Microsoft sued for millions over Windows 10 upgrades

Unhappy Windows 10 users in Illinois are taking Microsoft to court, claiming that problems caused by the Windows 10 upgrade show that it was negligently designed, that Microsoft fraudulently failed to disclose its defects, and that the upgrade is unfit for purpose.

In a break from tradition, Microsoft offered Windows 10 as a free upgrade to Windows 7 and 8.1 for the first year of its release. This unusual offer was matched with a set of increasingly aggressive promotions within Windows itself. In the early days of the upgrade offer, there were even some users reporting that it installed automatically.

Three plaintiffs claim specific harm was caused by the operating system. Stephanie Watson claims that Windows 10 installed without her choosing to accept it. The upgrade destroyed some data, caused such harm that Geek Squad was unable to fully repair the machine, and forced the purchase of a new system.The suit claims that “many” consumers have had their hard drives fail because of the Windows 10 installation, and that the operating system does not check “whether or not the hard drive can withstand the stress of the Windows 10 installation.”

Read 6 remaining paragraphs | Comments

Four years later, Xbox exec admits how Microsoft screwed up disc resale plan

We’re now approaching the four-year anniversary of Microsoft’s rollout (and subsequent reversal) of a controversial plan to let game publishers limit resale of used, disc-based games. Looking back on that time recently, Microsoft Corporate Vice President for Windows and Devices Yusuf Mehdi acknowledged how that rollout fell flat and discussed how hard it was for the firm to change course even in light of fan complaints at the time.

In a blog post on LinkedIn posted last weekend, Mehdi writes:

“With our initial announcement of Xbox One and our desire to deliver breakthroughs in gaming and entertainment, the team made a few key decisions regarding connectivity requirements and how games would be purchased that didn’t land well with fans. While the intent was good – we imagined a new set of benefits such as easier roaming, family sharing and new ways to try and buy games, we didn’t deliver what our fans wanted.

We heard their feedback, and while it required great technical work, we changed Xbox One to work the same way as Xbox 360 for how our customers could play, share, lend, and resell games. This experience was such a powerful reminder that we must always do the right thing for our customers, and since we’ve made that commitment to our Xbox fans, we’ve never looked back.”

It’s an interesting reflection in light of an interview Mehdi gave to Ars Technica at E3 2013, when the executive defended Microsoft’s announced plans for Xbox One game licensing. Mehdi, then serving as Xbox chief marketing and strategy officer, stressed at the time that “this is a big change, consumers don’t always love change, and there’s a lot of education we have to provide to make sure that people understand… We’re trying to do something pretty big in terms of moving the industry forward for console gaming into the digital world. We believe the digital world is the future, and we believe digital is better.”

Read 4 remaining paragraphs | Comments

Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly

On March 25, security researcher Kevin Beaumont discovered something really unfortunate on Docs.com, the Microsoft free document-sharing site tied to the company’s Office 365 service: its homepage had a search bar. That in itself would not have been a problem, if Office 2016 and Office 365 users were aware that the documents they were posting were being shared publicly.

Unfortunately, hundreds of them weren’t. As described in a Microsoft support document, “with Docs.com, you can create an online portfolio of your expertise, discover, download, or bookmark works from other authors, and build your brand with built-in SEO, analytics, and email and social sharing.” But many users used Docs.com to either share documents within their organizations or to pass them to people outside their organizations—unaware that the data was being indexed by search engines.

Within a few hours, Beaumont, a number of other researchers, and Ars found a significant number of documents shared with sensitive information in them—some of them discoverable by just entering “passwords” or “SSN” or “account number.”

Read 4 remaining paragraphs | Comments

Azure Service Fabric takes first tentative steps toward open source

Microsoft’s embrace of open source software continues, with Azure Service Fabric making the first tentative foray into the open world. Today, the SDK was (mostly) published to GitHub under the MIT license. The team behind the move described it as the “beginning stages” of a wider use of open source.

Service Fabric, first revealed in 2015, grew out of the infrastructure Microsoft developed to build and run large-scale cloud services, including Azure SQL, Cortana, and Skype for Business. It provides scaling and fault tolerance for services, both stateless and stateful, running in containers across clusters of (virtual) machines. It runs in Azure, naturally, but the runtime is also freely downloadable and can be deployed across on-premises Windows systems, or even onto Windows virtual machines in non-Microsoft clouds. A Linux version of the runtime is currently in development, too.

Microsoft has already been using GitHub for tracking feature requests and bugs within Service Fabric. Users of the runtime have expressed a greater interest in the design and features of Service Fabric, and opening up the SDK is seen as the next step in engaging with the community and helping drive the development direction.

Read 3 remaining paragraphs | Comments

Red Flag Windows: Microsoft modifies Windows OS for Chinese government

China has long been both a huge lure and a thorn in the side for Microsoft. Massive piracy of Windows XP, a decade-long effort to replace Windows entirely with a home-grown Linux variant called Red Flag and an OpenOffice variant called RedOffice, and a ban on Windows 8 following the leak by former NSA contractor Edward Snowden of information on National Security Agency spying all have combined to hinder Microsoft in the Chinese market. But now Microsoft—in partnership with the state-owned China Electronics Technology Group (CETC)—is preparing to reboot its relationship with Beijing, thanks to a modified version of Windows produced specifically for China, Dow Jones Newswires reports.

CETC, which develops technology for the Chinese government and military, owns a 51 percent stake in a joint venture with Microsoft called C&M Information Technology Co. Ltd. The new operating system created by the venture is in testing at three government pilot sites; Xiong Qunli, chairman of CETC, told Dow Jones’ Eva Dou and Yang Jie that the venture was “beginning the sales process” with the Chinese government.

The Chinese government, like the US government, has been permitted source code review for security purposes in a secured lab at Microsoft’s China Information Technology Security Certification Center in Beijing since 2003. But the Snowden revelations provided the Chinese government with ammunition to punish US technology companies and develop their domestic companies’ capabilities. The joint ownership arrangement allows Microsoft to potentially bypass the ban on many US technology products in China. IBM has followed the same route through a partnership with Wanda Group—a deal announced on March 19.

Read 1 remaining paragraphs | Comments

Blocking Windows 7, 8.1 updates for Kaby Lake, Ryzen chips appears imminent

A recently published Knowledge Base article suggests that Microsoft is going to block Windows Updates for owners of the latest Intel and AMD processors if they try to run Windows 7 or 8.1.

Last year, Microsoft announced a shift in the way it would support Windows. Going forward, new processors, including Intel’s Kaby Lake and AMD’s recently-released Ryzen, would require the newest version of Windows. Users of Windows 7 and 8.1 would be out of luck, with Microsoft having no plans to support the new chips on the old operating systems.

Skylake was originally going to be included in this policy, too, but Microsoft partially relented, switching instead to a policy of providing only security fixes for Skylake systems running Windows 7 and 8.1. This makes no practical difference for Windows 7, since that is in extended support already. Software in extended support only receives security fixes, and Windows 7 will continue to do so until 2020. In principle it means that Windows 8.1 users might miss out. That operating system is in mainstream support until January 2018, and during mainstream support Microsoft can potentially deliver feature improvements and other non-security updates. In practice, this is unlikely; Windows 10 is the only operating system receiving any meaningful feature development now, with Windows 8.1 only likely to receive security fixes from now until its end of support in 2023 anyway.

Read 3 remaining paragraphs | Comments

Microsoft’s silence over unprecedented patch delay doesn’t smell right

Last month, Microsoft took the unprecedented step of canceling Patch Tuesday, its monthly release of security fixes for its large stable of software products. The move meant that customers had to wait 28 days to receive updates that fixed vulnerabilities that allowed hackers to completely hijack their computers and networks.

The last-minute move was all the more unusual because Microsoft made it a few days after exploit code for a Windows 10 flaw was released into the wild. In the nine days that followed the cancellation, technical details for two, more serious vulnerabilities—one in Windows and the other in the Edge and Internet Explorer browsers—were also disclosed. Microsoft’s security team almost certainly knew the latter two flaws would become public knowledge because Google’s Project Zero privately reported the vulnerabilities to Microsoft and the bugs were subject to Google’s long-standing 90-day disclosure deadline.

Microsoft finally patched the bugs when Patch Tuesday resumed earlier this week with a release that was unusually big by historical measures. That’s good, but customers had still been forced to wait 28 days to get the fixes. And, as already noted, details about at least three of them were already well known. So far, Microsoft hasn’t explained why it canceled February’s releases except to say it was prompted by an unspecified “last-minute issue”. ZDNet writer Mary Jo Foley, meanwhile, said unnamed people speculate the cancelation was the result of a “problem with Microsoft’s build system.”

Read 5 remaining paragraphs | Comments

Crunch Report | DOJ Accuses Four People of 2014 Yahoo Hack

DOJ accuses four people of a 2014 Yahoo hack, Reid Hoffman joins Microsoft’s board of directors, a new process for visualizing chips and solving Uber’s navigation problem. All this on Crunch Report. Read More