Blunder burns unicorn attack that exploited Windows and Reader

Enlarge (credit: Lisa Cooper)

It’s not every day someone develops a malware attack that with one click exploits separate zeroday vulnerabilities in two widely pieces of software. It’s even rarer that a careless mistake burns such a unicorn before it can be used. Researches say that’s precisely happened to malicious PDF document designed to target unpatched vulnerabilities in both Adobe Reader and older versions of Microsoft Windows.

Modern applications typically contain “sandboxes” and other defenses that make it much harder for exploits to successfully execute malicious code on computers. When these protections work as intended, attacks that exploit buffer overflows and other common software vulnerabilities result in a simple application crash, rather than a potentially catastrophic security event. The defenses require attackers to chain together two or more exploits, one that executes malicious code and a separate one that allows the code to break out of the sandbox.

A security researcher from antivirus provider Eset recently found a PDF document that bypassed these protections when Reader ran on older Windows versions. It exploited a then-unpatched memory corruption vulnerability, known as a double free, in Reader that made it possible to gain a limited ability to read and write to memory. But to install programs, the PDF still needed a way to bypass the sandbox so that the code could run in more sensitive parts of the OS.

Read 6 remaining paragraphs | Comments

Advertisements

In the lab with Xbox’s new Adaptive Controller, which may change gaming forever

A look inside the Xbox Inclusive Tech Lab as they reveal their new controller with improved accessibility. (Captions available.)

REDMOND, Washington—The Xbox Adaptive Controller (XAC), slated to launch “later this year,” looks almost incomplete at first glance. The clean, confusing-looking slab, nearly the length and width of an Xbox One S, has no joysticks. The usual selection of Xbox inputs has been reduced down to a few menu buttons, a D-pad, and two black, hand-sized pads.

Don’t let the pared-down design fool you. The XAC is one of the most unique and widely useful control tools Microsoft has ever designed, and it seems poised to change the way many players interact with the games they love.

Sam Machkovech

Read 53 remaining paragraphs | Comments

Report: Microsoft is going to try to make a cheap Surface tablet… again

The Surface 3’s non-LTE version.

Bloomberg reports that Microsoft is going to release a $400, 10-inch, Intel-powered Surface tablet in the second half of the year, in a renewed effort to take on the iPad.

This represents a return to a strategy the company has tried before. The original ARM Surface RT and Surface 2 and the Intel-equipped Surface 3 were all attempts to offer a low(ish) priced tablet operating in the same approximate market as the iPad. None saw any great success, however, and the Surface 3 was discontinued in late 2016. The winner in the Surface line has been the more expensive Surface Pro series: Microsoft found a formula that worked with the Surface Pro 3 and has seen steady sales and a proliferation of copycat devices.

The problem with Surface Pro is the price: the current-generation Surface Pro starts at $799. This makes it a hard sell for markets such as education, where it’s going up against systems such as Apple’s new $329 iPad (sold to schools for $299), and various Chromebooks running Google’s Chrome OS.

Read 1 remaining paragraphs | Comments

Microsoft blocks Windows 10 April 2018 update to some Intel SSDs

Enlarge / Intel SSD 600p. (credit: Intel)

The April 2018 update for Windows 10 is now being blocked from installing on systems with certain Intel SSDs.

With the update installed, systems with the Intel SSD 600p Series and Intel SSD Pro 6000p Series devices seem to crash repeatedly during startup. The problem appears to be recoverable insofar as you can hold down F8 and roll back the update. But that’s the only known solution at the time of writing. The issue appears to be unique to Intel’s firmware on the SSD; other devices with the same controllers (but different firmware) do not seem to be having any problems.

Microsoft is now blocking the update from affected systems until a solution is devised.

Read 2 remaining paragraphs | Comments

Surface Hub 2 coming in 2019, looks amazing

Surface Hub 2 Intro video.

Microsoft gave an early look at its next-generation Surface Hub 2 today. It will go on sale next year, with certain selected customers testing it this year.

Microsoft’s Surface Hub, its conference room computer, was something of a surprise hit. The system has been in short supply since its launch about three years ago, especially in its 84-inch version: its combination of video conferencing and whiteboarding makes it a collaborative tool with few direct competitors.

The central feature of the new system is that it’s a 50.5-inch 4K display with a rotating mount. Instead of the traditional 16:9 aspect ratio, the Surface Hub 2 has the same 3:2 ratio of Microsoft’s other Surface systems. Need a larger screen? Up to four Surface Hub 2s can be tiled together in either portrait or landscape mode. The bezels are much narrower to enable this kind of tiling. Even with this much sleeker look, it still contains speakers, a far-field microphone array, and a camera.

Read 1 remaining paragraphs | Comments

Download and play these Xbox Games Pass titles while you still can

Enlarge / While still “over 100 Games,” the selection on Xbox Games Pass is set to get a bit smaller next month.

Microsoft’s $10 per month Xbox Games Pass subscription service will be seeing the first significant reduction in its game library at the end of May. That’s when 21 available titles—primarily backward-compatible Xbox 360 games—will be rotating out of the service.

Microsoft has been adding seven to ten games to Games Pass every month since its launch last June, bringing the total number of Xbox One and Xbox 360 titles subscribers can download to over 170. Only a small handful of previously available titles have been removed during that run, including WWE 2K17, NBA 2K17, and Metal Gear Solid V.

Industry watchers (including yours truly) have been referring to Games Pass as a “Netflix for Games” since before its launch. But this is the first real sign that the service will mimic Netflix’s practice of regularly cycling movies and TV shows in and out of its selection month to month. The end of May will represent exactly one year since Games Pass’ full launch, suggesting that expiring year-long licensing agreements with third-party publishers could be behind the latest reductions.

Read 3 remaining paragraphs | Comments

Microsoft can’t fix “flickergate” Surface Pro 4s with software, so it’s replacing them

At first glance, it’s easy to mistake the Surface Pro 4 for the Surface Pro 3.

Microsoft will replace Surface Pro 4s that are afflicted with a screen flickering issue that is caused by a hardware problem and is unfixable in firmware or software.

For more than a year, there have been complaints from Surface Pro 4 users that their tablet computers were developing a nasty screen flickering issue. You can see the issue in action here. The random occurrence and nature of the corruption made it clear that the hardware was the cause. To try and eke some life out of their systems, Surface Pro 4 users were going to extreme lengths. Sticking the machines in the freezer would restore normal function for a short period, and other owners felt that hairdryers were a better solution.

With Microsoft now properly acknowledging the problem, these hacks are no longer necessary. Customers with affected machines must request a replacement within three years of the initial purchase, whether it was a consumer or a corporate sale. They’ll receive a refurbished but otherwise equivalent Surface Pro 4.

Read 2 remaining paragraphs | Comments