An anonymous reader quotes a report from Ars Technica: Plenty of apps that you install on your computer have a setting that tells them to launch when you initially log in to save you the trouble of launching your most commonly used apps yourself. Leaving this setting on can also allow apps to check for updates or launch more quickly when you start them for the first time. The difference for some of the preinstalled Microsoft apps in Windows 10 and 11 is that they use some of these resources by default, whether you actually use the apps or not. Developer and IT admin Michael Niehaus drew attention to some of these apps in recent blog posts examining the resource usage of Windows 11's widgets, Microsoft Teams, and Microsoft Edge in a fresh install of Windows 11 (the Edge observations apply to Windows 10, too). Both Widgets and Teams spawn a number of Microsoft Edge WebView2 processes in order to work—WebView2 is a way to use Edge and its rendering engine without launching Edge or using its user interface. Collectively, these processes use a few hundred megabytes of memory to work. The widget-related processes don't start unless you actually click the widgets button, though they remain in the background afterward, even if you're not actively viewing your widgets. But the Teams processes all launch automatically, whether you actually use Teams or not. Uninstalling Teams will prevent this from happening, but Niehaus points out that simply removing the Teams icon from Windows 11's Taskbar in the Taskbar settings is enough to keep these WebView2 processes from launching when you log in. Ars Technica's Andrew Cunningham also recommends disabling System Boost in the Edge settings if you don't use it as your default browser. Otherwise, it too will use a couple hundred megabytes of memory.

Read more of this story at Slashdot.

According to a post on the Microsoft IT Pro Blog, Windows computers will need at least eight hours of online time to obtain and install the latest OS updates successfully. Tom's Hardware reports: Another revelation in the post is that Microsoft tracks how long PCs are connected to Windows Update, calling the statistics "Update Connectivity." The data is available to IT managers in the InTune app, a component of the Endpoint management suite. The post details Microsoft's attempts to figure out why some Windows devices aren't getting the latest quality and feature updates, and discovered that two hours of continuous connectivity was required to get updates. It then took six hours after the release of the patch for a machine to update itself reliably. Microsoft's figures show that 50 percent of Windows devices left behind by Windows Update and running a build of Windows 10 that's no longer serviced do not spend enough time connected to have the patches downloaded and installed in the background. This figure drops to 25 percent for customers using a serviced build of the operating system that lags behind in security updates by 60 days or more. The goods news, as noted by Tom's Hardware, is that "Windows 11 updates are smaller than their Windows 10 counterparts due to improved compression [and] new Microsoft Graph APIs," which should help speed up the update process.

Read more of this story at Slashdot.

Windows Central got their hands on a pre-release build of Microsoft's canceled Andromeda OS running on a Lumia 950. As noted in the article, "Andromeda OS was never intended to ship on the Lumia 950, or any Windows phone on the market at that time." They're using a 950 because Microsoft used them to help develop Andromeda OS internally. Also worth mentioning is the fact that Andromeda OS is no longer in development. Android is the OS that will be powering future Microsoft devices, such as the future Surface Duo devices. Here's an excerpt from the report: Microsoft decided to do something rather unique with Andromeda OS, and build out OS experience around a journaling/inking experience. On the lockscreen, the user is able to begin taking notes directly onto the lockscreen UI just by putting pen to screen. You don't have to initiate a special mode, or enter an app first, just take your Surface Pen and begin writing, and the lockscreen will store that ink for you to see every time you unlock your device. [...] Unlocking the device would take you to your home screen, which on Andromeda OS is another inking canvas. This canvas is called the Journal (though this later became the Microsoft Whiteboard app) which acted as a digital notebook with the ability to take notes with a pen, add sticky notes, insert images and 3D objects, and more. The Journal experience would always be running in the background, with your phone apps running above it. Andromeda OS was also gesture based. The on-screen Start and Cortana buttons would disappear when opening an app to provide a full-screen experience, so to access those areas, you'd swipe in from the left for Start, and from the right for Cortana, which is also where your notifications were stored. Yes, Cortana and your Notifications were one of the same on Andromeda OS, with Cortana becoming your "manager" of notifications missed or stored for dealing with later. A swipe down from the top would reveal the Control Center, which is feature that's now shipping on Windows 11, but started life here on Andromeda OS. Feature-wise, it's exactly the same, with the ability to control things like Wi-Fi, brightness, volume, and music playback. It also features Fluent Design acrylic blur effects, as do many other parts of the UI, even in this unfinished state. [...] There was also an experimental "Radial UX Menu" mode, where instead of gestures swiping in things like Start and Cortana, swiping would present you with a UI full of circular buttons for things like Start, switching apps, and more. This may have been an alternative to on-screen navigation, as not everyone was familiar with full gesture navigation at the time just yet. Or, it could have been an alternative method of navigation for when you were using a pen. Who knows. One thing we're not able to show you is the Continuum mode that Microsoft was also working on for Andromeda OS, as unfortunately it appears to be broken in the build we have. That said, we do know what it was going to be like. Essentially, Microsoft was building out Continuum to be a true desktop experience, with windowed app experiences, the ability to store icons on the desktop, and more. If you'd prefer to see Andromeda OS in action instead of read about it, you can watch Windows Central's video here.

Read more of this story at Slashdot.

Reader segaboy81 shares a report: When Microsoft announced Windows 11 in June of 2021, it was greeted with mixed reactions by the tech press. Some outlets praised the round corners and modern design elements, while others conjectured that visual elements from the remains of Windows 10x had simply been transplanted onto a stable, familiar base. All the while, Microsoft had been gaining a loyal following with what was purported to be last version on Windows. Windows, like Arch Linux, had essentially become a rolling release. That all changed with the announcement of the Surface Pro 8, Surface Go 3, and Surface Laptop Studio. The road has been long for many users, mired with controversy regarding TPM 2.0, AMD Ryzen performance pitfalls, and more. We are a full two months into the official release of Windows 11, but driver support for Microsoft's Surface line of devices listed on the official compatibility list is still incomplete. Counting AMD and Intel variants of the Surface Laptop and the 2021 lineup of new hardware, there are 16 base Surface configurations that support Windows 11. Five of them still don't have a Windows 11 driver package two months after release. They are as follows: Surface Go 2, Surface Pro 6, Surface Laptop 2, Surface Laptop 3 (Ryzen), and Surface Studio 2.

Read more of this story at Slashdot.

"Windows Me was unstable, unloved and unusable," remembered Computerworld last year, on the 20th anniversary of its release, calling it "a stink bomb of an operating system." Windows Me was a ghastly, slapdash piece of work, incompatible with lots of hardware and software. It frequently failed during the installation process — which should have been the first sign for people that this was an operating system they shouldn't try.Often, when you tried to shut it down, it declined to do so, like a two-year-old throwing a temper tantrum over being forced to go to sleep. It was slow and insecure. Its web browser, Internet Explorer, frequently refused to load web pages. But they ultimately argue that it wasn't as bad as Windows Vista, which "simply refused to run, or ran so badly it was useless on countless PCs. Not just old PCs, but even newly bought PCs, right out of the box, with Vista installed." And they conclude that the worst Microsoft OS of all is still Windows 8. ("You want bad? You want stupid? You want an operating system that not only was roundly reviled by consumers and businesses alike, but also set Microsoft's business plans back years?") Slashdot reader alaskana98 even remembers Windows ME semi-fondly as "the last Microsoft OS to use the Windows 95 codebase." While rightly being panned as a buggy and crash-prone OS — indeed it was labelled as the worst version of Windows ever released by Computer World — it did introduce a number of features that continue on to this very day. Those features include: -A personalized start menu that would show your most recently accessed programs, today a common feature in the Windows landscape. -Software support for DVD playback. Previously one needed a dedicated card to playback DVDs. -Windows Movie Maker and Windows Media Player 7, allowing home users to create, edit and burn their own digital home movies. While seemingly pedestrian in today's times, these were groundbreaking features for home users in the year 2000. -The first iteration of System Restore — imagine a modern version of Windows not having the ability to conveniently restore to a working configuration — before Windows ME, this was simply not a possibility for the average home user unless you had a rigorous backup routine. -The removal of real-mode DOS. While very controversial at the time, this change arguably improved the speed and reliability of the boot process. Love it or hate it (well, lets face it, if you were a computer user at that point you probably hated it) — Windows ME did make several important contributions to the modern OS landscape that are often overlooked to this day. Do you have any stories from the heady days of late 2000 when Windows ME was first released? Slashdot reader Z00L00K remembers in a comment that "The removal of real-mode DOS is what REALLY made ME impossible to use for most of us at the time. It broke backwards compatibility so hard that the only way out was to use any of the earlier versions of Windows instead!" Is this re-awakening images of the year 2000 for anyone? Share your own memories and thoughts in the comments. What do you remember about Windows ME?

Read more of this story at Slashdot.

An anonymous reader shares a report: We're nearly two months out from the public release of Windows 11, and Microsoft is still slowly updating bits and pieces of the operating system that weren't quite ready in early October. Microsoft announced redesigned emoji back in July, and the next Windows update (version 22000.348, if you're tracking this sort of thing) adds those emoji to Windows 11. The new emoji remove the bold, black outlines from the Windows 10-era designs and change the colors and shapes of a few to make them match up better with Apple's, Google's, and Samsung's glyphs -- compare the new design for Spiral Shell to the old one, for an example. There are also a few cute Microsoft-specific touches, like a Clippy design for the paperclip emoji, though Ninja Cat appears to have been removed entirely.

Read more of this story at Slashdot.

Qualcomm reportedly has an exclusivity deal with Microsoft for Windows on Arm licenses. From a report: The pair launched Windows on Arm laptops in 2016, and so far we haven't seen any devices launch without a Qualcomm chip. XDA-Developers reports that Qualcomm has had an exclusivity deal on Windows on Arm, but that it's set to expire soon. The report comes days after MediaTek held its executive summit with members of the media last week, where it shared its ambitions to build its own chip for Windows on Arm PCs. If Microsoft's exclusivity deal is about to end with Qualcomm, this could open the door for many more vendors supporting Windows on Arm. Samsung, MediaTek, and even Apple's M1 chips could eventually support Windows on Arm.

Read more of this story at Slashdot.

Along with the release of Windows 10's November 2021 update, Microsoft announced that it will no longer provide Windows 10 updates twice per year. Instead, it's switching to a once-per-year schedule. As Ars Technica notes, "This is meant to sync Windows 10's update schedule with Windows 11's, which is also going to receive major feature updates once per year." From the report: Microsoft hasn't committed to the number of yearly updates it will provide for Windows 10, but the company will support "at least one version" of the OS until update support ends in October of 2025. Microsoft is promising 18 months of support for Windows 10 21H2, so it seems safe to assume that we'll at least see 22H2 and 23H2 releases for Windows 10. For businesses using Windows 10 Enterprise, version 21H2 is also a Long-Term Servicing Channel (LTSC) update and will receive update support for five years instead of 18 months. While more Windows 10 updates will be welcome news for anyone who isn't ready to move to Windows 11 or whose hardware doesn't support the new OS, it's not clear what "feature updates" will entail for an operating system that has been replaced.

Read more of this story at Slashdot.

Microsoft has created a new Media Player app for Windows 11, and it's beginning to test the app with Windows Insiders in the Dev Channel today. The redesigned Media Player app will support both audio and video, and it includes a design that better matches Windows 11's UI improvements. From a report: "At the heart of Media Player is a full-featured music library that allows you to quickly browse and play music, as well as create and manage playlists," explains Dave Grochocki, a senior program manager lead for Microsoft's Windows inbox apps team. "The update to the new Media Player will replace the Groove Music app." The playback view in this new Media Player app includes album art or artist imagery, which will appear both in full-screen modes and the mini player option. Media Player will also support video, which is usually handled in Windows 10 and Windows 11 in a separate Films & TV app. "All your content in the music and video folders on your PC will appear automatically in your library, but you can also tell Media Player where to look for additional content in app settings," says Grochocki.

Read more of this story at Slashdot.

The creator of EdgeDeflector said this week that the latest Insider build of Windows 11 now blocks all default browser workarounds. Thurrott reports: If this functionality makes its way to the finished product, it will mark a new, dark chapter for Microsoft, which told the media at the Windows 11 launch that it was aware that it had made changing app defaults pointlessly difficult, but that it had not done so maliciously and would fix it. This is the opposite of that claim. "Something changed between Windows 11 builds 22483 and 22494 (both Windows Insider Preview builds)," EdgeDeflector creator Daniel Aleksandersen writes in a new blog entry. "The build changelog ... omitted the headline news: you can no longer bypass Microsoft Edge using apps like EdgeDeflector." Basically, EdgeDeflector, as well as third-party browsers like Mozilla Firefox and Brave, intercept OS-level URL requests that force you to use Microsoft Edge even when you have gone through the incredibly ponderous steps to make a non-Edge browser the default in Windows 11. But in the latest Insider Preview build, Microsoft is changing how these URL requests work. And it's no longer possible to intercept URL requests that force users to use Edge instead of their default browser. (In the Insider builds. This functionality will come to mainstream users in the coming months unless we can change Microsoft's collective mind.) "You can't change the default protocol association through registry changes, OEM partner customizations, modifications to the Microsoft Edge package, interference with OpenWith.exe, or any other hackish workarounds," Aleksandersen explains. "Microsoft ... just silently ignores the UserChoice registry keys for the protocol in the registry and opens Microsoft Edge instead." It's even worse than that, really, he continues. "Windows will insist you use Microsoft Edge to a fault even if you brutalize your Windows installation and purge all traces of Microsoft Edge. Windows will open an empty UWP window and show an error message instead of letting you use your preferred web browser."

Read more of this story at Slashdot.

"Intel is gearing up to go to a war with Nvidia," writes Slashdot reader labloke11. "They have their OneAPI and their GPU. It will be interesting... For me, I like competition." Phoronix reports: While Intel Alder Lake is dominating today's news cycle, Intel and Microsoft also announced today that they have brought oneAPI Level Zero and Intel OpenCL support to Windows Subsystem for Linux (WSL2) while employing Intel graphics hardware acceleration. Similar to NVIDIA bringing CUDA and their accelerated GPU support to WSL2 as well as similar efforts by AMD on the Radeon side, Intel and Microsoft are now having Intel graphics compute working within the Linux confines on Windows 11 or Windows 10 21'H2. Hardware-accelerated oneAPI Level Zero, OpenVINO, and OpenCL on Intel graphics hardware can now be enjoyed within the WSL2 environment when using the latest updates and drivers. Like with the rest of the WSL2 stack and capabilities from other GPU vendors, this is at a near-native level of performance. More information can be found via the Microsoft Command Line blog and Intel blog.

Read more of this story at Slashdot.

Phoronix ran some fun performance tests this week. "Now that Windows 11 has been out as stable and the initial round of updates coming out, I've been running fresh Windows 11 vs. Linux benchmarks for seeing how Microsoft's latest operating system release compares to the fresh batch of Linux distributions." First up is the fresh look at the Windows 11 vs. Linux performance on an Intel Core i9 11900K Rocket Lake system... The Windows 11 performance was being compared to all of the latest prominent Linux distributions, including: - Ubuntu 20.04.3 LTS - Ubuntu 21.10 - Arch Linux (latest rolling) - Fedora Workstation 35 - Clear Linux 35150 [...] Each operating system was cleanly installed and then run at its OS default settings for seeing how the out-of-the-box OS performance compares for these five Linux distributions to Microsoft Windows 11 Pro... The geometric mean for all 44 tests showed Linux clearly in front of Windows 11 for this current-generation Intel platform. Ubuntu / Arch / Fedora were about 11% faster overall than Windows 11 Pro on this system. Meanwhile, Clear Linux was about 18% faster than Windows 11 and enjoyed about 5% better performance overall than the other Linux distributions. Out of 44 tests, here's a breakdown of how many first-place wins were scored by each OS: Clear Linux: 33 (75%)Fedora Workstation 35: 4 (9.1%)Windows 11 Pro: 3 (6.8%)Ubuntu 20.04.3 LTS: 2 (4.5%)Arch Linux: 1 (2.3%)Ubuntu 21.10: 1 (2.3%)

Read more of this story at Slashdot.

Microsoft has begun force installing the PC Health Check application on Windows 10 devices using a new KB5005463 update. BleepingComputer reports: PC Health Check is a new diagnostics tool created by Microsoft and released in conjunction with Windows 11 that provides various troubleshooting and maintenance features. However, its primary use has been to analyze a device's hardware to check if it's compatible with Windows 11. Microsoft says that users who do not want PC Health Check on their system can simply uninstall it using the Settings app. However, readers have told BleepingComputer that they have had to uninstall the application numerous times as the applications keep being reinstalled on the next check for updates. To make matters worse, when attempting to uninstall KB5005463, Windows 10 states that the update is not installed, when that is clearly untrue [...]. BleepingComputer has found a way to block the update from installing PC Health Check on your computer for those who do not want the application installed.

Read more of this story at Slashdot.

Today is the 20th anniversary of Windows XP, and although the operating system reached the end of support in 2014, way too many people continue to use the insecure version of Windows. BleepingComputer reports: Windows XP was released on October 25, 2001, and is considered one of the most loved versions of Windows due to its ease of use, fast performance, and stability. Today, after Microsoft has released Windows 7, 8, 10, and 11, a small but respectable number of people are still using the old operating system. This continued usage is a testament to its success but also raises concerns regarding its lack of security. [...] According to StatCounter, the percentage of Windows users using the XP version of the OS in September 2021 is 0.59%, a significant number when you consider how many Windows systems are deployed worldwide. One very notable case is that of Armenia, where Windows XP is the most popular OS, enjoying a share of 53.5% among Windows users. Mainstream support for Windows XP ended on April 14, 2009, with extended support lasting another five years. This means that anyone still running Windows XP has not received support from Microsoft for roughly 7.5 years now, including almost all security updates and fixes for vulnerabilities that may have been discovered. That's a massive amount of time in tech and more than enough to render the operating system a security nightmare with likely a large number of unpatched vulnerabilities. While Microsoft has backported fixes for some of the more serious vulnerabilities in Windows XP, such as EternalBlue and BlueKeep, there are many more vulnerabilities that threat actors could exploit. This makes connecting a Windows XP device to the Internet a risky proposition and why all security professionals recommend users upgrade to a supported version of Windows.

Read more of this story at Slashdot.

"Microsoft has been mainly telling consumers that Windows 11 is meant for newer PCs," reports PC Magazine. "However, an internet user has uploaded a video that shows the OS can actually run on a 15-year-old Pentium 4 chip from Intel." Last week, Twitter user "Carlos S.M." posted screenshots of his Pentium 4-powered PC running Windows 11. He then followed that up with a video and benchmarks to verify that his machine was running the one-core Pentium chip with only 4GB of DDR2 RAM. To install the OS onto the system, Carlos S.M. said he used a Windows 10 PE Installer, which can be used to deploy or repair Windows via a USB drive. "Windows 11 is installed in MBR (Master Boot Record)/Legacy Boot mode, no EFI emulation involved," he added. Of course, the OS runs a bit slow on the Pentium 4 chip. Nevertheless, it shows Windows 11 can easily run on decade-old hardware... Officially, Microsoft has said a PC must possess a newer security feature called TPM 2.0 in order to run Windows 11. To underscore the point, the company released a list of eligible CPUs, and the processors only go as far back as late 2017. However, the company has also quietly acknowledged that older PCs without TPM 2.0 can run Windows 11 — so long as the user decides to manually install the OS onto their machine... If you do install Windows 11 on an unsupported PC, Microsoft warns your machine may not be eligible to receive automatic updates. But apparently Carlos S.M. has had no problems receiving updates for his own Pentium-powered PC. "Windows update still works on this machine and even installed the Patch Tuesday," Carlos S.M. said in a follow-up tweet. Thanks to tlhIngan (Slashdot reader #30,335) for the tip!

Read more of this story at Slashdot.

AMD warned last week that its chips are experiencing performance issues in Windows 11, and now Microsoft's first update to its new OS has reportedly made the problems worse. From a report: TechPowerUp reports that it's seeing much higher latency, which means worse performance, after the Windows 11 update went live yesterday. AMD and Microsoft found two issues with Windows 11 on Ryzen processors. Windows 11 can cause L3 cache latency to triple, slowing performance by up to 15 percent in certain games. The second issue affects AMD's preferred core technology, that shifts threads over to the fastest core on a processor. AMD says this second bug could impact performance on CPU-reliant tasks. TechPowerUp measured the L3 cache latency on its Ryzen 7 2700X at around 10ns, and Windows 11 increased this to 17ns. "This was made much worse with the October 12 'Patch Tuesday' update, driving up the latency to 31.9ns," says TechPowerUp. That's a huge jump, and the exact type of issue AMD warned about.

Read more of this story at Slashdot.

Microsoft has published a new support webpage where they provide an official method to bypass the TPM 2.0 and CPU checks (TPM 1.2 is still required) and have Windows 11 installed on unsupported systems. Bleeping Computer reports: [I]t looks like Microsoft couldn't ignore the fact that bypassing TPM checks is fairly simple, so to avoid having people breaking their systems by using non-standardized third-party scripts, they decided to just give users an official way to do it. Installing Windows 11 on unsupported hardware comes with some pitfalls that users must be aware of, and in some cases, agree to before the operating system will install. "Your device might malfunction due to these compatibility or other issues. Devices that do not meet these system requirement will no longer be guaranteed to receive updates, including but not limited to security updates," Microsoft explains in a new support bulletin. [Y]ou will still require a TPM 1.2 security processor, which many will not likely have. If you are missing a TPM 1.2 processor, you can bypass all TPM checks by using this script that deletes appraiser.dll during setup. To use the new AllowUpgradesWithUnsupportedTPMOrCPU bypass to install Windows 11 on devices, Microsoft instructs you to perform the following steps: 1. Please read all of these instructions before continuing. 2. Visit the Windows 11 software download page, select "Create tool now," and follow the installation instructions to create a bootable media or download an ISO. 3. On Windows, click 'Start', type 'Registry Editor' and click on the icon to launch the tool. 4. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup Registry key and create a new "REG_DWORD" value named "AllowUpgradesWithUnsupportedTPMOrCPU" and set it to "1". Alternatively, you can download a premade Registry file that you can double-click on and merge it to create the above value for you. 5. Reboot your system Having done all that, you may now upgrade to Windows 11 by double-clicking on the downloaded ISO file and running Setup.exe or by using the bootable Windows 11 media you created in Step 1. Microsoft states that standard installation options such as 'Full Upgrade', 'Keep Data Only', and 'Clean Install', will all be available as usual.

Read more of this story at Slashdot.

An anonymous reader quotes a report from BleepingComputer: A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. Even better, the script also works on virtual machines, allowing you to upgrade to the latest Windows Insider build. This new script was released as part of the extremely useful Universal MediaCreationTool wrapper, a batch file that allows you to create an ISO for any version of Windows 10, with Windows 11 support added last week. While the main script of this open-source project is the 'MediaCreationTool.bat' used to create Windows ISOs, it also includes a script named 'Skip_TPM_Check_on_Dynamic_Update.cmd,' which configures the device to bypass compatible hardware checks. When Windows 11 was first announced, Microsoft released the operating system's new system requirements, which included a TPM 2.0 security processor, Secure Boot, newer CPUs, and at least 64 GB of hard drive space. As Microsoft realized that many people, especially those in the enterprise, would be testing Windows 11 preview builds on virtual machines, they exempted them from the system requirements (PDF). However, Microsoft is now requiring compatible hardware even on virtual machines and taking a firm stance on its system requirement, going as far as to say that people who install Windows 11 on incompatible hardware may not get security updates.

Read more of this story at Slashdot.

Thomas Claburn writes via The Register: Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft's advice continues to be that customers should communicate only with servers they trust. On August 10, 2016, Marco van Beek, managing director at UK-based IT consultancy Supporting Role, emailed the Microsoft Security Response Center to disclose an Autodiscover exploit that worked with multiple email clients, including Microsoft Outlook. "Basically, I have discovered that it is extremely easy to get access to Exchange (and therefore Active Directory) user passwords in plain text," he wrote. "It doesn't necessarily require any breach of corporate security, and at its most secure, is only as secure as file level access to the corporate website." His proof-of-concept exploit code, which affected Outlook (both Mac and PC), default email apps for Android and iOS, Apple Mail for Mac OS X, and others, consisted of 11 lines of PHP, though he insisted the exploit probably could have been reduced to three lines. Microsoft acknowledged on August 11, 2016, that it had reproduced the issue in van Beek's report. Then on August 30, 2016, the Windows titan responded to van Beek by saying the report doesn't describe a genuine vulnerability: "Our security engineers and product team have reviewed this report and determined that it is not a security issue to be serviced as part of our monthly Patch Tuesday process. 'Never accept an SSL certificate without a matching host name' is already recommended for clients in the doc cited by your report: [link]. Before you send a request to a candidate, make sure it is trustworthy. Remember that you're sending the user's credentials, so it's important to make sure that you're only sharing them with a server you can trust. At a minimum, you should verify: That the endpoint is an HTTPS endpoint. Client applications should not authenticate or send data to a non-SSL endpoint. That the SSL certificate presented by the server is valid and from a trusted authority." "This response casually forgets to consider that a hacked web server still retains a perfectly valid certificate -- it just happens to use that trusted tunnel to serve up problems," said van Beek. "Also, I have only found one Exchange client so far which actually checks the hostname against the certificate, which is Microsoft's own test tool." Van Beek said he thought it was incredible that Microsoft confirmed the behavior he reported within hours but does not consider it to be a problem. He suggested three mitigations: changing the order of operations so that DNS gets checked first; never accepting an SSL certificate without a matching host name; and reviewing why and when clients respond to authentication requests. When asked if the company plans to take any steps to address credential exposure and whether it believes its guidance adequately addresses the problem, a Microsoft spokesperson said: "We are continuing to investigate the specific scenario shared by the researcher."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The Verge has spotted an apparently new warning message in the Windows 11 Setup app that explicitly warns users of the dangers of installing Windows 11 on unsupported hardware -- you may run into "compatibility issues," your PC "won't be entitled to receive updates," and that "damages to your PC due to lack of compatibility aren't covered under the manufacturer warranty." This is all stuff that we've heard from Microsoft before, but it's the first time that this policy has appeared during the Windows 11 setup process rather than in media reports. Once you click through this foreboding warning message, the Windows 11 installation is apparently allowed to proceed. I've tried and failed to recreate this screen on multiple unsupported Windows 10 systems of different vintages, both with builds downloaded through the Insider program and installs directly from a manually downloaded Windows 11 ISO file. I also haven't seen any firsthand reports of it outside of the Verge report. This doesn't mean it isn't happening -- Microsoft is always rolling out different updates to different groups of people at different times -- just that I can only speculate as to when you will actually see this message and what it means. My guess is that it is eventually intended to replace another screen currently shown when you attempt a manual install of Windows on an unsupported system, one that totally blocks the upgrade if you don't meet Windows 11's processor, TPM, or Secure Boot requirements. The only way to get around that screen and proceed with installation for current builds of Windows 11 is to implement some registry edits that disable the system checks. This new screen would keep the checks in place while allowing people to perform the kind of manual, officially unsupported installs that the company has begrudgingly decided to allow.

Read more of this story at Slashdot.