Linux, Open Source, & anti Microsoft news

Microsoft continues to inch closer to making Android apps available on Windows 11 via a new Windows Subsystem for Android. Today the company published information on its documentation site for developers interested in bringing their Android apps to Windows 11 via the coming subsystem, and The Walking Cat discovered it.

Microsoft has asked system administrators to patch their PowerShell 7 installations against two vulnerabilities that can allow attackers to bypass Windows Defender Application Control (WDAC) to run arbitrary code, and even gain access to plain text credentials.

So far, 2021 has proved to be somewhat of a security annus horribilis for tech giant Microsoft, with numerous vulnerabilities impacting several of its leading services, including Active Directory, Exchange, and Azure. Microsoft is no stranger to being targeted by attackers seeking to exploit known and zero-day vulnerabilities, but the rate and scale of the incidents it has faced since early March has put the tech giant on its back foot for at least a moment or two.

On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to be malicious files being hosted in OneDrive.

For many of us, it has been one of the most important apps of the lockdown and remote working world, but Microsoft Teams could be in hot water following complaints from some of its rivals. The video conferencing tool is facing an investigation from European Union antitrust regulators after a protest from Slack.

The Linux Foundation announced Wednesday a bevy of big-name tech and financial players pooled $10 million in donations for its Open Source Security Foundation (OpenSSF). Donors include major names in open source and software development, like Google, Microsoft, Red Hat and IBM, as well as some less obvious backers, like JPMorgan Chase, Morgan Stanley and Fidelity.

Microsoft has released 71 security fixes for software including an actively-exploited zero-day bug in Win32k. The Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, includes fixes for a total of four zero-day flaws, three of which are public.

As Windows 11 launches Tuesday with stricter hardware requirements than past versions of the operating system, Microsoft says that security updates will not be guaranteed for users that opt to install Windows 11 on an unsupported PC.

Microsoft announced that Basic Authentication will be turned off for all protocols in all tenants starting October 1st, 2022, to protect millions of Exchange Online users.

Microsoft has performed a relatively rare Known Issue Rollback (KIR) to fix an issue caused by an update to Windows 10. The update was found to cause problems opening files and apps. The issues followed the release of the KB5005101 update earlier this month, and several versions of Windows are affected: Windows 10 versions 21H1, 20H2, 2004, 1909 and 1809, as well as Windows 10 Enterprise LTSC 2019 and Windows Server 2019 and newer. Manual instructions to address the issue are also available.