever Metropolitan areas and Digital Financial system Discussion board in Abuja this 7 days.

The event is a 3-working day major occasion bringing collectively in excess of 1,000 regional and global stakeholders at all degrees to learn and share the several prospects for growth in this ever-evolving smart town and electronic financial system.

Participants at the event will also be in a position to comprehend the potential of utilizing slicing-edge options to be intelligent, secure, protected, and sustainable in a electronic overall economy.

This function will be an modern platform aimed at endorsing procedures that are in sync with the most up-to-date know-how innovation.

The discussion board is anticipated to determine sizeable alternatives to construct inclusive, sustainable sensible economies by management and collaboration to maximize the interoperability of new systems

… Read More... Read More

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.