Microsoft is starting to submerge its servers in liquid to improve their performance and energy efficiency. A rack of servers is now being used for production loads in what looks like a liquid bath. From a report: This immersion process has existed in the industry for a few years now, but Microsoft claims it's "the first cloud provider that is running two-phase immersion cooling in a production environment." The cooling works by completely submerging server racks in a specially designed non-conductive fluid. The fluorocarbon-based liquid works by removing heat as it directly hits components and the fluid reaches a lower boiling point (122 degrees Fahrenheit or 50 degrees Celsius) to condense and fall back into the bath as a raining liquid. This creates a closed-loop cooling system, reducing costs as no energy is needed to move the liquid around the tank, and no chiller is needed for the condenser either. "It's essentially a bath tub," explains Christian Belady, vice president of Microsoft's data center advanced development group, in an interview with The Verge. "The rack will lie down inside that bath tub, and what you'll see is boiling just like you'd see boiling in your pot. The boiling in your pot is at 100 degrees Celsius, and in this case it's at 50 degrees Celsius."

Read more of this story at Slashdot.

Microsoft has shut down its Cortana app for iOS and Android. From a report: It's the latest in a series of moves to end support for Cortana across multiple devices, including Microsoft's own Surface Headphones. The Cortana app for iOS and Android is no longer supported, and Microsoft has removed it from both the App Store and Google's Play Store.

Read more of this story at Slashdot.

The Pentagon announced that Microsoft has won a contract to build more than 120,000 custom HoloLens augmented-reality headsets for the U.S. Army. The contract could be worth up to $21.88 billion over 10 years, a Microsoft spokesperson said. From a report: The deal shows Microsoft can generate meaningful revenue from a futuristic product resulting from years of research, beyond core areas such as operating systems and productivity software. It follows a $480 million contract Microsoft received to give the Army prototypes of the Integrated Visual Augmented System, or IVAS, in 2018. The new deal will involve providing production versions. The standard-issue HoloLens, which costs $3,500, enables people to see holograms overlaid over their actual environments and interact using hand and voice gestures. An IVAS prototype that a CNBC reporter tried out in 2019 displayed a map and a compass and had thermal imaging to reveal people in the dark. The system could also show the aim for a weapon. "The IVAS headset, based on HoloLens and augmented by Microsoft Azure cloud services, delivers a platform that will keep soldiers safer and make them more effective," Alex Kipman, a technical fellow at Microsoft and the person who introduced the HoloLens in 2015, wrote in a blog post. "The program delivers enhanced situational awareness, enabling information sharing and decision-making in a variety of scenarios."

Read more of this story at Slashdot.

Security researcher Brian Krebs wants you to know... "New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let's just get this out of the way right now: It wasn't me." The Shadowserver Foundation, a nonprofit that helps network owners identify and fix security threats, says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with [a domain that begins with brian . krebsonsecurity... Not a safe domain.] Shadowserver has been tracking wave after wave of attacks targeting flaws in Exchange that Microsoft addressed earlier this month in an emergency patch release. The group looks for attacks on Exchange systems using a combination of active Internet scans and "honeypots" — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how. David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. "web shells") that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server's emails)... Shadowserver's honeypots saw multiple hosts with the Babydraco backdoor doing the same thing: Running a Microsoft Powershell script that fetches the file "krebsonsecurity.exe"... Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious. The Krebsonsecurity file also installs a root certificate, modifies the system registry, and tells Windows Defender not to scan the file. Watson said the Krebsonsecurity file will attempt to open up an encrypted connection between the Exchange server and the above-mentioned IP address, and send a small amount of traffic to it each minute. Shadowserver found more than 21,000 Exchange Server systems that had the Babydraco backdoor installed. But Watson said they don't know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain. "Despite the abuse, this is potentially a good opportunity to highlight how vulnerable/compromised MS Exchange servers are being exploited in the wild right now, and hopefully help get the message out to victims that they need to sign up our free daily network reports," Watson said.

Read more of this story at Slashdot.

Microsoft is rebranding Xbox Live to Xbox network. Instances of the new branding started appearing in the Xbox dashboard recently for beta testers, with clips being uploaded to "Xbox network" instead of Xbox Live. Microsoft has now confirmed the name change. From a report: "'Xbox network' refers to the underlying Xbox online service, which was updated in the Microsoft Services Agreement," says a Microsoft spokesperson in a statement to The Verge. "The update from 'Xbox Live' to 'Xbox network' is intended to distinguish the underlying service from Xbox Live Gold memberships." Microsoft has used Xbox Live to refer to its underlying Xbox service since its original launch 18 years ago. Larry Hryb, better known as Major Nelson, has been known as "Xbox Live's Major Nelson" for years, but Hryb now refers to himself as "Xbox's Major Nelson."

Read more of this story at Slashdot.

Microsoft is in talks to acquire Discord, a video-game chat community, for more than $10 billion, Bloomberg reports, citing people familiar with the matter. From the report: Discord has been talking to potential buyers and software giant Microsoft is in the running, but no deal is imminent, said the people, who asked not to be identified because the discussions are private. Discord is more likely to go public than sell itself, one person said. Representatives for Microsoft and Discord declined to comment. VentureBeat reported earlier on Monday that Discord was engaged in sales talks. San Francisco-based Discord is best known for its free service that lets gamers communicate by video, voice and text, and people stuck at home during the pandemic have increasingly used its technology for study groups, dance classes, book clubs and other virtual gatherings. It has more than 100 million monthly active users and has been elaborating its communication tools to turn it into a "place to talk" rather than merely a gamer-centric chat platform.

Read more of this story at Slashdot.

"A new study from Microsoft, released Monday, found that among the more than 31,000 workers it surveyed, 73% hoped remote work options would continue when the pandemic ends," reports CNET. "Even Gen Z applicants were slightly more likely to apply for a job with remote options than for one strictly in an office," even though they feel that they're losing out on the career growth that happens in the office. CNET reports: Gen Z workers, born roughly between the mid-1990s and mid-2010s, responded to Microsoft's surveys generally by saying they're more stressed and find they're struggling more than their peers. They tend to be single, since they're younger, leading them to feel isolated. And since they're early in their careers, they don't have financial means to create a good workspace at home if their employer won't pay for it. And they're not having those in-person meetings that sometimes help them land in career advancing projects, or even to get in good with the boss. "Without hallway conversations, chance encounters, and small talk over coffee, it's hard to feel connected even to my immediate team, much less build meaningful connections across the company," wrote Hannah McConnaughey, a product marketing manager at Microsoft who's a Gen Z worker. "Networking as someone early in their career has gotten so much more daunting since the move to fully remote work -- especially since switching to a totally different team during the pandemic!" Employees also say they want flexibility rather than fully remote jobs. Of the workers Microsoft surveyed, 73% said they want remote work options to stay, with 46% saying they plan to move now that they can work remotely. Still, 67% said they want more in-person work or collaboration too. In short: We don't seem to know what we want yet. [...] In its conclusions, Microsoft suggests companies invest in technology that helps bridge the physical and digital worlds, so teams can work remotely and in the office. Additionally, it says Gen Z employees need more career support.

Read more of this story at Slashdot.

"If I worked in tech antitrust policy, I would really want to understand why all the cases against Microsoft 20 years ago were such an unqualified failure." That's what venture capitalist Benedict Evans (formerly an Andreessen Horowitz partner), is asking regulators on Twitter. "You won, yet achieved nothing, and then Microsoft's dominance went away anyway. Why?" Long-time Slashdot reader theodp notes the thread of reminiscent reactions from Microsoft employees prompted this response on the blog of software developer Dave Winer "to lament the collateral damage of a winner-take-all mentality." "Microsoft could've played a senior role, and helped the rest of us add all kinds of editors and databases to the web, and at least try to bring across some of the GUI innovations of the 1980s. Instead all that was lost. Today, decades later, because of the chaos Microsoft brought us then, the editors on the web still suck. They are really inferior. Far less useful than the editors we had before the web. "What if Microsoft had chilled and brought together the best minds from the PC era and asked some basic questions like how are we going to make the web better for everyone, at least as good as what we had before. What a time that would have been to do just that. But they acted like spoiled children." But are we facing the same issues today? In The End of Silicon Valley as We Know It?, geek publishing icon/seed investor Tim O'Reilly checks in on tech's latter-day missed opportunities: The extractive behavior the tech giants exhibit has been the norm for modern capitalism since Milton Friedman set its objective function in 1970: "The social responsibility of business is to increase its profits"... It's a sad time for Silicon Valley, because we are seeing not only the death of its youthful idealism but a missed opportunity. Paul Cohen, the former DARPA program manager for AI, made a powerful statement a few years ago at a meeting of the National Academy of Sciences that we both attended: "The opportunity of AI is to help humans model and manage complex interacting systems." That statement sums up so much of the potential that is squandered when firms like Google, Amazon, and Facebook fall prey to the Friedman doctrine rather than setting more ambitious goals for their algorithms. I'm not talking about future breakthroughs in AI so much as I'm talking about the fundamental advances in market coordination that the internet gatekeepers have demonstrated. These powers can be used to better model and manage complex interacting systems for the good of all. Too often, though, they have been made subservient to the old extractive paradigm."

Read more of this story at Slashdot.

"Microsoft has implemented an automatic mitigation tool within Defender Antivirus to tackle critical vulnerabilities in Exchange Server," reports ZDNet: On March 18, the Redmond giant said the software will automatically mitigate CVE-2021-26855, a severe vulnerability that is being actively exploited in the wild. This vulnerability is one of four that can be used in a wider attack chain to compromise on-premise Exchange servers. Microsoft released emergency fixes for the security flaws on March 2 and warned that a state-sponsored threat group called Hafnium was actively exploiting the bugs, and since then, tens of thousands of organizations are suspected to have been attacked. At least 10 other advanced persistent threat (APT) groups have jumped on the opportunity slow or fragmented patching has provided. The implementation of a recent security intelligence update for Microsoft Defender Antivirus and System Center Endpoint Protection means that mitigations will be applied on vulnerable Exchange servers when the software is deployed, without any further input from users. According to the firm, Microsoft Defender Antivirus will automatically identify if a server is vulnerable and apply the mitigation fix once per machine. The article also points out Microsoft also released a one-click mitigation tool earlier this week, which is "still readily available as an alternative way to mitigate risk to vulnerable servers if IT admins do not have Defender Antivirus."

Read more of this story at Slashdot.

Microsoft unveiled new technology to boost government and health care organizations' vaccine management systems, including scheduling shot appointments and monitoring results, to fix shortcomings weeks after the company's initial custom-built programs ran aground in a few states. From a report: The Microsoft Vaccine Management product released Friday is made up of features and new apps that the software company said will improve upon and fix the glitches that occurred when its previous effort, the Vaccination Registration and Application System, failed to work properly in New Jersey and Washington D.C. The new software "incorporates lessons learned from VRAS regarding scalable architecture, improved user experiences for residents and health care workers," the company said in an email. It also uses health care standards for information transfer so data can be exported more quickly to other record systems, such as electronic medical records. The software also addresses other issues that hampered the previous option, including requiring users to pre-register before seeking a Covid-19 vaccine appointment and providing a way to proactively handle spikes in demand.

Read more of this story at Slashdot.

Thelasko writes: Microsoft is reporting an outage of Office 365, including Microsoft Teams. On its status page, Microsoft adds: Users may be unable to access multiple Microsoft services. User impact: Users may be unable to access multiple Microsoft 365, Azure, and Dynamics 365 services, including the Service Health Dashboard. More info: Any service that leverages Azure Active Directory (AAD) may be affected. This includes but is not limited to Microsoft Teams, Forms, Exchange Online, Intune and Yammer. Current status: We've identified the underlying cause of the problem and are taking steps to mitigate impact. We'll provide an updated ETA on resolution as soon as one is available. Scope of impact: This issue could affect any user.

Read more of this story at Slashdot.

America is contemplating how to respond to breaches "pulled off by Russia and China against a broad array of government and industrial targets," reports the New York Times: Both hacks exploited the same gaping vulnerability in the existing system: They were launched from inside the United States — on servers run by Amazon, GoDaddy and smaller domestic providers — putting them out of reach of the early warning system run by the National Security Agency. The agency, like the C.I.A. and other American intelligence agencies, is prohibited by law from conducting surveillance inside the United States, to protect the privacy of American citizens. But the F.B.I. and Department of Homeland Security — the two agencies that can legally operate inside the United States — were also blind to what happened, raising additional concerns about the nation's capacity to defend itself from both rival governments and nonstate attackers like criminal and terrorist groups. In the end, the hacks were detected long after they had begun not by any government agency but by private computer security firms... Biden administration officials said they would seek a deeper partnership with the private sector, tapping the knowledge of emerging hacking threats gathered by technology companies and cybersecurity firms. The hope, current and former officials say, is to set up a real-time threat sharing arrangement, whereby private companies would send threat data to a central repository where the government could pair it with intelligence from the National Security Agency, the C.I.A. and other spy shops, to provide a far earlier warning than is possible today. A U.S. representative who co-chairs a cyberspace commission colorfully characterized both breaches to the TImes. "When not one but two cyberhacks have gone undetected by the federal government in such a short period of time, it's hard to say that we don't have a problem. The system is blinking red." But then there's this: Last month, in the days before Microsoft released an emergency patch for vulnerable Exchange Servers, multiple state-backed Chinese groups were apparently tipped off that the company was testing a patch. They began gorging on vulnerable systems with a speed and aggression that some security experts said they had never seen before. It is unclear how exactly these Chinese groups learned of Microsoft's patch, but the timing suggests they caught wind of the moves when Microsoft rolled out a test version of its patch to its security partners at cybersecurity firms in late February. Eighty companies participate in a longstanding partnership with Microsoft, known as the Microsoft Active Protections Program, including 10 Chinese firms. Microsoft confidentially alerts these companies to emerging cyberthreats and vulnerabilities ahead of its official patch cycle. The company is investigating whether one of its partners may have leaked to Chinese hackers or was itself hacked.

Read more of this story at Slashdot.

Bleeping Computer reports: The most well-known and popular blogging platform, WordPress, is considering dropping support for Internet Explorer 11 as the browser's usage dips below 1%. Using three metrics to determine the number of people still using IE 11, WordPress has found that its cumulative usage is below 1%... WordPress is not alone in dropping support for IE 11. In August 2020, Microsoft announced that they would no longer support Internet Explorer on the Microsoft Teams web app, and Microsoft 365 would no longer support it starting on August 17th, 2021. "Dropping support would result in smaller scripts, lower maintenance burden, and decrease build times," notes a post on the Wordpress blog. "For instance, a recent exploration by @youknowriad demonstrated that not transpiling the scripts to IE11 immediately resulted in a net reduction of nearly 84kB in the Gutenberg JavaScript [Wordpress Editor interface] built files, representing a 7,78% total decrease in size; these scripts have seen a size contraction up to 60%, with an average reduction of 24%... "Moreover, dropping support would ultimately make WordPress' currently included polyfill script obsolete, decreasing the enqueued scripts size up to 102kB more."

Read more of this story at Slashdot.

"Microsoft-owned GitHub has removed a proof-of-concept (PoC) exploit for critical ProxyLogon bugs in Microsoft Exchange, causing a backlash from security researchers," reports Inside.com's Developer newsletter: The exploit has recently led to infections of as many as 100,000 servers. Microsoft rushed out patches last week for the vulnerabilities in response to a number of Chinese groups exploiting the bugs. "This is huge, removing a security researcher's code from GitHub against their own product and which has already been patched. This is not good," Dave Kennedy, founder of TrustedSec, tweeted. "It's unfortunate that there's no way to share research and tools with professionals without also sharing them with attackers, but many people (like me) believe the benefits outweigh the risks," tweeted Tavis Ormandy, a member of Google's Project Zero.

Read more of this story at Slashdot.

Microsoft is investigating whether a world-wide cyberattack on tens of thousands of its corporate customers may be linked to a leak of information by the company or its partners, WSJ reported Friday, citing people familiar with the matter. From a report: The investigation centers in part on the question of how a stealthy attack that began in early January picked up steam in the week before the company was able to send a software fix to customers. In that time, a handful of China-linked hacking groups obtained the tools that allowed them to launch wide-ranging cyberattacks that have now infected computers all over the world running Microsoft's Exchange email software. Some of the tools used in the second wave of the attack, which is believed to have begun Feb. 28, bear similarities to âoeproof-of-conceptâ attack code that Microsoft distributed to antivirus companies and other security partners Feb. 23, investigators at security companies say. Microsoft had planned to release its security fixes two weeks later, on March 9, but after the second wave began it pushed out the patches a week early, on March 2, according to researchers.

Read more of this story at Slashdot.

As many as 60,000 computer systems in Germany were exposed to a flaw that allows unauthorized users to access systems in Microsoft's email software, the head of its cybersecurity watchdog said on Wednesday. Reuters reports: More than half of the vulnerabilities were addressed following a warning last weekend by the Federal Office for Information Security (BSI), but around 25,000 systems still need to be fixed, BSI chief Arne Schoenbohm said. "The warning has worked. In Germany, many Exchange servers have been secured by downloading patches," Schoenbohm said in written comments to Reuters. "Every vulnerable system is one too many and can lead to harm." In a 14-page report on the Microsoft vulnerability, the BSI said the behavior of hackers exploiting it had changed sharply since it was publicly revealed. Initially, most targets had been think tanks, universities, non-governmental organizations, law firms and defense companies - mostly in the United States. "Now, these exploits are being deployed at mass scale against thousands of targets - apparently worldwide," the report said. At least 10 different hacking groups were using the latest flaw in Microsoft's mail server software to break into targets around the world, according to researchers at cybersecurity company ESET. In Germany, two federal authorities have been affected by the hack, the BSI said, declining to say which.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: The European Banking Authority on Monday said it had been targeted by hackers, although no data had been obtained and it was redoubling efforts to shield itself amid a global cyber attack exploiting flaws in Microsoft's mail server software. The European Union's banking regulator, which gathers and stores swathes of sensitive data about banks and their lending, said it believed the cyber attack had struck only its email servers. It is the latest prominent victim among tens of thousands of organizations in Asia and Europe targeted in a campaign which Microsoft Corp says makes use of previously undetected vulnerabilities in different versions of its mail server software. The hacks are continuing despite emergency patches issued by Microsoft, which has said it is working with government agencies and security companies to help customers. However, one scan of connected devices showed only 10% of those vulnerable had installed the patches by Friday, though the number was rising.

Read more of this story at Slashdot.

A Microsoft-led team of physicists has retracted a high-profile 2018 paper that the company touted as a key breakthrough in the creation of a practical quantum computer, a device that promises vast new computing power by tapping quantum mechanics. From a report: The retracted paper came from a lab headed by Microsoft physicist Leo Kouwenhoven at Delft University of Technology in the Netherlands. It claimed to have found evidence of Majorana particles, long-theorized but never conclusively detected. The elusive entities are at the heart of Microsoft's approach to quantum computing hardware, which lags behind that of others such as IBM and Google. WIRED reported last month that other physicists had questioned the discovery after receiving fuller data from the Delft team. Sergey Frolov, from the University of Pittsburgh, and Vincent Mourik, at University of New South Wales, in Australia, said it appeared that data that cast doubt on the Majorana claim was withheld. Monday, the original authors published a retraction note in the prestigious journal Nature, which published the earlier paper, admitting the whistleblowers were right. Data was "unnecessarily corrected," it says. The note also says that repeating the experiment revealed a miscalibration error that skewed all the original data, making the Majorana sighting a mirage. "We apologize to the community for insufficient scientific rigor in our original manuscript," the researchers wrote. Frolov and Mourik's concerns also triggered an investigation at Delft, which Monday released a report from four physicists not involved in the project. It concludes that the researchers did not intend to mislead but were "caught up in the excitement of the moment," and selected data that fit their own hopes for a major discovery. The report sums up that breach of the norms of the scientific method with a quote from physics Nobel laureate Richard Feynman: "The first principle is that you must not fool yourself -- and you are the easiest person to fool." The Delft lab released raw data from its 2018 experiment Monday. Frolov and Mourik say that it should also release full data from its Majorana hunting project going back until 2010 for others to analyze.

Read more of this story at Slashdot.

Reuters reports: The White House on Sunday urged computer network operators to take further steps to gauge whether their systems were targeted amid a hack of Microsoft Corp's Outlook email program, saying a recent software patch still left serious vulnerabilities. "This is an active threat still developing and we urge network operators to take it very seriously," a White House official said, adding that top U.S. security officials were working to decide what next steps to take following the breach... While Microsoft released a patch last week to shore up flaws in its email software, the remedy still leaves open a so-called back door that can allow access to compromised servers and perpetuating further attacks by others. "We can't stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted," the White House official said... The back channels for remote access can impact credit unions, town governments and small business, and have left U.S. officials scrambling to reach victims, with the FBI on Sunday urging them to contact the law enforcement agency. Those affected appear to host Web versions of Microsoft's email program Outlook on their own machines instead of cloud providers, possibly sparing many major companies and federal government agencies, records from the investigation suggest... So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks are expected.

Read more of this story at Slashdot.

Microsoft's newest Garage app, the company's brand for more experimental apps, is Group Transcribe, which lets groups of people capture real-time collective meeting transcriptions using their phones. It's available for free right now on iOS. From a report: "This app uses a multi-device approach to provide real-time, high quality transcription and translation, so users can be more present and productive during in-person meetings and conversations," Microsoft's Lainie Huston said in a blog post. Here's how it works. Everyone who wants to participate in the group transcription needs to download the Group Transcribe app. Then, one person kicks off a transcription, and they can invite others to join by sharing a five-letter conversation code, a QR code, or by joining the group transcription with nearby sharing over Bluetooth. Then, the app will begin transcribing the group's conversation, noting who said what. Group Transcribe can even also auto-translate things people say and show those translations in line as part of the transcription. Transcriptions are saved in the app so you can review or share them after a meeting.

Read more of this story at Slashdot.