|
“FIDO has mounted a longstanding campaign to get third party support for its strong authentication standards and expand the compliant device ecosystem, but bringing FIDO2 support to major web browsers effectively brings FIDO support into the Internet’s core infrastructure.” FIDO2 and WebAuthn support has officially arrived on Windows 10, via the operating system’s October 2018 update. The update brings unprefixed support for WebAuthn to the OS, meaning that Windows Hello, the operating system’s built-in biometric security system, can now be used for authentication in the Microsoft Edge browser. In other words, Windows 10 users can log into compatible websites using facial recognition or a fingerprint scan. Alternatively, a FIDO2-compliant security key can also be used for authentication through the browser. It’s a big victory for the FIDO Alliance and its authentication standards, with the organization’s Executive Director, Brett McDowell, having emphasized the major browsers’ support for FIDO2 and WebAuthn at last week’s Money20/20 event in Las Vegas. FIDO has mounted a longstanding campaign to get third party support for its strong authentication standards and expand the compliant device ecosystem, but bringing FIDO2 support to major web browsers effectively brings FIDO support into the Internet’s core infrastructure. Other new features of Windows 10 include control over media autoplay, an improved Reading Mode, a refreshed menu interface, and a number of smaller updates for developers working with the operating system. The advent of smartphones, handheld devices, and tablets have changed the way we work but the Microsoft’s Windows is still powering billions of devices. Microsoft’s Windows remains the number one operating system for the PC users, according to reports. According to new data from Microsoft, Windows is being used on 1.5 computers around in the world. Microsoft updated ‘By the Numbers’ website to note that Windows is running on 1.5 billion computers out there. As first spotted by Neowin, Microsoft quietly updated the By the Numbers website to share new facts and news. For example, the website notes that Microsoft’s Cortana has been asked 18 billion question since its launch and Windows is on 1.5 billion computers. Microsoft recently confirmed that Windows 10 is running on 700 million active devices and the new figure suggests that Microsoft’s latest OS is powering almost half of the entire Windows-powered PC base which is great news. According to stats from StatCounter (a third-party firm), Windows 10 is the most popular version of Windows and Windows 7 is the runner-up with close to 40% market share. Microsoft is expected to end support for Windows 7 in early 2020 and this would boost the market share of Windows 10. Full details are posted on OUR FORUM. As the infosec community talked about potential cyber attacks leveraging vulnerabilities in antivirus products, Microsoft took notes and started to work on a solution. The company announced that its Windows Defender can run in a sandbox. Antivirus software runs with the highest privileges on the operating system, a level of access coveted by any threat actor, so any exploitable vulnerabilities in these products add to the possibilities of taking over the system. By making Windows Defender run in a sandbox, Microsoft makes sure that the security holes its product may have stay contained within the isolated environment; unless the attacker finds a way to escape the sandbox, which is among the toughest things to do, the system remains safe. Windows Defender has seen its share of vulnerability reports. Last year, Google's experts Natalie Silvanovich and Tavis Ormandy announced a remote code execution (RCE) bug severe enough to make Microsoft release an out-of-band update to fix the problem. In April this year, Microsoft patched another RCE in Windows Defender, which could be abused via a specially crafted RAR file. When the antivirus got to scanning it, as part of its protection routine, the would trigger, giving the attacker control over the system in the context of the local user. Microsoft is not aware of any attacks in-the-wild actively targeting or exploiting its antivirus solution but acknowledges the potential risk hence its effort to sandbox Windows Defender. The rest of this story can be found on OUR FORUM. |
Latest Articles
|


