PCs

Microsoft this week lifted the security update blockade on Windows 10 PCs that do not have approved antivirus software, but kept the no-patches-for-you rule in place for the more popular Windows 7.

The update roadblock was assembled in early January, when Microsoft issued mitigations against the Spectre and Meltdown vulnerabilities. Those vulnerabilities stemmed from design flaws in virtually all modern processors made by Intel, AMD and ARM. According to Microsoft, the security updates could brick PCs equipped with antivirus (AV) software that had improperly tapped into kernel memory.

To read this article in full, please click here

Microsoft’s free Windows Analytics service now scans enterprise Windows 7, Windows 8.1 and Windows 10 PCs, and reports whether they’ve been updated to defend against potential attacks exploiting the Meltdown and Spectre processor vulnerabilities.

The new capabilities of Windows Analytics’ “Upgrade Readiness” were announced Tuesday by Terry Myerson, the top Windows executive at the company. Myerson called the vulnerabilities – found by Google security researchers and reported to vendors in mid-2017 – “a new challenge for all of us” because they were in the silicon, not in software.

“We have added new capabilities to our free Windows Analytics service to report the status for all the Windows devices that [IT professionals] manage,” Myerson wrote in a post to a company blog.

To read this article in full, please click here

Microsoft plans to extend support for its Windows Defender ATP service to devices running older operating systems, including Windows 7.

The decision, announced this week, is a turn-about for Microsoft, which had limited the service to Windows 10 machines. In a post to a company blog, a Microsoft director cited customers’ heterogeneous set-ups to explain the change.

“We know that while in their transition, some [customers] may have a mix of Windows 10 and Windows 7 devices in their environments,” wrote Rob Lefferts of the Windows group’s security and enterprise team. “We want to help our customers achieve the best security possible on their way to Windows 10 ahead of the end of support for Windows 7 in January 2020.”

To read this article in full, please click here

Windows 10 will power to its third anniversary this summer, but one branch, identified by the initials L-T-S-B, remains an enigma to most corporate users.

LTSB, which stands for “Long-term Servicing Branch,” was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.

That hasn’t happened, in part because Microsoft has steered customers away from LTSB.

Just what is LTSB? And what has Microsoft done to make it an afterthought?

To read this article in full, please click here

If you’re wondering whether your computer is susceptible to the latest bête noir, Meltdown and Spectre, you can take the official Microsoft patch and, after a suitable amount of technical drudgery, come away with a result that doesn’t answer much. Or you can try Steve Gibson’s new InSpectre and – with suitable caveats – see some meaningful results and a few hints about catching up.

Microsoft has a complex PowerShell script that details your machine’s exposure to the Meltdown and Spectre security flaws. Running that script on all but the simplest and most up-to-date systems turns into a hair-pulling exercise, and the results are coated in 10 layers of technical gobbledygook.

To read this article in full, please click here

It’s been more than a year since Microsoft ended the decades-old practice of letting customers choose which patches they apply, and instead instituted a cumulative update maintenance model for Windows 7 and its shadow-of-a-sibling, Window 8.1.

And yet some users still don’t grasp the new scheme.

“There are plenty of people who don’t know which kind of update they should use,” Chris Geottl, product manager with client security and management vendor Ivanti, said in a recent interview. “‘Which one should I do? What non-security features are included in the monthly rollup? There’s still some confusion.”

No wonder there.

Microsoft asked for a lot last year. It asked enterprise IT administrators to upend ingrained patching practices. It asked them to make radical changes to how they maintain Windows 7 deep into its lifecycle, when there were just three years and change remaining before retirement, a phase most admins probably thought they’d be coasting as they prepped for Windows 10. It asked customers to absorb new terminology. And it changed the rules more than once after the new process debuted.

To read this article in full, please click here

Windows 7’s security rollups, the most comprehensive of the fixes it pushes out each Patch Tuesday, have almost doubled in size since Microsoft revamped the veteran operating system’s update regimen last year.

According to Microsoft’s own data, what it calls the “Security Quality Monthly Rollup” (rollup from here on) grew by more than 70% within the first dozen issued updates. From its October 2016 inception, the x86 version of the update increased from 72MB to 124.4MB, a 73% jump. Meanwhile, the always-larger 64-bit version went from an initial 119.4MB to 203.2MB 12 updates later, representing a 70% increase.

The swelling security updates were not, in themselves, a surprise. Last year, when Microsoft announced huge changes to how it serviced Windows 7, it admitted that rollups would put on pounds as the months pass. “The Rollups will start out small, but we expect that these will grow over time,’ Nathan Mercer, a Microsoft product marketing manager, said at the time. Mercer’s explanation: “A Monthly Rollup in October will include all updates for October, while November will include October and November updates, and so on.”

To read this article in full, please click here