Norman Young, Senior Equity Analyst at Morningstar, says Microsoft's release of the Office for iPad app reflects a strategy shift in the software company under its new chief executive officer, Satya Nadella.

CNBC's Dominic Chu and S&P Capital IQ analyst Angelo Zino discuss the expected new web browser being developed at Microsoft.

A look at Microsoft after earnings. With CNBC's Melissa Lee and the Options Action Traders, Carter Worth, Mike Khouw and Tony Zhang.

The race is on for improved testing, treatment and a vaccine for Covid-19. One company is partnering with Microsoft to decode how the human immune system responds to the virus. Chad Robins, Adaptive Biotechnologies CEO and co-founder, joins "Squawk Box" to discuss ways to make testing more reliable.

USB-C, faster processors and new design options continue to keep Microsoft’s Windows 10 laptop near the top of the pile

Microsoft’s top-quality laptop is now in its third generation, with new ports, new processors and a slight redesign, with the option to ditch the unique Alcantara for plain old aluminium.

The £999 and up Surface Laptop 3 is Microsoft’s vision of what a traditional laptop should be. For the most part that’s the same as everyone else, with traditional aluminium body, glass-covered screen and hinge that does not rotate all the way round to the back.

Screen: 13.5in LCD 2256 x 1504 (201 PPI)

Processor: quad-core Intel Core i5 or i7 (10th generation)

RAM: 8 or 16GB

Storage: 128, 256, 512GB or 1TB

Graphics: Intel Iris Plus

Operating system: Windows 10 Home

Camera: 720P front-facing, Windows Hello

Connectivity: wifi 6 (ax), Bluetooth 5, USB-A, USB-C, headphones, Surface Connect TPM

Dimensions: 308.1 x 223.3 x 14.5mm

Weight: 1,265 or 1,288g

Due to the angle of the side of the machine it can be difficult to plug the magnetic power cable in without lifting the side up for more leverage.

The black paint can be scratched revealing the silver aluminium underneath.

The screen supports 10-point touch and Microsoft’s Surface Pen stylus.

Pros: great keyboard, good trackpad, Alcantara or aluminium, sleek design, USB-A and USB-C port, great screen, good battery life, Windows Hello, powerful processor.

Cons: no SD card reader, limited configuration options, no Thunderbolt 3, only one USB-C port.

Surface Laptop 2 review: Microsoft’s sleeker answer to the MacBook Air

Microsoft Surface Pro 6 review: a fantastic tablet PC you shouldn’t buy

Microsoft Surface Go review: tablet that’s better for work than play

Microsoft Surface Studio 2 review: in a class of its own

16in MacBook Pro review: bigger battery, new keyboard, new Apple

Apple MacBook Air review: the new default Mac

Announcements made following coronavirus guidance from Washington state officials instructing workplaces to allow employees to work remotely

As the coronavirus outbreak continues to spread across Washington state, Amazon, Microsoft and Facebook have advised their Seattle-area employees to work from home for the next few weeks.

Related: Coronavirus: Google leads tech charge to work from home

Long battery life, 4G and beautiful design can’t stop it being held back by a lack of apps for its ARM chip

The Surface Pro X is a glimpse of an ARM-powered Windows future, combining the best bits of phones and computers, but while that future is closer than ever, it isn’t quite ready yet.

The new £999 Surface Pro X might look like the rest of Microsoft’s Surface tablets on the outside, but it is fundamentally a different beast on the inside.

Screen: 13in LCD 2880x1920 (267 PPI)

Processor: Microsoft SQ1 (ARM)

RAM: 8 or 16GB

Storage: 128, 256 and 512GB

Graphics: Adreno 685

Operating system: Windows 10 Home

Camera: 10MP rear, 5MP front-facing, Windows Hello

Connectivity: Wifi ac, Bluetooth 5, 2x USB-C, Surface Connect, LTE, nano sim, esim

Dimensions: 287 x 208 x 7.3mm

Weight: 774g

The screen is far too dim on resuming from sleep until you hit the brightness button, at which point it returns to normal

The machine ran cool throughout, barely getting warmer than room temperature even when pushed hard

There’s no real mis-touch rejection at the edges of the screen, which means you have to be careful where you put your fingers when holding the tablet

Pros: slim, great 13in screen, 4G, kickstand, nine-hour battery, 2x USB-C, quick charging, Windows Hello, brilliant keyboard (essential additional purchase), smart stylus holder, Windows 10

Cons: not much ARM-native software, no good photo editors, no SD card reader, no headphone socket, no Thunderbolt 3, keyboard not included

Microsoft Surface Laptop 3 review: still sleek, just no longer unique

Microsoft Surface Pro 6 review: a fantastic tablet PC you shouldn’t buy

Microsoft Surface Go review: tablet that’s better for work than play

Microsoft Surface Studio 2 review: in a class of its own

16in MacBook Pro review: bigger battery, new keyboard, new Apple

Apple MacBook Air review: the new default Mac

USB-C completes top Windows 10 tablet with great screen, design and kickstand, plus latest Intel chips

The Surface Pro 7 is an update of the excellent Surface Pro 6 with new processors and, finally, a USB-C port.

That means the design of the new Surface Pro 7 hasn’t changed since the 2017 Surface Pro 5, with Microsoft taking an “if it ain’t broke” approach. It’s competitively priced at £699 and up – but you have to pay at least £125 for the keyboard if you want one – which annoyingly is not included in the standard price.

Screen: 12.3in LCD 2736 x 1824 (267 PPI)

Processor: Intel Core i3, i5 or i7 (10th generation)

RAM: 4, 8 or 16GB

Storage: 128, 256, 512GB or 1TB

Graphics: Intel UHD (i3) or Intel Iris Plus (i5/i7)

Operating system: Windows 10 Home

Camera: 8MP rear, 5MP front-facing, Windows Hello

Connectivity: Wifi 6, Bluetooth 5, USB 3.0, USB-C, headphones, TPM, microSD

Dimensions: 292 x 201 x 8.5 mm

Weight: 775 or 790g (i7 version)

The Surface Pro 7 ships with a standard version of Windows 10 Home with device encryption

The tablet no longer supports on-screen interaction with Microsoft’s Surface Dial accessory

Pros: great screen, good battery life, brilliant keyboard (essential additional purchase), microSD card reader, excellent kickstand, Windows Hello, solid build, easy to carry, USB-A and USB-C

Cons: no Thunderbolt 3, fairly expensive, keyboard should be included, Core i7 version fans are more audible

Microsoft Surface Pro X review: not yet ready for prime time

Microsoft Surface Laptop 3 review: still sleek, just no longer unique

Microsoft Surface Go review: tablet that’s better for work than play

Microsoft Surface Studio 2 review: in a class of its own

16in MacBook Pro review: bigger battery, new keyboard, new Apple

Apple MacBook Air review: the new default Mac

The tech giant’s pledge to go carbon negative by 2030 leans heavily on nascent technology such as machines that suck carbon out of the air

Microsoft drew widespread praise in January this year after Brad Smith, the company’s president, announced their climate “moonshot”.

While other corporate giants, such as Amazon and Walmart, were pledging to go carbon neutral, Microsoft vowed to go carbon negative by 2030, meaning they would be removing more carbon from the atmosphere than they produced.

It will cost them money, but it will allow the technologies to come online and for the next company to follow their footsteps

It’s extremely hard to lead if there’s no one there to follow

Windows-maker updates top and cheapest PCs, and launches new headphones

Microsoft is launching a revamped line of its most powerful and cheapest Windows 10 PCs, the Surface Book 3 and Surface Go 2, as it adjusts to continue operations during the pandemic.

The new products, announced by blogpost rather than an event, are Microsoft’s premium computers competing directly with the likes of Apple and Dell, but with more novel designs.

Microsoft launched the Surface Laptop 3 back in October 2019. Since purchasing and using the new device, users have been reporting cracks appearing on the laptop screen, even without causing any physical damage to the device itself. While the reason is

Исследование Microsof, в рамках которого пароли Microsoft-аккаунтов сопоставлялись с базой из трёх с лишним миллиардов утекших паролей, показало 44 миллиона совпадений. Для всех потенциальных жертв была запущена процедура принудительной смены пароля.
обсуждение | Telegram | Facebook | Twitter

Во вторник Microsoft закрыла уязвимость, связанную с обработкой сертификатов в Windows 10, а также Windows Server 2016 и 2019. Подделка сертификатов открывает широкую дорогу к распространению вредоносных программ под вывеской доверенных, фишингу и т.п. Особое внимание все комментаторы обращают на то, что информацию об этой уязвимости Microsoft получила от АНБ, и что неизвестно, сколько времени перед этим она была известна агентству.
обсуждение | Telegram | Facebook | Twitter

Microsoft сообщает о двух уязвимостях в Adobe Type Manager Library, приводящих к удаленному исполнению кода. Несмотря на то, что они уже активно используются, исправление ожидается не раньше 14 апреля. Пока пользователям предлагается отключить в Windows Explorer панели детализации и предварительного просмотра и включить отображение иконок вместо миниатюр.
обсуждение | Telegram | Facebook | Twitter

The Xbox team shows off new footage of the highly anticipated Assassin's Creed: Valhalla.

Microsoft Surface Pro 4

After receiving complaints regarding a screen flicker defect in some Surface Pro 4 devices, Microsoft has offered to replace the eligible devices free of charge.

The faulty devices qualified for replacement should be up to three years from the time of original purchase, Microsoft Support said in a blog post late Friday.

"We will ship you a replacement device as soon as you return your existing device. Typically, it will take 5-8 business days for you to receive an exchange device from the date that you ship your current device back to us," the post added.

Users that have already paid for a screen-replacement will get a refund.

In February, Microsoft had said that it was monitoring the situation.

The tech giant has clarified that the replaced devices will be refurbished.

Catch up on all the latest Crime, National, International and Hatke news here. Also download the new mid-day Android and iOS apps to get latest updates

Microsoft

The fast-emerging field of Artificial Intelligence, which has suddenly caught the attention of the IT industry and the governments across the world, is facing a large skills shortage, a top Microsoft official has said.

The Artificial Intelligence (AI) is also facing the challenge of appropriate use of data, group programme manager of Microsoft Learning Matt Winkler told PTI.

"There is a pretty large skills shortage. Lots of folks are talking about it (AI). A lot of folks are very, very excited about it and then they want to go and make that real. And when they go to make that real, there's a really large skills shortage," Winkler said.

That's why it's so exciting to be trying to bring these technologies to more developers because it's going to bring more people into the mix, he said. Winkler said the second challenge is really around data.

"How do you get the data in the right shape? How do you prepare the data? Because all of the AI in the world is based on data, and so what makes it interesting is the data that you have, the data that your business has, that what you understand about your customers. So how do you most effectively use that data to go and produce models," he said.

Then within kind of any individual product project, one of the key challenges is the same thing that the industry has seen with software, which is, if one tries and do too much, the project gets much harder.

"And so we'll often times see failed projects, which are the result of trying to create just the most amazing thing having done nothing," he said.

At the recently concluded developers conference ¿ Build 2018 ¿ Microsoft's CEO Satya Nadella talked about how to make AI accessible for everyone.

"Our guidance to a lot of customers to pick a domain and pick a used case where you have a high, high-quality data and that it is really well understood. Start there, get some wins with that and then start expanding the use cases so far," Winkler said.

Microsoft is partnering with multiple players in both the private and governmental sectors to use AI for public good.

"Absolutely, AI is being used for public good. For instance, it is being used in school districts in order to predict drop-out rates in India.

"We see a ton of healthcare applications: patient re-admission rates is very very popular one. We have seen medical image analysis. We are doing some really interesting work doing diabetes prediction through scans of retinas," Winkler said.
Microsoft is working with the Snow Leopard Trust, a non-profit organisation dedicated to the preservation of the snow leopard and parts of Nepal and India to analyse in real time the presence of snow leopards.

"So it's fundamentally changed the way they do their research," he said, adding that the Microsoft is working with three-four other conservation agencies doing similar things.

"For a lot of the customers, what AI is enabling is not just an incremental... but It's something they fundamentally couldn't do before. So it really does introduce a step change for the things that they want to do in their business," Winkler added.

Catch up on all the latest Crime, National, International and Hatke news here. Also, download the new mid-day Android and iOS apps to get latest updates

Representational Image

While Google Duplex, which lets AI mimic a human voice to make appointments and book tables through phone calls, has mesmerised people with its capabilities and attracted flak on ethical grounds at the same time, Microsoft has showcased a similar technology it has been testing in China.

At an AI event in London on Tuesday, Microsoft CEO Satya Nadella revealed that the company's Xiaoice social chatbot has 500 million "friends" and more than 16 channels for Chinese users to interact with it through WeChat and other popular messaging services.

"Microsoft has turned Xiaoice, which is Chinese for 'little Bing', into a friendly bot that has convinced some of its users that the bot is a friend or a human being. Xiaoice has her own TV show, it writes poetry and it does many interesting things," The Verge quoted Nadella as saying.

Xiaoice interacts in text conversations but now the company has started allowing the chat bot to call people on their phones.

The bot does not work exactly like Google Duplex, which uses the Assistant to make calls on a user's behalf but it holds a phone conversation with the user.

"One of the things we started doing earlier this year is having full duplex conversations. So now Xiaoice can be conversing with you in WeChat and stop and call you. Then you can just talk to it using voice," Nadella was quoted as saying.

Humans will be humans and the latest victim of humankind was Microsoft.

Two years ago, Microsoft launched an artificial intelligence (AI)-powered bot on Twitter, named Tay, for a playful chat with people, only to silence it within 24 hours as users started sharing racist and offensive comments with the bot.

Launched as an experiment in "conversational understanding" and to engage people through "casual and playful conversation", Tay was soon bombarded with racial comments and the innocent bot repeated those comments back with her commentary to users.

Some of the tweets had Tay referring to Hitler, denying the Holocaust, and supporting Donald Trump's immigration plans, among others.

Later, a Microsoft spokesperson confirmed to TechCrunch that the company is taking Tay off Twitter as people were posting abusive comments to her.

Catch up on all the latest Crime, National, International and Hatke news here. Also download the new mid-day Android and iOS apps to get latest updates

Full power. Microsoft has created a badge that will be used to indicate games optimised for the Xbox Series X platform.

U.S. tech giants Microsoft and Google have partnered wherein Office for Android will be supported on Chrome OS-based devices via the Google Play Store.

Microsoft said its Cheyenne datacentre in Wyoming will now be powered entirely by 237 megawatts of wind energy.

Microsoft on Thursday released tools that can be used by any developer on any platform, the company said in a statement, and added that developers will now be able to use the tools of their choice to create Android, iOS and Windows apps.

Microsoft on Thursday released tools that can be used by any developer on any platform, the company said in a statement, and added that developers will now be able to use the tools of their choice to create Android, iOS and Windows apps.

Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.

The post April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities appeared first on .

Microsoft addresses vulnerabilities in its July security bulletin. Trend Micro Deep Security covers the following:

CVE-2019-1001 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the improper handling of objects in memory by the scripting engine in Microsoft browsers. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1004 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the improper handling of objects in memory by the scripting engine in Microsoft browsers. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1062 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the handling of objects in memory in the Chakra scripting engine of Microsoft Edge. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1063 - Internet Explorer Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the handling of objects in memory by Internet Explorer. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1092 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the handling of objects in memory in the Chakra scripting engine of Microsoft Edge. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1103 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may create a specially crafted webpage that contains an exploit to this vulnerability.



CVE-2019-1104 - Microsoft Browser Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the improper handling of objects in memory by Microsoft browsers. Attackers looking to exploit this vulnerability may create a specially crafted webpage that contains an exploit to this vulnerability.



CVE-2019-1106 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may gain the same user rights as the currently logged on user.



CVE-2019-1107 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This memory corruption vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may gain the same user rights as the currently logged on user.



CVE-2019-1112 - Microsoft Excel Information Disclosure Vulnerability
Risk Rating: Important

This information disclosure vulnerability exists in the disclosure of memory contents by Microsoft Excel. Attackers looking to exploit this vulnerability may host a specially crafted file that contains an exploit to this vulnerability.

Microsoft addresses vulnerabilities in its August security bulletin. Trend Micro Deep Security covers the following:

CVE-2019-1196 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1139 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1140 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1141 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1195 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1197 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.



CVE-2019-1201 - Microsoft Word Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Word. Attackers looking to exploit this vulnerability may create a specially crafted file that contains an exploit to this vulnerability.

Microsoft addresses several vulnerabilities in its September security bulletin. Trend Micro Deep Security covers the following:

CVE-2019-1257 - Microsoft SharePoint Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the failure of Microsoft SharePoint to check an application package's source markup. Attackers looking to exploit this vulnerability must find a way to convince a user to open a malicious SharePoint application package.



CVE-2019-1295 - Microsoft SharePoint Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper protection of data input in Microsoft SharePoint APIs. Attackers looking to exploit this vulnerability must find a way for a vulnerable Microsoft SharePoint version to input data in a susceptible API.



CVE-2019-1296 - Microsoft SharePoint Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper protection of data input in Microsoft SharePoint APIs. Attackers looking to exploit this vulnerability must find a way for a vulnerable Microsoft SharePoint version to input data in a susceptible API.

Microsoft addresses several vulnerabilities in its October security bulletin. Trend Micro Deep Security covers the following:

CVE-2019-1335 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in Microsoft Edge's Chakra scripting engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.



CVE-2019-1364 - Win32k Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the improper handling of objects in memory by the Windows kernel-mode driver. Attackers looking to exploit this vulnerability must find a way to be logged on to the vulnerable system.



CVE-2019-1060 - MS XML Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper parsing of user input by the Microsoft XML Core Services MSXML. Attackers looking to exploit this vulnerability must find a way for a user to access a website using Internet Explorer.



CVE-2019-1238 - VBScript Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability must find a way for a user to access a website where the exploit is hosted.



CVE-2019-1239 - VBScript Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability must find a way for a user to access a website where the exploit is hosted.



CVE-2019-1307 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way for a user to access a website where the exploit is hosted.



CVE-2019-1308 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way for a user to access a website where the exploit is hosted.



CVE-2019-1366 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way for a user to access a website where the exploit is hosted.



CVE-2019-1361 - Microsoft Graphics Components Information Disclosure Vulnerability
Risk Rating: Important

This information disclosure vulnerability exists in the improper handling of objects in memory by the Microsoft Graphics Components. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.

Microsoft addresses several vulnerabilities in its November security bulletin. Trend Micro Deep Security covers the following:

CVE-2019-1390 - BScript Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the VBScript engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.



CVE-2019-1429 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This elevation of privilege vulnerability exists in the improper handling of objects in memory by the scripting engine in Internet Explorer. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.



CVE-2019-1359 - Jet Database Engine Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.



CVE-2019-1358 - Jet Database Engine Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.



CVE-2019-1311 - Windows Imaging API Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Imaging API. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted .WIM file.

Microsoft addresses several vulnerabilities in its December security bulletin. Trend Micro Deep Security covers the following:

CVE-2019-0617 - Jet Database Engine Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the Windows Jet Database engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.



CVE-2019-1485 - VBScript Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by VBScript engine. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.



CVE-2019-0853 - GDI Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects by the Windows Graphics Device Interface (GDI). Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file via file-sharing.



CVE-2019-1458 - Win32k Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the improper handling of objects by the the Win32k component in Windows. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted application.



CVE-2019-1439 - Windows GDI Information Disclosure Vulnerability
Risk Rating: Important

This information disclosure vulnerability exists in the improper handling of objects in memory by the Windows GDI component. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



CVE-2019-1117 - DirectWrite Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



CVE-2019-1118 - DirectWrite Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



CVE-2019-1119 - DirectWrite Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



CVE-2019-0959 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the improper handling of objects in memory by the Windows Common Log File System. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted application.

Microsoft addresses several vulnerabilities in its January security bulletin. Trend Micro Deep Security covers the following:

CVE-2020-0609 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.



CVE-2020-0610 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.



CVE-2020-0652 - Microsoft Office Memory Corruption Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects by Microsoft Office. Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file.



CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability
Risk Rating: Important

This spoofing vulnerability exists in the validation of Elliptic Curve Cryptography (ECC) certificates by the the Windows CryptoAPI (crypt32.dll). A successful exploitation of this vulnerability could allow man-in-the-middle (MiTM) attacks.

Microsoft addresses several vulnerabilities in its February security bulletin. Trend Micro Deep Security covers the following:

CVE-2020-0674 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the scripting engine of Internet explorer in the way it handles objects in memory. Attackers looking to exploit this vulnerability could host a specially crafted website that contains an exploit.



CVE-2020-0681 - Remote Desktop Client Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the Windows Remote Desktop Client. It exists when a user connects to a malicious server. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.



CVE-2020-0692 - Microsoft Exchange Server Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability, that requires an enabled Exchange Web Services (EWS), exists in the Microsoft Exchange Server. Attackers looking to exploit this vulnerability must find a way to change Security Access Token parameters and forward that to the vulnerable Microsoft Exchange Server.

Today Microsoft reported its third-quarter, fiscal 2020 quarter earnings, the period of time corresponding to Q1 2020 on the regular calendar. The technology giant generated $35 billion in revenue, up 15% from the year-ago period. That top line led to $13 billion in operating income (+25% YoY), and $10.8 billion in net income (+22% YoY). […]

The days of the big product event are on hold for the foreseeable future. Until then, a big blog post will have to do. A day after announcing that Microsoft would be shifting focus away from dual-screen devices, Chief Product Officer Panos Panay took to the company’s Devices blog to show off a slew of […]

In spite of being in the midst of a pandemic sowing economic uncertainty, one area that continues to thrive is cloud computing. Perhaps that explains why Microsoft, which saw Azure grow 59% in its most recent earnings report, announced plans to open a new data center in New Zealand once it receives approval from the […]

With conferences canceled indefinitely, companies are increasingly reliant on online events to hype product launches. As they prepare to release a next-gen console before the end of the year, expect plenty of live streams and blogs from both Microsoft and Sony in an attempt to flesh out all that their respective systems have to offer. […]

Microsoft and Amazon are at it again as the fight for the Defense Department JEDI contract continues. In a recent series of increasingly acerbic pronouncements, the two companies continue their ongoing spat over the $10 billion, decade-long JEDI contract spoils. As you may recall (or not), last fall in a surprise move, the DoD selected […]

The original Go was a mostly well-received addition to the Surface line when it arrived in late 2018. It was a nice, pint-sized alternatively, positioned fairly well to serve as a secondary device for some. It did the convertible double duty and traveled well, but otherwise was lacking in guts and versatility. Launching at the […]

In an unprecedented move to reassure customers and flag the potential for misinformation about COVID-19 on their platforms, all of the major social media companies and their parent corporations issued a joint statement on their efforts. “We invite other companies to join us as we work to keep our communities healthy and safe,” the statement […]

The tech industry is mobilizing its considerable resources to attempt to support efforts against the growing global coronavirus pandemic. Over the weekend, the CEOs of Amazon, Apple and Microsoft all shared updates regarding some aspects of their company’s ongoing contributions, which range from donations of medical supplies and personal protective equipment (PPE) for frontline healthcare […]

Microsoft and Amazon are at it again as the fight for the Defense Department JEDI contract continues. In a recent series of increasingly acerbic pronouncements, the two companies continue their ongoing spat over the $10 billion, decade-long JEDI contract spoils. As you may recall (or not), last fall in a surprise move, the DoD selected […]

In spite of being in the midst of a pandemic sowing economic uncertainty, one area that continues to thrive is cloud computing. Perhaps that explains why Microsoft, which saw Azure grow 59% in its most recent earnings report, announced plans to open a new data center in New Zealand once it receives approval from the […]

Microsoft and Amazon are at it again as the fight for the Defense Department JEDI contract continues. In a recent series of increasingly acerbic pronouncements, the two companies continue their ongoing spat over the $10 billion, decade-long JEDI contract spoils. As you may recall (or not), last fall in a surprise move, the DoD selected […]

Microsoft is embarking on a new sustainability initiative as part of its overall approach to support environmental protection measures, with a project it calls the “Planetary Computer.” This will actually be a computing endeavor that uses aggregated global environmental data collected from a number of sources as its input, and that will seek to employ […]

Microsoft and Amazon are at it again as the fight for the Defense Department JEDI contract continues. In a recent series of increasingly acerbic pronouncements, the two companies continue their ongoing spat over the $10 billion, decade-long JEDI contract spoils. As you may recall (or not), last fall in a surprise move, the DoD selected […]

The original Go was a mostly well-received addition to the Surface line when it arrived in late 2018. It was a nice, pint-sized alternatively, positioned fairly well to serve as a secondary device for some. It did the convertible double duty and traveled well, but otherwise was lacking in guts and versatility. Launching at the […]

Microsoft today announced a slew of updates to various parts of its Microsoft 365 ecosystem. A lot of these aren’t all that exciting (though that obviously depends on your level of enthusiasm for products like Microsoft Endpoint Manager), but the overall thrust behind this update is to make life easier for the IT admins that […]

About a year ago, Microsoft launched Visual Studio Online, its online code editor based on the popular Visual Studio Code project. It’s basically a full code editor and hosted environment that lives in your browser. Today, the company announced that it is changing the name of this service to Visual Studio Codespaces. It’s also dropping […]

Microsoft has now opened registration for the virtual edition of its online-only Build 2020 developer conference, which will take place from May 19 to 20. Typically, the event draws more than 6,000 developers, but because of the coronavirus pandemic, that’s obviously not an option. In contrast to Google, which completely scrapped its I/O developer conference […]

The technology giant launched a case in the US District Court against the group code named Thallium to try and stop their operations that were specifically targeting certain groups.