Is Windows 11 released?
Windows 11 is due out later in 2021 and will be delivered over several months. The rollout of the upgrade to Windows 10 devices already in use today will begin in 2022 through the first half of that year. That being said, new devices running Windows 11 are still expected to release this year. Moneycontrol.comWindows 11 RTM release date: Intel's support document may have leaked it
Security researchers have shown how they were able to bypass Windows 10's Windows Hello biometric authentication with just a single infrared frame of the target.
Researchers at security firm Cyber Ark have detailed the Windows Hello authentication bypass and how an attacker could exploit it.
New year, new laptop? These are the devices that should be at or near the top of your shortlist.
The attack is quite elaborate and would require planning, including being able to acquire an infrared (IR) image of the target's face and building a custom USB device, such as a USB web camera, that will work with Windows Hello. The attack exploits how Windows 10 treats these USB devices and would require the attacker to have gained physical access to the target PC.
But with those pieces in place, an attacker could gain access to sensitive information on the target's Windows 10 PC – and potentially information stored in Microsoft 365 cloud services.
"With only one valid IR frame of the target, the adversary can bypass the facial recognition mechanism of Windows Hello, resulting in a complete authentication bypass and potential access to all the victim's sensitive assets," Cyber Ark researcher Omer Tsarfati explained in a blogpost.
The attacker could capture an IR frame of the target or convert a regular RGB frame into an IR frame.
The apparent weakness lies in how Windows Hello processes "public" data, such as the image of the person's face, from a USB device, so long as the device meets Windows Hello requirements that the camera has both IR and RGB sensors.
The researchers discovered that only the IR camera frames are processed during authentication, so an attacker just needs a valid IR frame to bypass Windows Hello authentication. The RGB frames can contain anything. During tests, Tsarfati used an RGB frame of SpongeBob and the bypass still worked.
Tsarfati argued it would be fairly simple to get an IR frame of the target. For example, walking by the person with an IR camera or placing it where the target will likely walk through, such as an elevator. The image could even be snapped at a distance with higher-end infrared sensors.
Tsarfati noted that Microsoft addressed the vulnerability last week and has tagged it as CVE-2021-34466.
Microsoft said that the attacker would need physical access and that it is a complex attack to pull off. Microsoft noted it is an important patch to apply, but its description suggests it's nothing an admin should lose sleep over.
"A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected," Microsoft noted.
"For example, a successful attack may require an attacker to: gather knowledge about the environment in which the vulnerable target/component exists; prepare the target environment to improve exploit reliability; or inject themselves into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g., a man in the middle attack)."
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.
You agree to receive updates, alerts, and promotions from the CBS family of companies - including ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time.
The best parts of Windows 11 are already in Windows 10. You just have to enable them.
Windows 11 test build 22000.65, available to those in the Dev Channel, includes a number of fixes to Microsoft's first official Windows 11 preview.
Kids, don't try this at home!
While the changes to Windows' look and feel may grab the eye, the less visible security upgrades may be more interesting to CIOs.
Microsoft changes its visual language for fatal operating system errors.
Read full article at CNBC
20 July, 2021 - 02:00pm
Though it isn’t exactly something that is easily accomplished (and Microsoft says it has mitigated the vulnerability), there’s a very specific set of conditions that can lead to the bypassing. In all cases, hackers would need to capture an IR image of the victim’s face, have physical access to the victim’s PC, and also use a custom USB device that can impersonate a camera. CyberArk Labs describe the six-part process on its website, with a video showing the proof-of-concept.
Per the firm, this is all possible because Windows Hello will only process IR camera frames when trying to authenticate a user. “One would need to implement a USB camera that supports RGB and IR cameras. This USB device then only needs to send genuine IR frames of the victim to bypass the login phase, while the RGB frames can contain anything,” said CyberArk’s Omer Tsarfati.
There currently is no evidence that this vulnerability has been actively used, but CyberArk Labs warns that someone with the right skills can use this to target journalists and others with sensitive content on their devices. It is also important to note that the research was done on Windows Hello for Business and not the consumer version of Windows Hello. There is still, though, the chance that this vulnerability could apply to other security systems where a third-party USB camera is used as a biometric sensor.
CyberArk labs submitted this vulnerability to Microsoft back on March 23, 2021. Microsoft acknowledged this issue a day later. Microsoft has since assigned a CVE for the issue, sharing mitigation via a security update on July 13.
According to Microsoft, this patch mitigated the issue and Windows Hello Enhanced Sign-in Security can protect against such attacks. CyberArk, though, points out that the mitigation depends on having devices with specific cameras, and the “inherent to system design, implicit trust of input from peripheral devices remains.” An investigation is still ongoing.
Copyright ©2021 Designtechnica Corporation. All rights reserved.
20 July, 2021 - 02:00pm
In this article, we show you how you can easily check the Windows 10 activation and licensing status on your computer using the following methods:
20 July, 2021 - 02:00pm
Last month, Microsoft finally unveiled the much-anticipated Windows 11 update. The update comes with a new UI, performance, and productivity improvements. Microsoft has also released the minimum system requirements for Windows 11 which includes Secure Boot and TPM 2.0 among other things, but the latter can be bypassed for now.
Earlier, a tweet from official Windows account suggested that Microsoft will roll out the update in 2022. However, it looks like Microsoft may release Windows 11 a tad early. According to documentation published by Intel along with its recent GPU driver update, Microsoft may start seeding Windows 11 in October 2021. The driver document notes that the Intel drivers will be compatible with "Windows 11 - October 2021 Update" giving us a clue about the release schedule.
Microsoft may push Windows 11 update a bit further down the line, as it has done in the past to make last minute fixes. However, from the looks of it, the Redmond giant is preparing to release Windows 11 update to existing users as well as new hardware in the second half of 2021. However, like the previous updates, we do expect Microsoft to test the waters by seeding the update out to a small set of users before kicking off the public roll out.
For more information on the topic, you can check out our article on minimum system requirements as well as the list of CPUs that support Windows 11. Apart from the general requirements, Microsoft has also listed out specific feature requirements for Windows 11 including webcams, Bluetooth and Precision Touchpad on all upcoming laptops. Last month, Microsoft also updated the PC Health Check app to show why a device is not ineligible to receive the Windows 11 update. However, the company will allow some manufacturers to bypass the TPM 2.0 requirement and it is also allowing Windows Insiders with unsupported hardware to test Windows 11 Insider Builds. Several manufacturers have published a list of hardware that will be compatible with Windows 11.
If you are still out of the loop, then you can check out hands-on video. If you want to get in-depth information about Windows 11 then you can check out our article covering all the new features and changes.
Please enter your reason for reporting this comment.
The following codes can be used in comments.
© Since 2000 Neowin LLC. All trademarks mentioned are the property of their respective owners.
19 July, 2021 - 12:38pm
Two more vulnerabilities found, and fixes aren't out yet
One more, and possibly two more, serious security flaws related to the Windows PrintNightmare flaw were revealed in the past few days. Until Microsoft provides software updates, the only way to completely protect your system from attacks using at least one of these flaws is to completely disable printing.
Like the PrintNightmare flaw that was accidentally disclosed, and then partly patched, in late June and early July, these new flaws abuse the Print Spooler service in Windows.
The first flaw was July 15 in an unexpected Microsoft security bulletin. It allows an attacker with local access — such as malware that has already infected your machine by other means, or a baddie sitting down at your machine while you're logged on but have stepped away — to "escalate privileges" and gain full control of the machine.
"The workaround for this vulnerability is stopping and disabling the Print Spooler service," the software maker dryly added.
In other words, to mitigate (though not truly fix) this flaw, you've got to disable printing entirely. We've got instructions on how to do so below.
But hold on: If you're using a PC at home, AND you've got some of the best Windows 10 antivirus software installed to prevent malware infection, AND you trust the people you live with not to mess with your PC, you may not need to take such drastic measures.
Exploitation of this flaw (Microsoft gave it the catalogue number CVE-2021-34481) is a higher risk for PC users in workplaces who are networked (locally) to dozens of other machines and who may leave their PCs unlocked while they go get coffee or use the bathroom.
Credit for the discovery of this flaw goes to a security researcher named Jacob Baines, who plans to disclose his findings at the DEF CON hacker conference next month. He was a little perplexed that Microsoft chose to reveal the flaw publicly before a fix was available.
"The MS advisory/CVE was a surprise to me and, as far as I'm concerned, it wasn't a coordinated disclosure," Baines wrote in a tweet. He added that he had privately disclosed the flaw to Microsoft on June 18.
If you are here for information on CVE-2021-34481, you'll have to wait for my DEF CON talk. I don't consider it to be a variant of PrintNightmare. The MS advisory/CVE was a surprise to me and, as far as I'm concerned, it wasn't a coordinated disclosure.July 16, 2021
Microsoft said in its bulletin that it was "developing a security update" to fix this flaw, but did not provide a timetable.
The company didn't give details about exactly what the flaw is, but Baines' DEF CON synopsis hints that it has something to do with installing a vulnerable print driver using the Windows PrintDemon, Print Spooler and Point and Print services.
He promises to show "three examples" which suggests that he may have found more than one flaw, or more than one way to exploit the same flaw.
That sounds like it might overlap with the second Windows printing security vulnerability disclosed in the past few days, as revealed by French hacker Benjamin Delpy on July 16.
#printnightmare - Episode 4You know what is better than a Legit Kiwi Printer ?🥝Another Legit Kiwi Printer...👍No prerequiste at all, you even don't need to sign drivers/package🤪 pic.twitter.com/oInb5jm3tEJuly 16, 2021
Delpy told Bleeping Computer that he found a loophole in a the Windows Point and Print feature that permits download and installation over the internet of print drivers that aren't verified by Microsoft.
Point and Print is already bad enough, as it lets unprivileged Windows users — who normally aren't allowed to install system-level software — download and install printer drivers from local printers. Fortunately, Point and Print isn't found often on home PCs, being more of an enterprise thing.
But those drivers are supposed to be signed by Microsoft. Delpy found that he could get around this and deliver malicious printer drivers by having a PC connect to two similar printers at around the same time. (We don't quite understand exactly how it works.)
Will Dormann, a researcher at the U.S.-government-funded CERT Coordination Center (CERT-CC) in Pittsburgh, confirmed that Delpy's exploit "works well."
This works well.Who could have predicted that allowing non-admin users to automatically install printer drivers could have ended up being problematic? https://t.co/0c4IRwUoijJuly 17, 2021
Now, whether this the same flaw as what Baines disclosed to Microsoft, we can't tell. Delpy says his exploit works over the internet, permitting remote code execution by far-off hackers instead of just local-privilege escalation by nearby hackers. And again, Delpy's flaw doesn't really apply to home PCs, while Baines' flaw does. But they do broadly sound the same.
Dormann wrote up an official CERT-CC security bulletin that warns about Delpy's as-yet-uncatalogued flaw. The mitigations are to "block outbound SMB traffic at your network boundary" and "configure PackagePointAndPrintServerList," which won't make sense to home users.
Nonetheless, home users can implement Microsoft's stop-gap solution to the catalogued flaw that was disclosed earlier. Again, this kills your ability to print, so think twice before doing this.
To disable Print Spooler, you've got to pretend you're an IT pro and fire up Windows PowerShell, which is kind of a more powerful version of the standard Windows Command Prompt tool. Fortunately, PowerShell has been built into Windows since Windows 7.
1. Search for "PowerShell" in the search field next to the Windows icon in the bottom left of your Windows 10 screen
2. Right-click on "Windows PowerShell" in the search results and select "Run as administrator".
3. Type in your Windows administrative password. If you already regularly run Windows as an administrator (and you shouldn't), then it's just your regular login password.
4. In the PowerShell window, type
You'll get a brief status report telling you whether Print Spooler is running and enabled. If it is, then take the next steps.
Of course, you'll want to make printing possible again once this flaw is fixed.
To restart Print Spooler, fire up PowerShell again, type in
To make the change permanent, type in
Thank you for signing up to Tom's Guide. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.
© Future US, Inc. 11 West 42nd Street, 15th Floor, New York, NY 10036.