Category: iOS

Last updated by at .

Windows SpeculationControl PowerShell

Microsoft Guidance to protect against speculative execution side-channel vulnerabilities on Windows, Windows Server and Azure (Meltdown and Spectre)

Microsoft very quickly responded to the speculative execution side-channel vulnerabilities also called Meltdown and Spectre which affect many modern processors and operating systems, including chipsets from Intel, AMD, and ARM. Microsoft released some guidance how you should protect your devices against these vulnerabilities. The Microsoft Security Defense Team also published an article with guidance and more details on this: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

In this blog post I tried to quickly summarize the information and link it to the right websites.

Summary

Microsoft is aware of detailed information that has been published about a new class of vulnerabilities referred to as speculative execution side-channel attacks. This industry-wide attack method takes advantage of out-of-order execution on many modern microprocessors and is not restricted to a single chip, hardware manufacturer, or software vendor. To be fully protected, updates are required at many layers of the computing stack and include software and hardware/firmware updates. Microsoft has collaborated closely with industry partners to develop and test mitigations to help provide protections for our customers. At the time of publication, Microsoft had not received any information to indicate that these vulnerabilities have been used to attack our customers.

Note This issue also affects other operating systems, such as Android, Chrome, iOS, and MacOS.

Warning

Microsoft addressed protect against speculative execution side-channel vulnerabilities in the latest Windows Updates. However, customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer. Surface customers will receive a microcode update via Windows update.

Guidance for Windows Client

Customers should take the following actions to help protect against the vulnerabilities:

  1. Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.
  2. Apply all available Windows operating system updates, including the January 2018 Windows security updates.
  3. Apply the applicable firmware update that is provided by the device manufacturer

Windows-based machines (physical or virtual) should install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for updates for the following versions of Windows.

Read full guidance for Windows Client here: Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

Guidance for Windows Server

Customers should take the following actions to help protect against the vulnerabilities:

  1. Apply the Windows operating system update. For details on how to enable this update, see Microsoft Knowledge Base Article 4072699.
  2. Make necessary configuration changes to enable protection.
  3. Apply an applicable firmware update from the OEM device manufacturer.

Windows Servers-based machines (physical or virtual) should get the Windows security updates that were released on January 3, 2018, and are available from Windows Update.

  • Windows Server, version 1709 (Server Core Installation) KB4056892
  • Windows Server 2016 KB4056890
  • Windows Server 2012 R2 KB4056898
  • Windows Server 2012 Not available yet
  • Windows Server 2008 R2 KB4056897

Your server is at increased risk if it is in one of the following categories:

  • Hyper-V hosts
  • Remote Desktop Services Hosts (RDSH)
  • For physical hosts or virtual machines that are running untrusted code such as containers or untrusted extensions for database, untrusted web content or workloads that run code that is provided from external sources.

There for Microsoft posted some additional registry keys to mitigations on servers. Microsoft also added some extra registry keys if you are running older versions of Hyper-V.

Read the full guidance for Windows Server and the registry keys here: Windows Server guidance to protect against speculative execution side-channel vulnerabilities

Guidance for Virtual Machines running on Hyper-V

In addition to this guidance, the following steps are required to ensure that your virtual machines are protected from CVE-2017-5715 (branch target injection):

  1. Ensure guest virtual machines have access to the updated firmware. By default, virtual machines with a VM version below 8.0 will not have access to updated firmware capabilities required to mitigate CVE-2017-5715. Because VM version 8.0 is only available starting with Windows Server 2016, users of Windows Server 2012 R2 or earlier must modify a specific registry value on all machines in their cluster.
  2. Perform a cold boot of guest virtual machines.Virtual machines will not see the updated firmware capabilities until they go through a cold boot. This means the running VMs must completely power off before starting again. Rebooting from inside the guest operating system is not sufficient.
  3. Update the guest operating system as required. See guidance for Windows Server.

Read the full guidance for Guest Virtual Machines here: Protecting guest virtual machines from CVE-2017-5715 (branch target injection)

Guidance for Surface Devices

Microsoft will provide UEFI updates for the following devices:

  • Surface Pro 3
  • Surface Pro 4
  • Surface Book
  • Surface Studio
  • Surface Pro Model 1796
  • Surface Laptop
  • Surface Pro with LTE Advanced
  • Surface Book 2

The updates will be available for the above devices running Windows 10 Creators Update (OS version 15063) and Windows 10 Fall Creators Update (OS version 16299). You will be able to receive these updates through Windows Update or by visiting the Microsoft Download Center.

Read full guidance for Surface Devices here: Surface Guidance for Customers and Partners: Protect your devices against the recent chip-related security vulnerability

Guidance for Azure

Microsoft has already deployed mitigations across the majority of our cloud services and is accelerating efforts to complete the remainder.

However, I always recommend that you also patch your operating systems and applications to be protected against other vulnerabilities.

Impact to Enterprise Cloud Services

Microsoft is not aware of any attacks on the Microsoft Cloud customers which leverage these types of vulnerabilities. Microsoft employs a variety of detection capabilities to quickly respond to any malicious activity in our enterprise cloud services.

Most of the Azure infrastructure has already received mitigations against this class of vulnerability. An accelerated reboot is occurring for any remaining hosts. Customers can check the Azure Portal for additional details.

All other enterprise cloud services such as Office 365, Dynamics 365, and Enterprise Mobility + Security have mitigations against these types of vulnerabilities. Microsoft engineering is continuing to perform analysis across the environments to confirm further protection.

Read full guidance for Microsoft Azure here: Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities

Guidance for Azure Stack

Azure Stack customers should take the following actions to help protect the Azure Stack infrastructure against the vulnerabilities:

  1. Apply Azure Stack 1712 update. See the Azure Stack 1712 update release notes for instructions about how to apply this update to your Azure Stack integrated system.
  2. Install firmware updates from your Azure Stack OEM vendor after the Azure Stack 1712 update installation is completed. Refer to your OEM vendor website to download and apply the updates.
  3. Some variations of these vulnerabilities apply also to the virtual machines (VMs) that are running in the tenant space. Customers should continue to apply security best practices for their VM images, and apply all available operating system updates to the VM images that are running on Azure Stack. Contact the vendor of your operating systems for updates and instructions, as necessary. For Windows VM customers, guidance has now been published and is available in this Security Update Guide.

Read full guidance for Microsoft Azure Stack here: Azure Stack guidance to protect against the speculative execution side-channel vulnerabilities

Guidance for SQL Server

The following versions of Microsoft SQL Server are impacted by this issue when running on x86 and x64 processor systems:

  • SQL Server 2008
  • SQL Server 2008 R2
  • SQL Server 2012
  • SQL Server 2014
  • SQL Server 2016
  • SQL Server 2017

IA64-based versions of SQL Server 2008 are not believed to be affected.

Microsoft made a list of different SQL Server scenarios depending on the environment that SQL Server is running in and what functionality is being used. Microsoft recommends that you deploy fixes by using normal procedures to validate new binaries before deploying them to production environments.

You can finde the list for scenarios and recommendations here: SQL Server guidance to protect against speculative execution side-channel vulnerabilities

There is also a list of updates for SQL Server available:

 

  • 4057122 Description of the security update for SQL Server 2017 GDR: January 3, 2018
  • 4058562 Description of the security update for SQL Server 2017 CU3 RTM: January 3, 2018
  • 4058561 Description of the security update for SQL Server 2016 CU7 SP1: January 3, 2018
  • 4057118 Description of the security update for SQL Server 2016 GDR SP1: January 3, 2018
  • 4058559 Description of the security update for SQL Server 2016 CU: January 6, 2018
  • 4058560 Description of the security update for SQL Server 2016 GDR: January 6, 2018
  • 4057114 Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018
  • 4057113 Description of the security update for SQL Server 2008 SP3 R2 GDR: January 6, 2018

Read the full guidance for SQL Server here: SQL Server guidance to protect against speculative execution side-channel vulnerabilities

Verifying protections again speculative execution side-channel vulnerabilities

The Microsoft Security Response Center released a PowerShell Module on the PowerShell Gallery called SpeculationControl, which verifies if your system is protected or not.

You can find more here: Use PowerShell to verifying protections again peculative execution side-channel vulnerabilities CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre)

 

More information on how to mitigate speculative execution side-channel vulnerabilities can be found here: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities



Windows 10 Task View

The best Windows 10 Features – Why you will love Windows 10

Since the first release of the Windows 10 Preview in the Insider program, I was using the Technical previews on my Surface Pro 3, and it is great how Microsoft is improving Windows 10 over the last several months based on research and feedback from the Windows Insider program.

In some days, at July 29, Microsoft will release Windows 10 to the public, and here are some reasons why you will love Windows 10:

Microsoft Edge

Microsoft Edge Browser

With Windows 10 Microsoft released a new browser called Microsoft Edge (before Project Spartan) which is amazing fast and brings a lot of new features to the table such as Cortana Integration, Web notes which allow you basically draw your notes on websites and share them and Microsoft also promised to allow browser extensions. Secret: you can also switch from a Light Theme to a Dark Theme.

Task View & Virtual Desktop

Windows 10 Task View

Most of the IT Pros reading this blog already knew about Task view in previous version of Windows using WIN + TAB, but only a few other users did know about this features. Microsoft not only improved the Task view, Microsoft also promoted it much better  with an icon in the Taskbar.

In Windows 10 WIN + TAB does not only offer you Task View it also allows you to create and switch between Virtual Desktops. With Virtual Desktops you can now finally create multiple workspaces on your PC, which should bring you the productivity boost you need. Secret: You can switch between different Desktops using the Shortcut: CTRL + WIN + ARROW (LEFT and RIGHT).

Hyper-V

Hyper-V vNext Runtime Memory Resize

Microsoft build Hyper-V directly into the Windows Client since Windows 8. This is great if you want to run Virtual Machines on your Windows Client. Windows 10 Client Hyper-V brings you the great performance and features Windows Server 2016 Hyper-V will bring you. Of course some features are only available in the server build of Hyper-V, but you get some great features such as Enhanced Session mode to copy & past between your PC and your Virtual Machine. Secret: Windows 10 will allow you to run Hyper-V and use Connected Standby at the same time.



My first year with Windows Phone

WinodwsPhoneMangoLogo

Exactly one year ago I got my first Windows Phone. Since then a lot has change and Windows Phone has really improved.

After the first update, called NoDo, I could leave my iPhone 4 behind and change to the HTC 7 Trophy. Of course the hardware was nowhere near the iPhone 4 but the Windows Phone OS was just great. Now one year later there is a lot of good Windows Phone hardware out there and the Windows Phone OS has improved with Mango.

I am sure there will be a lot more great Windows Phone stuff in the future.

Windows Phone HTC TITAN

 

 



Another HTC TITAN Windows Phone review

HTC TITAN

I know I said the Nokia Lumia 800 would be my next Windows Phone, but after Nokia announced that the release date of the Lumia 800 in Switzerland would be Q1/2012 I could not resist to buy a HTC TITAN.

I also know there are a lot of good HTC TITAN reviews already out, but I think maybe I can add some useful information for some people and help them decide. I don’t wanna talk to much about the Windows Phone software, because everyone knows already that Windows Phone 7.5 is a great phone OS.

HTC TITAN Windows Phone

 

HTC TITAN Windows Phone

Hardware

I was an iPhone user for a long time. Last year I decided to buy my first Windows Phone which was a HTC 7 Trophy. The Trophy was not really a great hardware device, it felt cheap and the camera and the screen were really bad. To be fair it was the cheapest Windows Phone at this time.
Now with the TITAN, HTC made a really big step in terms of build quality and features of the device. The HTC TITAN feels like a real high quality phone.
Now as you can see and read it is one of the biggest devices out there. With a 4.7-inch screen, 131.5mm height and 70.7mm width it sounds like a huge phone, but if you compare it to other phones it not a lot more to carry around. I compared it to a bunch of other phones like the 4-inch Samsung Omina 7, 4.3-inch Samsung Galaxy S2 and the 4.3-inch HTC Desire HD. And it really does not matter if you have a HTC Desire or a HTC TITAN to carry around. It actually feels really light in your pocket and does not use that much space because it is just 9.9mm thick.
I never was a fan of big phones, and I was not sure if the HTC TITAN wasn’t too big for me. But after the first days I really started to like the size and it isn’t a problem at all.
you want to compare different phones in size you can use www.phone-size.com.

Windows Phone

Camera

One of the best features of the HTC TITAN is the great camera. In all reviews everyone mentioned the great camera of the HTC TITAN and it sure is. It’s not just the quality of the images, it has also some extra features like burst shots and panorama shot which allows you to create beautiful panorama pictures.
If you want to compare different cameras you can do this on digitalversus.com.

Performance and battery life

You cannot really say something bad about the performance of the HTC TITAN because it is the fastest Windows Phone device at this moment. This is not only because of the 1.5GHz CPU, which is the fastest CPU in a Windows Phone at the moment, it also because of the new flash storage HTC build in which makes App launching and taking pictures a lot faster.
Even with this huge screen the TITAN has a better battery life than my HTC Trophy before. I could use the HTC Trophy for one day and the HTC TITAN runs about 1.5 days without recharge.

Display

The 4.7-inch display is huge and the Super LCD display steps up to the AMOLED displays from Samsung. Now the only bad thing you could say about the display is the low resolution, but this is not HTC fault. All Windows Phone devices require a resolution of 480×800 which makes it easier for developer.

Overall

Even I would like to get a device with a smaller screen, I think the HTC TITAN is at the moment the best Windows Phone you can get here in Switzerland. Nokia will release their Windows Phones in Q1/2012 in Switzerland and Samsung did not announce an European version of the Samsung Focus S, which makes the HTC the one and only flagship device in Switzerland.

+ Great Screen Quality
+ Good battery life
+ Good performance
+ Very Good camera
+ Good build quality

– Maybe to big for some people

Important Hardware Specs

  • 1.5GHz
  • 4.7-inchSuper LCD display 800 x 480
  • 8 megapixel dual-LED flash
  • Video recording 720p at 30fps
  • Cellular quadband UMTS / HSPA (14.4Mbps) quadband GSM
  • WiFi 802.11 b/g/n
  • Memory 512MB RAM
  • 16GB internal storage
  • 1,600mAh Battery

Pictures

HTC TITAN Ad

Other Reviews

Winrumors.com
Engadget.com

 



Office 365 and Windows Phone Mango – an awesome team

WindowsPhone7Office365Now I am still working with Office 365. I am still try to test all the features and also the support for mobile devices like the iPhone or Windows Phone 7. As a Windows Phone 7 developer I could get the beta for the next update of Windows Phone 7 called Mango. Now Mango will support Office 365. You can simply add your Office 365 account on your phone and this will connect you to Exchange Online and SharePoint Online.

What is missing in first beta of the Windows Phone 7 Mango update is Lync, but Microsoft is working on that.




HP iPrint iOS App

HP iPrint 3.0

Yesterday Hewlett-Packard released iPrint version 3.0. And this is a perfect App for printing and scanning documents directly from your iPhone, iPod Touch or iPad. You can print to HP Network Printers or USB Printers. For example printers which are connected with the Apple Airport Extreme or Express USB port.

What’s New In Version 3.0

  • Print PDF and text documents
  • Native iPad resolution & user interface for enhanced iPad viewing and use
  • Document Support – View and wirelessly print attachments (text and PDF files) from mail clients and apps compatible with iOS “Document Support” feature (requires iPad and/or iPhone iOS 4)
  • WebDAV – Turns your device into a wireless flash drive. Copy documents directly from your PC or Mac to/from your device and take them with you
  • File Sharing support – When connected via USB cable, transfer documents to iPad & iPhone (iOS 4) from PC or Mac
  • Scan to device – Scan photos & documents wirelessly from HP e-All-in-One printers to iOS devices (iPhone, iPod Touch and iPad)
  • Available in English, French, Italian, German, Spanish

Here you can find a list of printers which are supported with HP iPrint 3.0: