By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Cisco upgraded three remote code execution (RCE) vulnerabilities impacting the web management interfaces to critical severity with a CVSS base score of 9.8 after initially rating them as high with a base score of 8.8 when the advisories were first published on May 15. Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager are network management tools used by administrators "for provisioning, monitoring, optimizing, and troubleshooting both wired and wireless devices." According to Cisco's security advisory published on May 15 and updated on May 16, the critical vulnerabilities exist "because the software improperly validates user-supplied input" and they can be remotely exploited by potential attackers to gain the ability to execute arbitrary code with "root-level privileges on the underlying operating system." The most dangerous is the issue tracked as CVE-2019-1821 which could be "exploited by an unauthenticated attacker that has network access to the affected administrative interface." The other two flaws tracked as CVE-2019-1822 and CVE-2019-1823 are less concerning given that they would "require that an attacker have valid credentials to authenticate to the impacted administrative interface." The three vulnerabilities affect the following software versions: Cisco PI Software Releases prior to 3.4.1, 3.5, and 3.6, and EPN Manager Releases prior to 3.0.1. While there are no workarounds that address these vulnerabilities, Cisco has published free software updates which can be used to patch the software flaws. The web-based management interface software is also affected by two other Improper Input Validation flaws rated as high severity and tracked as CVE-2019-1824 and CVE-2019-1825 which "could allow an authenticated, remote attacker to execute arbitrary SQL queries." More complete details are posted on OUR FORUM.

Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow just like the first three, Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance. For more than a year, academics have been poking holes in various components of the speculative execution process, revealing ways to leak data from various CPU buffer zones and data processing operations. Meltdown, Spectre, and Foreshadow have shown how various CPU components leak data during the speculative execution process. Today, an international team of academics -- including some of the people involved in the original Meltdown and Spectre research -- along with security researchers from Bitdefender have disclosed a new attack impacting the speculative execution process. This one is what researchers have named a Microarchitectural Data Sampling (MDS) attack, and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. These are smaller-sized caches that are used alongside the main CPU cache. By exploiting normal speculative execution operations that work within these microarchitectural structures, an MDS attack can infer data that is being processed in the CPU by other apps, to which an attacker shouldn't normally have access to. Complete details are posted on OUR FORUM.

Microsoft is expected to begin rolling out Windows 10 May 2019 Update to compatible devices in a week or two. To prepare their devices for Microsoft’s new update, GPU and CPU manufacturers are rolling out new compatible drivers. After Intel and Nvidia, AMD has now also released new graphics drivers that add support for Windows 10 May 2019 Update. AMD Radeon 19.5.1 driver is what you should install if you’re planning to upgrade your AMD PC to Windows 10 version 1903. In the release notes, AMD says Radeon Software Adrenalin 2019 Edition also adds support for RAGE 2 and instruction tracing for Radeon GPU Profiler 1.5.X. The update also includes tons of bug fixes and improvements. A bug where the performance metrics overlay may experience intermittent flicker has been addressed. This problem was experienced when the user played protected content with this feature enabled. AMD is also addressing a bug that causes DOOM to hang during launch on AMD XConnect Technology system configurations. Another bug has been addressed where the Radeon software installation doesn’t work or get stuck at 33% if you install it on AMD Radeon HD 7970 system configurations. Radeon RX Vega series graphics products may experience higher than expected memory clocks at idle or desktop with multi-display system configurations. Stuttering or frame drop issues where playing DivX interlaced content in the Movies & TV app has been also fixed. The update also addresses the intermittent authentication issues and an update of the AMD Link application is also required. Read more by visiting OUR FORUM.

American technology giant Microsoft Corporation will set up a development center in Kenya. Speaking at a meeting hosted by President Uhuru Kenyatta at State House, Nairobi, on Monday, the firm’s top executives led by Vice President for Gaming Phil Spencer said the Africa Development Centre will serve the East African region. The technology center, the seventh globally, will not only be Microsoft’s gateway to the region but will carry huge potential for jobs and business opportunities for tech-savvy Kenyan youth. Mr. Spencer said the firm will absorb 100 local engineers. President Kenyatta welcomed the initiative and assured Microsoft of his full support. “You can count on my 100 percent support. I want this to be a transparent partnership that benefits Microsoft and Kenyans. We want you to make Kenya your African home," President Kenyatta said. The President said Kenya is the best place to host the new development site. “You will not find another country with the same capacity as Kenya," he said. According to Microsoft, the Africa Development Centre will be a premier hub of engineering for the US technology company and its affiliates. The center will leverage the diversity of the regional landscape to build world-class talent capable of creating innovative solutions for global impact. Further, the center is expected to establish a collaborative engineering springboard for new technology investments in Kenya. Besides Nairobi, Microsoft has earmarked Nigeria as the other beneficiary of a similar facility on the continent to serve West Africa. He said the new development sites carry great potential for job creation, talent development, and technology transfer among Africa's youth especially in countries with good ICT literacy ratings such as Kenya. President Kenyatta said the new initiatives by Microsoft is in line with the government’s Big 4 development agenda. The Head of State called for openness in the partnership and challenged Microsoft to ensure intellectual property rights of Kenyans involved in their projects are adequately protected. Further details can be found on OUR FORUM.

The Windows 10 May 2019 Update offers many improvements and subtle changes that may improve performance to some extent. Microsoft’s Windows 10 version 1903 offers much-needed improvements to Windows Update, a new search experience, a proper light theme, and even performance improvements. Windows 10 May 2019 Update comes with two important changes that could address reliability problems on some PCs. Microsoft’s latest Windows update brings more robust protections for Spectre and Meltdown. Microsoft’s previous attempts at patching these vulnerabilities have resulted in performance issues, but the May 2019 Update should make things better. Microsoft is bringing Retpoline patches to Windows 10 which should finally address performance issues and still deliver robust protections for vulnerabilities. Microsoft describes Retpoline as a performance optimization for Spectre Variant 2. The software maker says that the new technique improves performance of Spectre variant 2 mitigations to noise-level for most scenarios. Start menu is getting subtle changes in Windows 10 May 2019 Update. It now comes with an expandable navigation bar, and the power button has been also updated with a new indicator to remind users when updates are pending a system reboot. But the most important change is a new process for Start. With Windows 10 version 1903, Microsoft is moving Start into its own app (process). In older versions of Windows 10, Start was part of the broader Shell experience which resulted in reliability issues. If a problem occurs with the main Shell process, the Start menu would remain responsive as it has its own process and this change will also contribute to the overall performance of the system. Follow this discussion on OUR FORUM.

The last time Microsoft provided us with any information regarding the number of Windows 10 devices was back in March, when it surpassed the 800 million mark. During the Build developer event, however, Paul Thurrott from got access to documentation with more recent information in that regard. According to those documents, Windows 10 is now active on 825 million devices, a notable increase over the 800 million announced two months ago. Usage numbers were also revealed for some of Microsoft's apps. The Edge browser for Android and iOS has been downloaded a total of 4.5 million times, and Microsoft Launcher has over four million users. Meanwhile, SwiftKey, which was already fairly popular prior to its acquisition by Microsoft, has a total of 159 million active users. Additionally, Thurrot learned a bit more about the structure of Microsoft's organization, specifically around Windows, which has been without a known leader since Terry Myerson stepped down last year. Microsoft has made Eran Megiddo Corporate Vice President for Windows and Education, but he will report to Joe Belfiore, so the position isn't exactly the same as the one held by Myerson. Under the leadership of Megiddo, the Windows team has set three goals - to create clarity around Microsoft’s strategy for the OS, better manage cross-devices experiences between Windows and mobile, and continue pushing Windows in the education market. Google's Chrome OS is gaining popularity in that segment, so it makes sense that Microsoft wants to put up a fight. Since its launch, Windows 10 hasn't quite grown at the pace Microsoft originally hoped it would, as the company originally targeted one billion users in the three years following the initial release. However, growth has been steady, and Microsoft is inching closer to that number, and the new leadership could be a good step in that direction.
Via Neowin