The first monthly Android security updates start rolling out for Nexus devices

Google has delivered on its promise to release monthly security updates today, with the first of said updates now rolling out to nearly all Nexus devices released in the past three years.

The updates haven’t been given their own Android version number, with Google instead opting to simply change the build number. The builds in question are ‘LMY48M’ for the Nexus 4, 5, 6, 7, 9, and 10, and ‘LMY48N’ for the Nexus Player, both of which are based on Android 5.1.1.

The update is mostly concerned with addressing memory overflow issues that could potentially lead to exploitation. There’s also a fix for a “moderate severity vulnerability” that allowed apps to bypass SMS short code notifications that informed users when a text message could cost them money.

Stagefright, a collection of dangerous Android vulnerabilities that can now be exploited by attackers, has already been patched in the latest version of Android. Nexus owners shouldn’t have to worry about becoming victim to any Stagefright exploits.

The attention now squarely turns on other Android OEMs to implement these security fixes in their devices. Google has done a pretty decent job of patching devices as old as the Nexus 4 from 2012, but some OEMs have many more models to update, some of which will, unfortunately, be left unpatched.

Samsung and LG have already promised monthly updates for some of their devices, so hopefully we’ll see these two companies release patches for their smartphones in the near future. It’s unclear whether other companies, especially those notoriously slow at releasing software updates (such as Sony), will even patch their devices at all.

Source: The first monthly Android security updates start rolling out for Nexus devices – TechSpot

Advertisements

Didn’t ask for Windows 10? Your PC may have downloaded it anyway

Whether you want Windows 10 or not, Microsoft says it may download the files to your PC regardless.

In a statement to the Inquirer, Microsoft confirmed that it automatically downloads Windows 10 installation files on eligible PCs, provided automatic updates are enabled through Windows Update. The download occurs even if users haven’t opted in through the Windows 10 reservation dialog.

“For individuals who have chosen to receive automatic updates through Windows Update, we help upgradable devices get ready for Windows 10 by downloading the files they’ll need if they decide to upgrade,” Microsoft told the Inquirer.“When the upgrade is ready, the customer will be prompted to install Windows 10 on the device.

”When reached for comment, Microsoft told PCWorld that the downloads occurred around the time of Windows 10’s July 29 launch.

Why this matters: Microsoft appears to have crossed a line in its zeal to move people onto its latest operating system. Several reports indicate that the Windows 10 files take up as much as 6GB of storage in a hidden folder, potentially hamstringing machines that don’t have much free space left. Even worse, users who have strict data caps could face hefty overage charges for a massive download that they didn’t even ask for.

Bye-bye bandwidth

PCWorld has also heard from several readers on this issue, including one whose data plan has been affected by the automatic download. The reader, who runs a small computer repair shop, did not reserve Windows 10, yet recently noticed 6GB missing from his main desktop.

Upon further investigation, the reader’s daughter—who lives in an area without wired Internet and relies on Verizon Wireless for connectivity—had also automatically downloaded the installation files. “They do not wish to upgrade at this time, as they prefer to stay with Windows 7,” the reader said. “But they’re four days into their wireless plan, and have used more than half of their allowance because of the Windows 10 download.”

The Inquirer also spoke to a reader who said Windows 10 tries to install itself every time the machine is booted. It’s unclear if this is typical behavior for those who haven’t opted into the upgrade.

This isn’t the only instance where Windows 10 has gotten users into trouble with data caps. By default, the system also uses peer-to-peer networking to distribute Windows 10 updates, potentially eating up bandwidth without users’ knowledge.

What you can do

It’s worth noting that Windows Update provides users with a few auto-install options. Enabling “Important” updates provides security and stability fixes, while “Recommended” updates are meant to improve non-critical issues. There’s also a “Microsoft Update” option for other software such as Office. We’ve reached out to Microsoft to see which of these tiers enables the auto-download of Windows 10 files.

In the meantime, some users have reported success at removing the files and Windows 10 update prompts by entering the following into command prompt as an administrator:

WUSA /UNINSTALL /KB:3035583code>

This should at least remove Windows 10’s update notifications, but we haven’t confirmed whether it removes the installation files and prevents further downloads.

Source: Didn’t ask for Windows 10? Your PC may have downloaded it anyway | PCWorld

Microsoft extends Windows 8.1 Update deadline

When Microsoft launched Windows 8.1 Update last month, the company noted that current Windows 8.1 users would need to download and install the update by May 13 (tomorrow) in order to be eligible to receive future patches.

Unfortunately, a number of Windows 8.1 users ran into issues almost immediately while trying to install the update. Despite releasing a few fixes and workarounds early on, problems remained for many which is likely the reason why Microsoft is now giving users another 30 days – until June 10 – to install the update.

The announcement was made earlier this morning in a blog post on the Windows Experience blog. No real reason was given for the extension although Microsoft did recommend checking out this article if you run into issues with the update or posting in the Windows community forums for assistance in troubleshooting problems.

It’s worth pointing out that this requirement only applies to consumer Windows 8.1 users. Business customers have until August 12 to move to the update.

Those with Automatic Updates enabled won’t have to do anything and will receive the update automatically through Windows Update (if they haven’t received it already). People not running Automatic Updates will need to manually download and install Windows 8.1 Update.

Windows 8.1 Update offers a number of worthwhile features including the ability to boot directly to the desktop if you aren’t using a touchscreen. It also includes dedicated power and search buttons for the Start screen, a new right-click context menu for desktop users and much more.

via Microsoft extends Windows 8.1 Update deadline – TechSpot.

Windows Phone 8.1: Nice update but hurdles remain the same

Microsoft has released its Windows Phone developer preview and there’s a fair amount of gushing going on. But the challenges for Windows Phone remain the same.

Ars Technica’s Peter Bright calls the latest Windows Phone magnificent. ZDNet’s Mary Jo Foley noted that Windows Phone 8.1 is a “huge step up” for business users as Microsoft added enterprise VPN and SSL VPN gateways built in. Cortana, Microsoft’s version of Apple’s Siri, also works well. CNET’s Jessica Dolcourt said “Cortana mostly keeps pace with its rivals, and introduces one or two minor innovations that Apple and Google can learn from.”

Windows Phone 8.1 Developer Preview screenshot gallery

In many respects, Windows Phone 8.1 checks off a lot of boxes in comparisons to Android and Apple’s iOS. The song for Windows Phone, however, remains the same: The OS is a solid No. 3, but has some major hurdles to garner more adoption. Perhaps No. 3 is good enough—for the mobile ecosystem a third place player is critical—but Microsoft likely wants more.

A look at the hurdles, which go beyond core software and hardware, in many respects.

Retail. Seeing a Windows Phone device or Nokia Lumia in the field with random people is still a rare event. Microsoft and Nokia need a broader presence with carriers and distribution. Stores seem to push the iPhone and Samsung devices first and Microsoft and Nokia have thrown money at the issue with little payoff.

Uncertainty about Nokia after Microsoft’s purchase. Microsoft is about to acquire Nokia and the overall strategy is a bit unclear going forward. Will Nokia really follow through on its Android low end device? How about support? Microsoft is likely to integrate Nokia well, but any uncertainty is bad for an underdog.

Apps. Windows Phone is working toward fixing its app deficit and Microsoft’s move to offer universal apps is an important one for developers. The catch is that Windows 8 hasn’t been a juggernaut either. Exhibit A on the Windows Phone app conundrum for me: SiriusXM still ignores the platform. I need Howard Stern in the morning and the lack of a Windows Phone app makes Windows Phone a non-starter. Period. And frankly I don’t have the time to assign blame to either side. Wake me up when the app is there.

Adoption. It would be a lot easier to hop on the Windows Phone bandwagon with more mass appeal. Just last week, I saw a person with a big yellow Nokia Lumia and the office quips all revolved around whether that guy worked for Microsoft. Not that all consumers are sheep, but most are. There’s network effect that Windows Phone lacks relative to iOS and Android. More adoption could make Windows Phone more of a bring your own device play and attract developers.

Unfortunately, Cortana could jump out of the Windows Phone, fetch your coffee and perhaps do a cartwheel as an avatar and those aforementioned challenges will remain. Microsoft is making strides, just not enough to alter the inertia equation.

via Windows Phone 8.1: Nice update but hurdles remain the same | ZDNet.

Windows 8.1 Update 1 could land on March 11 – TechSpot

The first update to Windows 8.1 could launch on March 11, according to the ever-accurate Mary Jo Foley and her “trusted” sources. Windows 8.1 Update 1 could launch alongside Windows Phone 8.1 on this date, ahead of Microsoft’s BUILD conference in April, where Windows 9 ‘Threshold’ is set to be detailed.

Compared to the release of Windows 8.1 itself, Windows 8.1 Update 1 will be a minor update that shouldn’t introduce many features. From several leaks showing off Update 1, we know that the update will include the ability to pin Modern UI apps to the desktop’s taskbar. There will also reportedly be a close button for Metro apps coming in Update 1, making it easier for all users, especially those with mice and keyboards, to clear out apps that are running on their device.

At this stage it’s unknown if Update 1 will bring the return of the Start menu, as was rumored several weeks ago. Foley says she would be “surprised” if the Start menu was included with this update; it’s more likely to return in Threshold at the latest, or perhaps a second Update 2.

Microsoft’s traditional ‘Patch Tuesday’ for March falls exactly on March 11, which is when Update 1 is expected. According to Foley, Update 1 will be delivered for free through Windows Update, as opposed to the Windows Store that was used to deliver Windows 8.1.

via Windows 8.1 Update 1 could land on March 11 – TechSpot.

Windows 8.1 update will ship to PC makers in late August

Microsoft announced during their Worldwide Partner Conference earlier today that Windows 8.1 will be ready for manufacturers by late August and will subsequently come pre-loaded on many devices sold this holiday season.

Big PC makers like Acer and HP typically enjoy early access to Microsoft software as it gives them plenty of time to test for bugs and get them loaded onto upcoming machines. If you aren’t in the market for a new system, fear not as the update will be made available to everyone later this year free of charge. Microsoft hasn’t issued a solid release date for Windows 8.1 just yet but that’s expected in the near future.

Microsoft revealed Windows 8.1 at last month’s Build conference following months of speculation that it was in the pipeline. It addresses a number of complaints that users have had with Windows 8 since its launch late last year. A preview version of the update accompanied the conference for those interested in trying it before the public release. It can be downloaded simply by clicking here.

During today’s event, Microsoft’s Jensen Harris publically demonstrated some other features of Windows 8.1 that weren’t shown last month. Specifically, the demo showed how the update is optimized to work on small-form factor devices and in portrait view. Attendees were also shown the Reading List app, Miracast streaming as well as the revised search experience powered by Bing.

via Windows 8.1 update will ship to PC makers in late August – TechSpot.

Microsoft fixes critical Windows 8, IE10 flaws for Patch Tuesday

Microsoft has released five critical security updates for Windows 8 and Windows RT in order to protect against a range of vulnerabilities identified in the recently released software.

Read this

10 security stories that shaped 2012

10 security stories that shaped 2012

From a major malware attack on the Mac OS X to state-sponsored cyber-espionage attacks, IT security in 2012 will be remembered as the year that piqued the imagination.

Read more

All in all, there are seven updates for Windows users, with five rated “critical” that could lead to remote code execution, while two are rated “important,” which fix flaws that could result in the operating system’s security features being bypassed.

Critical updates are generally those that could compromise the security of a device or system data, while important updates are reserved for those that could lead to an increased scope of attack by malware or hackers.

Surface RT owners will also be asked to update their tablets with the latest security patches. According to Microsoft, there are two “critical” fixes for Surface RT owners.

One of the “critical” patches will plug a security hole in Internet Explorer 10, which is found only on Windows 8 and Windows RT, which will resolve three reported vulnerabilities in the browser that could allow remote code execution on the device from “specially crafted” Web pages.

Another “critical” patch will update Microsoft’s email server, Exchange, which will prevent a weakness in the server’s WebReady Document Viewing feature.

Other platforms that are covered under this month’s bevy of security patches include Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, and the latest server offering, Windows Server 2012.

Updates are available on Windows Update, Microsoft Update, and the usual channels for Windows Server customers.

via Microsoft fixes critical Windows 8, IE10 flaws for Patch Tuesday | ZDNet.