On Friday, Microsoft announced the launch of its “bug bash” for the Windows 10 Creators Update, a sign that it’s beginning to slowly wind down its development process before it finally releases the next major version of Windows.
Historically, Microsoft begins each iteration of its milestone Windows 10 releases by fixing a few last-minute bugs from the previous version. It then begins rolling out and testing all the new features of the upcoming milestone to Windows Insiders in the preview program.
At some point, though, Microsoft moves into the last phase of its development process, fixing all of the bugs that Microsoft employees and its Windows Insider beta testers discover in the imminent release. That phase typically begins with a huge bug-fixing exercise, known as the “bug bash,” whose current iteration will run through Feb. 11. Microsoft uses the information it gathers to determine which bugs are the most serious and prevalent, prioritizing them.
Microsoft hasn’t said when the Creators Update will actually ship; it’s still due in “early 2017.” The blog post announcing the bug bash notes that Microsoft developers will be working on fixing these bugs for the next “several weeks,” however, meaning that our guess that the Creators Update could be released at the end of March is still valid.
Why this matters: Most users know on some level that adding a new software feature introduces new bugs to go along with it. The annual bug bash/bug-fixing phase is critical, however, to help shape the public’s opinion. Not every bug will be found or eliminated before the software’s release. The idea is to at least prevent headline-grabbing glitches such as those that disabled webcams in the Anniversary Update.
How the Windows 10 CU bug bash works
Any motivation to assist Microsoft in its bug bash is primarily a charitable one, with the end goal of simply improving Windows. Nevertheless, Microsoft is offering special Bug Bash badges for the Feedback Hub as prizes for those that participate.
Insiders need to check the Windows 10 Feedback Hub for new “Quests,” tasks that Microsoft would like beta testers to perform to check for bugs. Leaving feedback within the Hub is also encouraged. You’ll need to make sure that you’re running the latest Windows 10 preview, Insider Build 15025, which includes a consolidated feedback mechanism so that similar reports are consolidated into a single response.
Microsoft will also hold live webcasts with engineers from 2 through 4 P.M. PT on Feb. 7, and from 7 through 9 P.M. on Feb. 7, to walk users through some of the quests. Those quests will change over the course of the week, Microsoft said.
As always, we recommend that Insiders test out Windows 10 on a secondary PC, one that you don’t do anything truly important on. Stumbling across glitches or bugs that can break or force you to reset your PC is part of the Insider experience. Cruising on an Insider machine, though, can also be an awful lot of fun.
Life isn’t getting any easier for holdouts on Windows XP and Vista. Google recently announced that Gmail would stop supporting Chrome version 53 and lower by the end of 2017. The move specifically impacts XP and Vista since Google capped support for both of those systems at Chrome v49.
So what does this all mean for XP and Vista users? Is Gmail going to stop working in Chrome? Not exactly, but it could suck a whole lot more.
The first thing that will happen, Google says, is that starting on Wednesday, February 8, a banner will appear at the top of Gmail encouraging users to upgrade their version of Chrome. That’s obviously not going to happen if you can’t upgrade because you’re limited to Chrome 49.
Then, by the end of 2017, it appears that Google could possibly redirect at least some users to the basic HTML version of Gmail instead of the “web app” version you see now, although it’s not a certainty yet.
If the Gmail interface doesn’t change then there’s really nothing to worry about, really. Gmail will continue to work as always, but if Google makes a change that breaks Gmail in Chrome 49 that’s too bad for you.
Where the hard choices come in is if Google does switch XP and Vista users to the HTML version of Gmail. That would mean moving back to the original Gmail interface, which is very basic. You’d also lose a number of useful features including chat, the spell checker, the ability to add or import contacts, rich formatting, customized “from” addresses, and keyboard shortcuts.
That’s a pretty tall list of shortcomings, but if all you’re looking for is the ability to write text, add attachments, and press Send, then the HTML version will meet your needs.
You’ll miss out on chat, but if you’re still using Google Talk a third-party chat client such as Pidgin will cover that.
If the basic HTML version doesn’t cut it for you, the best thing you can do is switch to a desktop program for email such as the built-in Outlook Express on XP. Or you can download Mozilla Thunderbird, which currently supports Windows XP with Service Pack 3 installed.
Thunderbird will give you pretty much everything that the HTML version of Gmail doesn’t. The exception would be customized “from” addresses (also known as aliases), which are dependent on Google. Though if you already have an alias in use, you can use it with Thunderbird.
If you don’t know how to set up an email client, Mozilla has a simple tutorial on how to use Thunderbird with Gmail.
Of course, I’d be remiss if I didn’t also mention that another alternative is to finally upgrade your operating system to Windows 10 or switch to Linux. But who am I kidding? If you haven’t already switched after losing Google Drive, Chrome, and soon Firefox, then Gmail isn’t going to persuade you either.
The implementation of the SMB network file sharing protocol in Windows has a serious vulnerability that could allow hackers to, at the very least, remotely crash systems.
The unpatched vulnerability was publicly disclosed Thursday by an independent security researcher named Laurent Gaffié, who claims that Microsoft has delayed releasing a patch for the flaw for the past three months.
Gaffié, who is known on Twitter as PythonResponder, published a proof-of-concept exploit for the vulnerability on GitHub, triggering an advisory from the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.
“Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system,” CERT/CC said in the advisory.
Microsoft’s implementation of the Server Message Block (SMB) protocol is used by Windows computers to share files and printers over a network and also handles authentication to those shared resources.
The vulnerability affects Microsoft SMB version 3, the most recent version of the protocol. CERT/CC has confirmed that the exploit can be used to crash fully patched versions of Windows 10 and Windows 8.1.
An attacker can exploit the vulnerability by tricking a Windows system to connect to a malicious SMB server which would then send specially crafted responses. There are a number of techniques to force such SMB connections and some require little or no user interaction, CERT/CC warned.
The good news is that there are no confirmed reports of successful arbitrary code execution through this vulnerability yet. However, if this is a memory corruption issue as described by CERT/CC, code execution might be a possibility.
“The crashes we’ve observed so far do not manifest in a manner that suggests straight-forward code execution, but that may change, though, as we have time to analyze it more in-depth,” said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. “This is only the initial stage of the analysis.”
Carsten’s company also confirmed the crash on a fully patched Windows 10 system, but has yet to establish if this is just a NULL pointer dereference crash or the result of a deeper issue that could have a more severe impact. Just to be on the safe side, the company is following CERT/CC’s lede in treating this as a potential code execution flaw. CERT/CC scored this vulnerability’s impact with 10, the maximum in the Common Vulnerability Scoring System (CVSS).
Gaffié said on Twitter that Microsoft plans to patch this issue during its next “Patch Tuesday,” which this month will fall on February 14 — the second Tuesday of the month. However, it’s possible that Microsoft could break out of its regular patch cycle if the vulnerability is indeed critical and starts to be exploited in the wild.
Microsoft did not immediately respond to a request for comment.
Both CERT/CC and Eiram advise network administrators to block outbound SMB connections — TCP ports 139 and 445 along with UDP ports 137 and 138 — from local networks to the Internet. This won’t completely eliminate the threat, but will isolate it to local networks
The next major upgrade for Windows 10, dubbed the Creators Update, will be released in April. It will add new programs for creating content (like new music composing and painting apps), but there will be many additions addressing the ways you interact with the core OS itself.
Here are the most noteworthy, based on what’s we’ve seen in the Insider Preview builds.
Further reading: The Windows 10 Creators Update’s best new features: Dynamic Lock, Game Mode, privacy tweaks, and more
1. Hello, Goodbye: Automatic lock when you step away from your computer
An addition to the Windows Hello security feature would automatically send your Windows 10 desktop to its lock screen when you step away from it. (You can already go to the lock screen by hitting the Windows logo and “L” keys at once.) An official name has not been released, but possibilities include Proximity Lock, Dynamic Lock and Windows Goodbye.
Microsoft has not revealed how Windows 10 will sense that you have stepped away. The simplest method would be to use your computer’s webcam, but this feature could also pair your smartphone with your Windows 10 computer or device through Bluetooth. When you step away, taking your smartphone out of Bluetooth range, Windows 10 would then go to its lock screen.
2. Action Center UI tweaks
In the Action Center, look for minor design changes to the Quick Access icons (the buttons you click to access specific controls of Windows 10). The Creators Update will also embed levels and sliders onto the Action Center so that you could adjust things like screen brightness and sound volume from this panel. This appears to be a redesign meant to help make the Action Center easier to use on a touchscreen.
3. Blue light special
There will be a “lower blue light” mode. When you activate this, the color temperature of your computer’s or tablet’s display will gradually lower as evening approaches. This reduces excessive brightness to your eyes and theoretically helps to improve your nighttime sleep.
4. Swipe controls on touchpads
If your notebook comes with a so-called Precision Touchpad, the Creators Update will make available settings for assigning gesture controls to it. This means when you tap two, three or four fingers on the touchpad, or swipe your fingers in one of four directions (up, down, left, right), an action that controls something in Windows 10 is triggered. For example, you could assign that swiping up on the touchpad with four fingers will switch the screen to the desktop environment, or that tapping the touchpad with three fingers will open the Cortana interface.
5. Group Start tiles into folder tiles
You’ll be able to drag-and-drop tiles on the Start menu over one another, which will group them together under a single tile (a “tile folder”). Drag more app tiles onto this tile folder to put them inside this folder. When you click a tile folder, it will expand down on the Start menu to show the tiles you’ve put inside it.
6. MyPeople, eventually
Microsoft is looking to implement social networking interactivity into Windows 10 in a prominent way. Named MyPeople at this point, the app runs in the taskbar to the left of the system tray icons. MyPeople will let you pin your favorite contacts to the taskbar (represented as icons of each person’s headshot), so that you could click one of them to quickly message that person. It appears that the people available could come from your list of contacts on the People app, accounts you have with GroupMe and Skype, and people you collaborate with on Microsoft Office.
Now for the bad news: While MyPeople is still scheduled for inclusion in Windows 10, Microsoft recently delayed the feature’s roll out. It will now appear in the next major upgrade after the Creators Update, rather than in the Creators Update as originally planned.
7. Pick up where you left off
The Creators Update will allow you to sync an app you’re using with the same app on another Windows 10 computer. This will be managed for you by Cortana sending you notifications tracking your synced apps. The intended use scenario is that you would use an app to start work on one computer and then finish things later on another computer. An example: You quickly throw together some notes in the Word app on your Windows 10 computer at home. When you’re at your job, you could then pick up exactly where you left off at home, resuming what you were writing, on the Word app on your office computer.
8. Partial screen grabs
Pressing the keyboard combo of Windows logo, Shift and “S” keys together will evoke a tool to let you capture an area of the screen that you select. The captured image will be copied to the clipboard, from where you can insert into another application, such as a paint program, by pressing the CTRL and “V” keys.
9. Share UI upgrades
Windows 10’s Share function is a holdover from Windows 8. It lets you forward content through Windows apps that support this feature. For example, when you click the Share icon on the Edge browser, a panel slides in from the right, listing the Windows apps, such as the Mail app, through which you can forward a website link.
This UI will be overhauled in the Creators Update: instead, the panel will appear from within the app you’re using and list the Windows apps you can share content to. A new feature called “Near Share” will offer the ability to share to a nearby device via Bluetooth or Wi-Fi. This revamped Share UI could work in conjunction with the aforementioned MyPeople so that you can forward items directly to a person in your contacts.
10. Virtual touchpad
This tool will be helpful when you connect a Windows 10 tablet (such as a Surface Pro) to an external display, like a TV. If you set it so that the external display functions as an extended screen, and you don’t have a mouse or touchpad connected to the tablet, you’ll be able to summon a virtual touchpad to appear on the tablet screen. It will work as if it’s a real touchpad so that you can control the mouse pointer on the second screen.
This story, “10 Windows 10 interface changes coming in the Creators Update” was originally published by Network World.
Microsoft’s ambitious Play Anywhere initiative, which lets PC and Xbox gamers game together, made unexpected strides on Friday, when it was announced that Gears of War 4’s crossplay will expand beyond cooperative mode to include multiplayer competition.
The feature, however, will be limited to Social Quickplay, rather than competitive ranked matches, Microsoft said. So your dreams of a “Super Bowl” of GoW play between the best PC and Xbox players will have to wait.
Interestingly, when Microsoft tested GoW4’s expanded crossplay features at the end of 2016, participation heavily favored the Xbox One.Of the 115,000 players that took part in the test weekend, there was a whopping 91-9 percentage split between the Xbox One and the Windows 10 platform. Over 750,000 matches were played.
To the question of which platform came out on top, Microsoft said the two sides were pretty even: Windows 10 and Xbox players had “closely matched results” when comparing their average kills and deaths, score, and kills per match. Nevertheless, Microsoft said the game’s Core and Competitive rankings will remain separated: Xbox players will only play Windows players, for example, to maintain parity.
“When we looked at the extensive data we received, thanks to the incredible participation from our community, there was a clear message—it works,” the company said in a blog post.
Why this matters: When played with a decent community of polite, competitive opponents, multiplayer gaming can be awesome. Crossplay simply opens up this experience to a larger number of potential players. For its part, Microsoft is really trying to establish Windows and the Xbox as one happy, collective ecosystem, and crossplay is a big part of that.
The gaming-focused Windows 10 Insider build that Microsoft promised earlier this week, with Game Mode, Beam livestreaming and other features, is rolling out—but with some game-breaking bugs, unfortunately.
What’s officially known as Build 15019 for the Insider Fast Ring also includes a number of more general improvements, including a version of Edge that will read your ebooks aloud and a better out-of-box experience, complete with voice actors to guide you through the process.
If you’re hoping to try out the new PC-centric Game Mode for yourself, though, be wary: Microsoft warned that unspecified “popular games” may experience crashes or black screens when loading, and clicking on certain elements in a Win32 game may cause it to be minimized (and therefore unplayable) unless killed. Even the new Game Mode will show up as OFF when in fact it’s enabled by default. Also, be aware of one download glitch: The issue Microsoft had with its progress bar is still there, so the download will still show “0% completed” even when it’s actually downloading.
“We recognize that this is painful for those wanting to try out the new gaming features announced this week,” Microsoft’s Insider chief, Dona Sarkar, wrote in a blog post. “We deliberated a lot on whether to release this build to Insiders with these issues; however we decided to go ahead and release it as we need feedback from Insiders on other areas of the OS.”
Some great new gaming features
Build 15019 is specifically optimized for gaming, with new additions to both the Xbox One and Windows 10 platforms. (A separate build for Xbox Insiders should roll out today, with support for Screentime, a parental control that is already on Windows 10.) Our previous story outlined the new additions, but we’ll briefly recap them here:
Game Mode: a specific mode for the PC that minimizes the resources other background tasks have at their disposal, giving the game all of the resources your PC can spare. My colleague Brad Chacos has outlined what Game Mode does for your PC. The Windows Game Bar now supports 17 more games in fullscreen mode, including Battlefield 3, Call of Duty Black Ops 2, FIFA 14 and FIFA 17, Rocket League, and more.
Gaming Settings: Microsoft has consolidated gaming controls for Game Bar, GameDVR, and more into a Gaming section in Windows 10’s Settings.
Beam livestreaming: Microsoft bought Beam and its livestreaming technology last year to take the games you’re playing on Windows 10 and the Xbox and broadcast them to others on the Internet. You’ll be able to trigger the Game Bar (Win + G) and show others how fast you can drive in Forza Horizon 3.
Microsoft also revealed a small additional convenience: If you buy a game from the Microsoft Store app, you’ll be able to track its download progress in the Action Center notifications. The company also fixed a bug that would crash the display controller if an Xbox controller was attached, and another that could cause the screen to flicker if a player used Alt + Tab to change focus to another window.
A better out-of-box experience
Having just reset a balky Surface Pro 4 that couldn’t get past Build 15002, I can confirm that the out-of-box experience that build introduced is excellent—and Build 15019 promises to improve on it even more. Setting up a new PC is now voice-driven: Cortana asks you the questions you’d normally have to be at your keyboard to answer. (For those who are unable to hear Cortana, there are now subtitles.)
With build 15002 and the latest build 15019, you can be working away at another PC while Cortana’s voice asks you if you’d like to accept the default options and other questions. It’s fun to holler “Yes!” and keep typing.
At one point during build 15002’s reset process, Cortana’s voice was replaced by a more robotic text-to-speech voice. That’s been fixed, with additional voice acting in place to maintain a consistent, pleasant tone. A bit of spit and polish has updated the UI, including the way in which you sign in with a Microsoft account. Windows Hello enrollment, which simply asks you to smile at the camera for a second or two, has also been updated.
Troubleshooters, all in one place
I have sporadic issues at my home office where my Wi-Fi connection needs to be reset, requiring me to right-click my Wi-Fi icon on the Taskbar and launch the troubleshooter. For Build 15019, Microsoft’s grouped all of the Troubleshooter options inside Settings > Update & Security > Troubleshoot so you can see the complete list, including tools for resolving printer issues, Windows updates, Bluetooth, and more.
A bevy of other useful features
Build 15019 adds a number of other useful features, most of which don’t require that much additional explanation:
A new “read aloud” button in Microsoft Edge will read ebooks stored in Edge in 24 languages.
Full-color emoji, on those sites that use them.
Blue light support, which removes the blue colors your display produces late at night so as to help prevent insomnia. (Microsoft now calls the feature “night light.”)
If you use the Hyper-V feature to create virtual machines, you can now resize the window and the guest OS will rescale the resolution appropriately.
According to a new rumor, HP – in partnership with Microsoft – is working on a new Windows 10 Mobile smartphone. The device, the rumor says, could be made official in February next year, an year after the business-focused HP Elite x3 was unveiled.
Sadly, nothing much is known about the handset at the moment, except that it’ll feature typical Lumia features like Glance and double tap to wake, and it’s likely the same device that Microsoft internally announced recently in Redmond.
You never know when you’ll need a Windows recovery drive, so the time to make one is now—and it’s very easy to do.
A recovery drive is similar to the media you’d receive if you bought a pre-built system. Back in the day, PCs would ship with a CD or DVD that included an image of the system as it left the factory. If your PC’s OS went sideways, you could easily revert to the way things were on day one (though you’d lose all of your subsequently created data and applications, obviously). Nowadays manufacturers usually just put an image of the system as it left the factory on a hidden partition of your main drive.
A Windows recovery disk builds on this idea. In addition to letting you reinstall Windows, it includes several troubleshooting tools, which can be a lifesaver if your system won’t boot.
Some of these tools used to be part of the OS. If your PC failed to boot you were presented with a menu allowing you to try and boot into Safe Mode, or use “last known good configuration.” That’s no longer the case with Windows 10. Now you need these tools to reside on a separate, bootable USB key, and every person running Windows should keep one in a safe place with the label “in case of emergency.”
Here’s how you create one and what it can do for you.
First, obtain an 8GB to 16GB USB key. Next, go into Windows’ Control panel (right-clicking the Windows icon is the easiest way) and type create a recovery drive into the search bar. The manual method would be to go to System & Security > Security & Maintenance > Recovery.
You may need to enter your admin password to go further. In the resulting dialog box, check the box labeled Back up system files to the recovery drive.
With your recovery drive created, you’ll have to boot from it in order to use it. How your PC boots from USB varies according to your PC’s age and motherboard, but typically you can press one of the F-keys during boot to arrive at a boot selection window. From there you select the USB key you’re using, and it should proceed to boot from the recovery drive. When you successfully boot from it you’ll see the following options. Here’s what each of them does:
The first window gives you essentially two options: Recover from a drive, and Advanced options.
The first option lets you re-install Windows. Note that it says you will lose all your data and installed applications. This is a clean installation of Windows, not a restore from backup or something along those lines. This is the nuclear option, in other words.
The second option, which is labeled Advanced Options, lets you fix your Windows installation in several ways, and brings you to the following menu:
The Advanced Options menu allows you to do the following:
System Restore: Use this to revert your PC to a happier time, when things were working normally. This does not affect your data, but it does affect installed programs as it replaces the registry with an earlier version.
System Image Recovery: If you’ve used the image backup tool in Windows 10, this would be where it would come in handy. You can restore the image of your PC at the time you created the image, which includes all your data and installed programs at that time.
Startup Repair: This is sort of a “black box” in that it tries to fix whatever issue is preventing the system from booting, but it doesn’t tell you what it’s doing or, if successful, what the problem was. This is the first thing you should try, as it’s the quickest and least invasive.
Command Prompt: This can be useful for a wide array of tricks and tactics, most especially running the SFC /Scannow command to scan and fix corrupted system files. We all know the command prompt is a wizard’s toolbox, and if you know what you’re doing the possibilities are almost endless.
Go Back to the Previous Build: Though worded a bit cryptically, this lets you revert your PC to the previous build of Windows, meaning the one before whatever update turned everything pear-shaped.
As you can see, it’s quite useful to have one of these recovery drives handy. Do yourself a favor and make one now.
As scheduled, the Windows 10-powered alcatel IDOL 4S has been launched. The device is currently available for purchase in the US, where T-Mobile is selling it for $469.99 (or $19.59 per month for 2-years).
Specs-wise, the phone is powered by a Snapdragon 820 chipset and sports a 5.5-inch full HD display. RAM is 4GB, while internal memory is 64GB. In terms of camera, the handset features a 21MP rear unit and an 8MP front shooter. A 3,000mAh battery is there to keep the lights on.
The new alcatel IDOL 4S includes support for Windows Continuum, Windows Hello as well as VR – a VR headset is included with the device.
Microsoft has patched 68 vulnerabilities in Windows, Office, Edge, Internet Explorer and SQL Server, two of which have already been exploited by attackers and three that have been publicly disclosed.
The patches are covered in 14 security bulletins, one dedicated to Adobe Flash Player which is upgraded through Windows Update in Windows 10 and 8.1. Six of the bulletins are rated critical and eight are rated important.
Administrators should prioritize the Windows patches in the MS16-135 bulletin, because they address a zero-day vulnerability that’s already being exploited by a group of attackers known in the security industry as Fancy Bear, APT28 or Strontium.
The vulnerability, tracked as CVE-2016-7255, was publicly disclosed by Google last week, only 10 days after notifying Microsoft about it. This caused a bit of friction between the two companies.
Google gives vendors only seven days to fix vulnerabilities or to publish mitigation advice if those flaws are found to be exploited in active attacks. Microsoft disagrees with that policy and feels that Google’s decision to make details about this vulnerability public put customers at increased risk.
Another Windows security bulletin that should be prioritized is MS16-132. It’s rated critical and fixes multiple remote code execution vulnerabilities, including another zero-day flaw that, according Microsoft, is already being exploited by attackers.
The vulnerability is located in the Windows font library and can be exploited through specially crafted fonts embedded into websites or documents. Successful exploitation allows attackers to take full control of the affected systems, Microsoft said in the security bulletin.
Three other critical vulnerabilities in Internet Explorer and Edge, covered in the MS16-142and MS16-129 bulletins, have been publicly disclosed before being patched. However, according to Microsoft they haven’t been exploited in attacks yet.
The Office security bulletin, MS16-133, is rated as important, but covers remote code execution vulnerabilities that can be exploited through specially crafted documents.
“Since Office documents are prevalent in typical corporate environments I think this bulletin should be treated as critical even if it is rated as ‘Important’,” said Amol Sarwate, director of the Vulnerability Labs at security vendor Qualys, in an analysis of the patches.
Microsoft SQL Server administrators should prioritize the MS16-136 bulletin which covers vulnerabilities in the RDBMS engine, MDS API, SQL Analysis Services and the SQL Server Agent.
“SQL Server vulnerabilities are relatively rare and although there is no remote code execution, attackers can gain elevated privileges which could allow them to view, change, or delete data and create new accounts,” Sarwate said.