NewApp Digest
search bot

Azure

About darn time: Microsoft says it has fixed the annoying lag in Windows Explorer when working with cloud-based files
Winsage
February 17, 2025

About darn time: Microsoft says it has fixed the annoying lag in Windows Explorer when working with cloud-based files

The recent beta update from Microsoft, identified as KB5052094, aims to improve the sluggish performance of Windows Explorer when managing OneDrive files. This update is currently available only to users in the Review Release Channel of Windows 11. Users on the standard public release have not yet tested these performance claims. The update is anticipated to address the lag experienced during context menu operations, such as right-clicking on cloud files. The delays in these operations have been a source of frustration for users, impacting workflow. There are speculations regarding the delay in addressing this issue, which may involve necessary adjustments to Azure's infrastructure.
Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild
Winsage
February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.
Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE's Fixed
Winsage
February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.
Zero Day Initiative — The February 2025 Security Update Review
Winsage
February 11, 2025

Zero Day Initiative — The February 2025 Security Update Review

Adobe released seven bulletins in February 2025, addressing 45 CVEs across products such as InDesign, Commerce, Substance 3D Stager, InCopy, Illustrator, Substance 3D Designer, and Photoshop Elements. The updates include: - InDesign: Seven bugs fixed, four rated Critical. - Illustrator: Three critical bugs allowing arbitrary code execution when opening malicious files. - Substance 3D Stager: One DoS bug fixed. - InCopy: One critical-rated code execution vulnerability patched. - Substance 3D Designer: One critical-rated code execution vulnerability patched. - Photoshop Elements: One important-rated privilege escalation vulnerability addressed. None of the patched vulnerabilities were publicly known or under active attack at the time of release. Microsoft released patches for 57 new CVEs affecting Windows, Office, Azure, Visual Studio, and Remote Desktop Services, totaling 67 CVEs including third-party submissions. The severity ratings are: - 3 rated Critical - 53 rated Important - 1 rated Moderate Two vulnerabilities are publicly known, and two are under active attack. Notable vulnerabilities include: - CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability allowing file deletion and privilege escalation. - CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability requiring authenticated user interaction. - CVE-2025-21376: Windows LDAP Remote Code Execution Vulnerability allowing unauthenticated remote code execution. - CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability exploitable through the Preview Pane requiring user interaction.
Microsoft bolsters PostgreSQL with NoSQL-like extensions
Tech Optimizer
February 11, 2025

Microsoft bolsters PostgreSQL with NoSQL-like extensions

Microsoft introduced two new open-source extensions for PostgreSQL: pg_documentdb_core, which supports BSON, and pg_documentdb_api, which allows MongoDB-compatible commands for CRUD operations. These extensions will operate on the Azure Cosmos DB PostgreSQL database service and can also be used with FerretDB, an open-source alternative to MongoDB. FerretDB's latest version features performance enhancements of up to 20 times for specific workloads. Andrew Pavlo from Carnegie Mellon University noted that the distinction between document databases and relational systems is diminishing. MongoDB expressed skepticism about Microsoft's offerings, stating that adding an API to a relational database is not true innovation. FerretDB aims to provide a solid foundation for users seeking alternatives to MongoDB. Analysts suggest that while Microsoft's extensions may enhance PostgreSQL's market position, they are unlikely to significantly undermine MongoDB's established presence.
Get the ultimate all-in-one Windows + Microsoft software upgrade for £44
Winsage
February 7, 2025

Get the ultimate all-in-one Windows + Microsoft software upgrade for £44

A bundle is available that includes a lifetime license for Microsoft Office Professional 2021 for Windows and Windows 11 Pro for the price of .97, reduced from 8. The bundle provides essential applications like Word, Excel, PowerPoint, and Outlook, along with enhanced security features in Windows 11 Pro, such as TPM 2.0, BitLocker encryption, and Smart App Control. It also includes productivity tools like an AI-powered Copilot assistant and multitasking capabilities through innovative snap layouts. This offer is a one-time purchase, eliminating recurring subscription costs.
Microsoft reveals more on just how much it'll cost you to keep using Windows 10
Winsage
February 7, 2025

Microsoft reveals more on just how much it’ll cost you to keep using Windows 10

Microsoft will launch the Windows 10 Extended Security Updates (ESU) program in November 2025, offering three additional years of support for a fee that will double annually. Currently, 60% of Windows installations are on Windows 10, while Windows 11 has a 37% market share. Users of Windows 365 or Azure Virtual Desktop will receive the Extended Security Updates at no additional cost.
You Can Get Windows 11 Pro on Sale for A$31 Right Now
Winsage
February 6, 2025

You Can Get Windows 11 Pro on Sale for A$31 Right Now

Windows 11 Pro is currently available for a reduced price of A, down from A8. The activation code allows users to upgrade two compatible PCs and access features such as a revamped user interface and Windows Copilot, an intelligent assistant powered by GPT-4. The Pro version includes advanced features like Remote Desktop, BitLocker Device Encryption, Azure AD integration, Hyper-V virtualization, Assigned Access, and Windows Sandbox. Minimum system requirements are 4GB of RAM and 64GB of available storage. Availability and pricing on StackSocial may change.
Remember it'll cost ya to keep the lights on for Windows 10
Winsage
February 5, 2025

Remember it’ll cost ya to keep the lights on for Windows 10

Microsoft has updated its support documentation for the Extended Security Updates (ESU) program for Windows 10, detailing the pricing structure for commercial customers starting in 2024. The costs are set at per device for the first year, doubling in the second year, and reaching four times the initial cost in the third year. Organizations that join in Year Two must still pay for Year One, as the ESUs are cumulative. Free support for most versions of Windows 10 will end in November 2025. Organizations with a Windows 10 endpoint connected to a Windows 365 Cloud PC may qualify for free ESUs, and Windows 10 virtual machines in Windows 365 or Azure Virtual Desktop can access ESUs for up to three years with an active Windows 365 subscription license.
Search