The post Our Statement on the Coronavirus. appeared first on Zeo Technologies.

Microsoft this week reworked its Windows 10 development model, severing links between features and specific releases so that it can deliver the former “when they are ready.”
“While features in the active development branch may be slated for a future Windows 10 release, they are no longer matched to a specific Windows 10 release,” Brandon LeBlanc, a senior program manager on the Windows Insider team, wrote in a Dec. 16 post to a company blog. “New features and OS improvements done in this branch during these development cycles will show up in future Windows 10 releases when they are ready.”

Since Windows 10’s mid-2015 launch, Microsoft has publicly linked features to their intended releases, usually by introducing them in a blog post connected to the preview build in which they debuted. Microsoft has reinforced those connections by repeatedly trumpeting major new features each time it describes the coming release. On occasion, the linkages have had to be broken as the Redmond, Wash. company retracted a feature previously scheduled for a specific release. But that has been rare.

(One of the most prominent features backed out of a release was Windows Sets, which had been touted in 2017 and slated for a 2018 upgrade but ended up as a no-show.)

The difference between the old way and LeBlanc’s description of the new may be too subtle to be noticeable by outsiders. In the past, Microsoft almost certainly did not share everything related to scheduling the contents of a then-upcoming-now-past upgrade. Just as certainly, that will be the case going forward. What Microsoft doesn’t tell customers are, to quote a former Secretary of Defense, the “unknown unknowns — the ones we don’t know we don’t know.”

But by claiming “when they are ready” as the guide for future features, Microsoft implied that at least some had not been so when they were baked into past upgrades. That’s a puzzling tack, even risky, if customers pause a moment to absorb the phrase and inevitably wonder, “Wait, weren’t they ready before?”

Microsoft’s newfound stance on “not until it’s ready” was reminiscent of browser makers, who have long used that model as they crank out seven or more new versions annually. For browser developers, it’s nothing for a feature to miss the intended “train” or version; the feature can catch the next six or eight weeks later. That was the whole point of a more-is-better release strategy.

The analogy doesn’t track exactly, though. That’s because new Windows 10 features can catch only two trains each year, not seven or eight (as with Chrome) or 12 or 13 (Firefox). Miss one and there’s at least a six-month wait.

Or double that.

In 2019, Microsoft launched a major release in the spring and a minor one in the fall, making the latter little more than a rerun of the former, a “service pack” retread with few new features, none of significance. If Microsoft maintains that cadence in 2020 and beyond, delayed features of substance could be postponed a full year.

Speaking of major and minor….

Microsoft has yet to answer one of the questions about Windows 10 from 2019: Is the major (spring) and minor (fall) upgrade slate a one-off or the new normal?

More than a month ago, Computerworld predicted that Microsoft would tip its hand when it started previewing the version of Windows that was to follow 2004, the Spring 2020 upgrade that by accounts is finished or nearly so. If Microsoft began seeding Insider participants with early code for 21H1 (Microsoft’s code name for the upgrade eventually released in Spring 2021), 2020 would repeat the cadence of 2019, a major, then a minor release. But if Microsoft instead slotted next year’s second upgrade, 21H2, into Insider, it would be evidence that it was reverting to the 2017-2018 model of two relatively equal feature upgrades.

What Computerworld failed to consider — like someone asked to predict a coin flip not accounting for it to end on its edge — was neither. By separating features from specific releases, Microsoft is able to dodge the question of what comes after Windows 10 2004. What it will preview via Insider could be destined for 20H2, 21H1 or neither.

Nor did Le Blanc give any clues. “We may deliver these new features and OS improvements as full OS build updates or servicing releases,” he wrote, covering both major (full OS) and minor (servicing) releases.

Cynics might be tempted to see the whole instance — the talk of “when they are ready” — as a smokescreen that lets Microsoft put off deciding which upgrade cadence to adopt for 2020. There may be something to that: Microsoft has said it is “closely monitoring feedback” from the major-minor “pilot” of 2019. What with the year’s minor refresh, 1909, having been available for just a month and seeing as how businesses have likely done next to nothing with the service pack since, there probably is little to no feedback to monitor at this point. The firm may want more time to evaluate the 2019 cadence and whether it worked for the most important customers, enterprises.

By claiming that no feature will be assigned a specific upgrade before its time, Microsoft can continue to issue new code for Insiders to test without committing to a release model.

Slow down

Although it can be dangerous to ascribe rationales to decisions others make — it risks organizing something without coherence — that’s not stopped Computerworld.
Separating features from releases so that the former is added to the latter only “when they are ready” may signal that Microsoft expects a slow, if not necessarily slower, upgrade pace — one that is, if nothing else, unhurried.

(If so, the debacle of Windows 10 1809 must still sting in Redmond more so than it has let on publicly. By slowing down the release tempo, Microsoft and its Insiders get more time to test.)

That, in turn, hints at the slower of the two cadences in question: 2019’s major-minor releases.

But if that is to be the case, why bother changing the feature-release relationship? Assuming the tempo of this year is retained next, what’s the purpose of Microsoft saying “((features)) are no longer matched to a specific Windows 10 release”?

Is it because the linkage will be increasingly unimportant, and because there will be really just one feature upgrade annually? What, exactly, was the purpose of this year’s 1909, an update that was in no way an upgrade, what with so few new features, enhancements or improvements over 1903? Was it only to have a release that qualified for 30 months of support for Windows 10 Enterprise users?

That could be arranged without the hassle of building a Potemkin upgrade for the fall: Simply announce that the spring refresh, the one that actually includes new functionality and features, will be supported for 30 months on Windows 10 Enterprise and Windows 10 Education.

And then boot the fall upgrade so that there’s only one each year.

Source:  ComputerWorld

The post Microsoft dissolves links between features and Windows 10 releases appeared first on Zeo Technologies.

Cisco this week issued software to address multiple critical authentication exposures in its Data Center Network Manager (DCNM) software for its Nexus data center switches.

DCNM is a central management dashboard for data-center fabrics based on Cisco Nexus switches and handles a number of core duties such as automation, configuration control, flow policy management and real-time health details for fabric, devices, and network topology.  Cisco said that there were three exposures, which it rated as a 9.8 out of 10 on the Common Vulnerability Scoring System, in the DCNM authentication mechanisms that could let a remote attacker bypass authentication and execute arbitrary actions with administrative privileges on vulnerable devices.

Cisco said that the vulnerabilities are independent of each other so exploitation of one is not required to exploit another. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the others, the company said.

The critical weaknesses include:

REST API authentication bypass vulnerability: A vulnerability in the REST API endpoint of Cisco DCNM could allow a remote attacker to bypass authentication. “The vulnerability exists because a static encryption key is shared between installations. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges,” Cisco stated.

SOAP API authentication bypass vulnerability: A weakness in the SOAP API endpoint of Cisco DCNM could let an unauthenticated, remote attacker to bypass authentication on an affected device. Like the REST vulnerability, this problem exists because a static encryption key is shared between installations. Exploits could allow arbitrary actions through the SOAP API with administrative privileges.

Authentication-bypass vulnerability: A weakness in the web-based management interface of Cisco DCNM could also let remote attackers bypass authentication on an affected device. Again, the vulnerability is due to the presence of static credentials that and an attacker could exploit by using them to authenticate against the user interface, Cisco stated. “A successful exploit could allow the attacker to access a specific section of the web interface and obtain certain confidential information from an affected device. This information could be used to conduct further attacks against the system,” Cisco stated.

There are no workarounds that address these vulnerabilities but Cisco has released a DCNM software version that address the problems, the company stated. Cisco said it is not aware of any public announcements about or malicious use of the DCNM vulnerabilities.

Less severe vulnerabilities

There were numerous additional DCNM vulnerabilities involving the REST and SOAP APIs  with “high” to “medium” threat ratings including:
REST API SQL-injection vulnerability: A vulnerability in the REST API of Cisco DCNM could let an authenticated, remote attacker with administrative privileges execute arbitrary SQL commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API and an attacker could exploit this vulnerability by sending a crafted request to the API, Cisco wrote. A successful exploit could let an attacker view information that they are not authorized to view, make changes to the system that they are not authorized to make, or execute commands within the underlying operating system that may affect the availability of the system.

REST API path-traversal vulnerability: A vulnerability in the REST API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory-traversal attacks on an affected device. An attacker could exploit this vulnerability by sending a crafted request to the API, which could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. The exposure is due to insufficient validation of user-supplied input to the API, Cisco wrote.

REST API command-injection vulnerability: A weakness in the REST API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying OS. An attacker could exploit this vulnerability by sending a crafted request to the API and could let an attacker execute arbitrary commands on the device with full administrative privileges. The vulnerability is due to insufficient validation of user-supplied input to the API, Cisco stated.

SOAP API SQL-injection vulnerability: A weakness in the SOAP API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges to execute arbitrary SQL commands on an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or execute commands within the underlying operating system that may affect the availability of the device. The problem is due to insufficient validation of user-supplied input to the API, Cisco wrote.

SOAP API path-traversal vulnerability: A vulnerability in the SOAP API of DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory-traversal attacks on an affected device. A successful exploit could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. Cisco said the vulnerability is due to insufficient validation of user-supplied input to the API.

SOAP API command injection vulnerability: A vulnerability in the SOAP API of DCNM could let an authenticated, remote attacker with administrative privileges on the DCNM application inject arbitrary commands on the underlying OS. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could let an attacker execute arbitrary commands on the device with full administrative privileges. Cisco said the vulnerability is due to insufficient validation of user-supplied input to the API.

Path-traversal vulnerability: A vulnerability in the Application Framework feature of DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks on an affected device. An attacker could exploit this vulnerability by sending a crafted request to the application. A successful exploit could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. The vulnerability is due to insufficient validation of user-supplied input to the Application Framework endpoint, Cisco stated.

Cisco has released software updates that address the vulnerabilities.

Cisco said it fixed all of the vulnerabilities in Cisco DCNM Software releases 11.3.1 and later.

This story, “Cisco issues critical security warnings its Data Center Network Manager ” was originally published by Network World.

The post Cisco issues critical security warnings its Data Center Network Manager appeared first on Zeo Technologies.

It’s unclear if Microsoft is moving forward with its classic rollout schedule, but right now it simply seems like the public launch won’t happen earlier than the spring.

Although Microsoft has most likely finalized the development of the next major update in December 2019, Windows 10 version ‘2004’ suggests that the update could go live for devices in April or May.

While other details are not yet available, Windows 10 Build 19041 is said to be the final candidate or the foundation of the upcoming cumulative updates. Don’t be surprised if a slightly newer build is tested or additional patches are released for this particular build over the next couple of months.

It’s worth noting that Windows 10 Build 19041 has dropped preview watermark on the desktop, which suggests the update is close to completion.

Also, Microsoft hasn’t commented on the current status of Windows 10 version 2004 ‘RTM’ candidate and 20H1 will receive further improvements ahead of its spring launch.

After Windows 10 20H1, Microsoft is expected to roll out Windows 10 20H2 in the second half of 2020 and it could be another minor release like Windows 10 November 2019 Update.

Windows 10 version 2004 is a major update

November 2019 Update felt light on new features compared to prior releases. For Windows 10 v2004, there’s a grab bag of new additions and noticeable performance improvement.
One of the key features of the update is Cloud Reset. If you don’t have a recovery drive and local reset is not working for you, you now have the option of entirely re-downloading Windows 10 from Microsoft website during a reset operation.

Another new feature is bandwidth limits for Windows Update. This gives users more control over bandwidth used for downloading Windows Update and Microsoft Store app updates. With Windows 10 20H1, you can set absolute bandwidth limit in Mbps and throttle downloading of updates more accurately.

Microsoft has also focused on performance and rough areas of Windows in this release. For instance, Windows search will get faster on PCs by eliminating excessive disk and CPU usage.

Source:  WindowsLatest.com

The post Windows 10 version 2004 gets one step closer to public release appeared first on Zeo Technologies.

The post Welcome to our new website appeared first on Zeo Technologies.