Hello Windows Insiders, today we’re releasing Windows 10 Insider Preview Build 19645 to Windows Insiders in the Fast ring.
You can check out our Windows Insider Program documentation here, including a list of all the new features and updates released in builds so far. Not seeing any of the features in this build? Check your Windows Insider Settings to make sure you’re on the Fast ring. Submit feedback here to let us know if things weren’t working the way you expected.
If you want a complete look at what build is in which Insider ring, head over to Flight Hub. Please note, there will be a slight delay between when a build is flighted and when Flight Hub is updated.
Your Phone app’s audio controls feature now rolling out to the public
The audio controls functionality announced in April is now rolling out to the general public. This feature lets you control your music and audio apps from the Your Phone app. Now you can access and control the audio apps playing from your phone directly within the app, without needing to split your attention between devices or breaking your workflow. Your audio tracks will stay in sync between your phone and PC, and you can switch between multiple sources using the dropdown in the player.
Please make sure you have the latest versions of Your Phone Companion and the Your Phone app to experience this feature.
We changed the servicing model for the Linux kernel inside of Windows Subsystem for Linux 2 distributions. This build includes this change to remove the Linux kernel from the Windows image, and instead have it be serviced via Microsoft Update, the same way that 3rd party drivers (like graphics, or touchpad drivers) are installed and updated on your machine today. For full details please read this blog post on the Windows Command Line blog and for information about the kernel version please view the kernel docs page here.
Support for Nested Virtualization on AMD processors is now available. Being an early release we recommend you read this blog post for details on what platforms currently work as well as how to enable the feature.
We’ve fixed an issue where some devices booting from eMMC storage bugchecked when resuming from hibernate.
We fixed multiple Japanese and Chinese IME issues that impacted IME mode switching within applications and Windows notification area.
We’ve fixed an issue where taskbar preview thumbnails weren’t rendering consistently (showing a blank area).
We fixed an issue resulting in the handwriting input panel not appearing in certain text fields after being tapped with a pen.
We fixed an issue where resizing a snapped application in tablet mode would minimize the app to the taskbar instead of adjusting the app size.
We fixed an issue where Windows Hello Setup would crash if facial recognition was already set up and you chose the Improve Recognition button.
We fixed an issue for some users where your PC wouldn’t recognize it when you inserted a smart card (event log showing error 621).
We’re looking into reports of the update process hanging for extended periods of time when attempting to install a new build.
We’re working on fixing an issue for a future Insider Preview build where in Settings > Privacy, the Documents and Downloads sections show a broken icon next to their page name (just a rectangle).
Surface pro 4 intel core m3 model with 4GB Memory and 128gb storage. It is in very good condition with only a few minor usage marks which can only be seen up close. Complete with charcoal keyboard and the black surface pen with spare nibs.
Original charger and a third party charger included.
Looking for minimum 14″ full HD screen, ssd, and decent enough Intel processor. Won’t be gaming on it and on a low budget of about £250 but should run Windows 10 ok. Should be of good condition, good battery life and unmarked screen. Please let me know if you’ve got anything suitable. Thanks
Intermountain Healthcare will be onboarding a new CIO at the end of this month, making him the first senior executive to be hired virtually by the healthcare organization.
Ryan Smith will take over for longtime Intermountain Healthcare CIO Marc Probst, who announced his retirement earlier this year, before the COVID-19 outbreak and the mandates for nonessential employees to work from home. With remote work in full swing, Dan Liljenquist, senior vice president and chief strategy officer at Intermountain, said the healthcare system had to rely exclusively on virtual hiring to pick its new healthcare CIO.
Smith is a known entity to the healthcare organization. He served in IT leadership roles at Intermountain for 19 years from 1994 to 2013. But the hiring team felt his five years as CIO at Banner Health in Phoenix and, more recently, his two years as senior vice president at Health Catalyst, an analytics software and services provider in Salt Lake City, best prepared him for the position.
Smith will start his new role June 29 the same way he was hired: virtually. Smith said the virtual hiring process has been “quite different” from the traditional recruiting process he’s used to.
“Typically, you would fly in for your on-site interview with key executives in a formal setting,” he said. “It’s a strange feeling to put on a full suit, dress shirt and tie to only walk to another room in your home for an interview where you’re the only one physically in the room.”
Onboarding a CIO during a crisis
But going through the virtual hiring process had its benefits for Smith. It made him realize the importance of video conferencing technology — both the criticality of it running smoothly and the new challenges it presented such as making sure the background is appropriate for the meeting.
And, Smith said, with every interview he grew more comfortable with the virtual hiring process.
“Coming out of each round of virtual interviews, I was surprised at just how much more comfortable and down to earth the conversations felt,” he said. “There are definitely some benefits to this form of interviewing, while also posing some new challenges.”
Liljenquist said the Intermountain Healthcare hiring team used technology to find and interview finalists for the CIO role, even when it came down to final selection.
Ryan SmithIncoming CIO, Intermountain Healthcare
“All of us know Zoom and Webex and Microsoft Teams better than we ever thought we would,” he said.
Liljenquist said Smith will be using those same tools to connect to and lead his team. While Smith said it will be different starting his new role remotely, he sees his existing relationships with team members from his time at Intermountain as an advantage. He’s also planning for a remote start as CIO to come with challenges, specifically with “rounding,” where he would normally meet with providers and discuss in person what technology is working and what needs to improve.
As part of the final selection for the new CIO, Liljenquist said Intermountain required Smith and other finalists to give a virtual presentation on what health IT would look like post-COVID-19.
In his presentation, Smith said he focused on new realities the healthcare industry will face in the coming months, such as reductions in medical care, the continuation of remote work, increases in digital expectations from patients and increases in merger and acquisition activity across the industry.
“We talked about recommended approaches for leading the IT team in addressing this new normal, entailing business alignment and partnership, innovation, accountability, transparency, customer focus and fiscal responsibility,” Smith said.
In a news release, Intermountain Healthcare said Smith will lead the care transformation information systems team, while partnering with others to “implement innovative digital, data and technology platforms and solutions” that align with the organization’s strategic goals.
“There’s never been a time in our industry when there’s been such a great dependency on the IT organization’s ability to be flexible, to rapidly innovate and to drive results in short periods of time,” Smith said. “I think most of the plans I had in mind coming into this opportunity are still relevant, but the priorities may need to shift given the nature of the environment we find ourselves in.”
Zerto is diving into containers protection with the official reveal of its Zerto for Kubernetes product.
Unveiled during the virtual ZertoCon 2020 keynote, Zerto for Kubernetes is in tech preview, with a full launch planned for 2021. It will bring Zerto’s IT Resilience Platform capabilities, which include continuous data protection (CDP) and point-in-time restores, to containers for the first time. Upon launch, Zerto will natively support Kubernetes, along with Microsoft Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (Amazon EKS), Google Kubernetes Engine (GKE), VMware Tanzu, IBM Cloud Kubernetes Service and Red Hat OpenShift.
Zerto for Kubernetes will deploy at the cluster level, with every node on the cluster getting the Zerto daemon code. This allows Zerto to capture the state of the cluster using the same replication engine as it does for VMware. Gijsbert Janssen van Doorn, director of technical marketing at Zerto, said this amounts to about a 3% to 4% resource overhead, which he said usually isn’t enough to impact performance.
Other data protection vendors have already addressed container backup. Veritas released Docker container backup for its NetBackup software in January 2019, and IBM Spectrum Protect added container support in October 2019. Trilio’s TrilioVault for Kubernetes provides container backup without installing agents in containers and entered beta last month. Backup vendors Asigra and Storware also provide agentless container backup.
Zerto for Kubernetes is still in early stage of development. According to van Doorn, Zerto still hasn’t determined how the product will be licensed and sold, but there are plans to integrate it into the Zerto IT Resilience Platform and include capabilities such as analytics, automated workflows during failovers and nondisruptive disaster recovery (DR) testing.
International Financial Data Services (IFDS), a Canadian company that provides outsourcing of technology for financial institutions in Canada, Europe and Asia, is an early adopter of Zerto for Kubernetes. The company has a large containerized environment for QA testing and a small footprint of containers in production. Kent Pollard, senior infrastructure architect at IFDS, has been testing Zerto for Kubernetes and providing feedback. “From the limited testing I’ve been able to do, it’s been very exciting. It has a lot of potential,” said Pollard, who said he’ll be more confident in putting critical data and applications in containers when the full release becomes available.
Zerto will also roll out CDP for operational backup and long-term retention in 2021. Van Doorn said Zerto is building out workflows to use Zerto’s CDP capabilities for data protection use cases outside of DR and failover, which has been Zerto’s primary focus. He said Zerto plans to add the ability to restore directly to production environments, native cloud repositories in AWS and Azure, plus automatic data protection and data reduction.
Christophe Bertrand, senior analyst at Enterprise Strategy Group, said the container backup market is heating up. Container adoption has grown among enterprises because their application development tends to be more mature, and this has fed a demand for container backup. Container backup also can’t be achieved through traditional snapshotting or other previous backup methods, so it provides room for vendors to enter the market.
“Right now, it’s still early stages, but I expect more intensity around this topic in the next few months,” Bertrand said.
Bertrand said backup vendors are keenly aware of how Veeam’s focus around VMware when virtualization was still relatively new led to its explosive growth and market presence. Veeam launched in 2006 and was acquired by private equity firm Insight Partners with a $5 billion valuation in January 2020. Similar success could be found by supporting Kubernetes as container adoption continues to grow.
Van Doorn said he has observed a rise of container adoption in enterprises, and it makes sense to build out Zerto to support wherever the customers are.
“It’s the next logical step,” Van Doorn said of container support.
Threat researchers at Recorded Future discovered a new ransomware-as-a-service tool, dubbed “Thanos,” that is the first to utilize the evasion technique known as RIPlace.
Thanos was put on sale as a RaaS tool “with the ability to generate new Thanos ransomware clients based on 43 different configuration options,” according to the report published Wednesday by Recorded Future’s Insikt Group.
Notably, Thanos is the first ransomware family to advertise its optional utilization of RIPlace, a technique introduced through a proof-of-concept (PoC) exploit in November 2019 by security company Nyotron. At its release, RIPlace bypassed most existing ransomware defense mechanisms, including antivirus and EDR products. But despite this, the evasion wasn’t considered a vulnerability because it “had not actually been observed in ransomware at the time of writing,” Recorded Future’s report said.
As reported by BleepingComputer last November, only Kaspersky Lab and Carbon Black modified their software to defend against the technique. But since January, Recorded Future said, “Insikt Group has observed members of dark web and underground forums implementing the RIPlace technique.”
According to its report on RIPlace, Nyotron discovered that file replacement actions using the Rename function in Windows could be abused by calling DefineDosDevice, which is a legacy function that creates a symbolic link or “symlink.”
Lindsay Kaye, director of operational outcomes for Recorded Future’s Insikt Group, told SearchSecurity that threat actors can use the MS-DOS device name to replace an original file with an encrypted version of that file without altering most antivirus programs.
“As part of the file rename, it called a function that is part of the Windows API that creates a symlink from the file to an arbitrary device. When the rename call then happens, the callback using this passed-in device path returns an error; however, the rename of the file succeeds,” Kaye said. “But if the AV detection doesn’t handle the callback correctly, it would miss ransomware using this technique.”
Insikt Group researchers first discovered the new Thanos ransomware family in January on an exploit forum. According to the Recorded Future report, Thanos was developed by a threat actor known as “Nosophoros” and has code and functions that are similar to another ransomware variant known as Hakbit.
While Nyotron’s PoC was eventually weaponized by the Thanos threat actors, Kaye was in favor of the vendor’s decision to publicly release RIPlace last year.
“I think at the time, publicizing it was great in that now antivirus companies can say great, now let’s make sure it’s something we’re detecting because if someone’s saying here’s a new technique, threat actors are going to take advantage of it so now it’s something that’s not going to be found out after people are victimized. It’s out in the open and companies can be aware of it,” Kaye said.
Recorded Future’s report noted that Thanos appears to have gained traction within the threat actor community and will continue to be deployed and weaponized by both individual cybercriminals and collectives through its RaaS affiliate program.
While operators behind Maze ransomware have been exposing victims’ data through a public-facing website since November 2019, new information suggests ransomware gangs are now teaming up to share resources and extort their victims.
On June 5, information and files for an international architectural firm was posted to Maze’s data leak site; however, the data wasn’t stolen in a Maze ransomware attack. It came from another ransomware operation known as LockBit.
Bleeping Computer first reported the story and later received confirmation from the Maze operators that they are working with LockBit and allowed the group to share victim data on Maze’s “news site.” Maze operators also stated that another ransomware operation would be featured on the news site in the coming days.
Three days later, Maze added the data for a victim of another competing ransomware group named Ragnar Locker. The post on Maze’s website references “Maze Cartel provided by Ragnar.”
Maze operators were the first to popularize the tactic of stealing data and combining traditional extortion with the deployment of ransomware. Not only do they exfiltrate victims’ data, but they created the public-facing website to pressure victims into paying the ransom.
Data exposure along with victim shaming is a growing trend, according to Brian Hussey, Trustwave’s vice president of cyber threat detection & response. Threat actors exfiltrate all corporate data prior to encrypting it and then initiate a slow release of the data to the public, he said.
“Certainly, we’ve seen an increase in the threat — the actual carrying out of the threat not as much from what I’ve seen,” Hussey said. “But a lot of times, it does incentivize the victim to pay more often.”
There are dozens of victims listed by name on the Maze site, but only 10 “full dump” postings for the group’s ransomware victims; the implication is most organizations struck by Maze have paid the ransom demand in order to prevent the publication of their confidential data.
Rapid7 principal security researcher Wade Woolwine has also observed an increase in these shaming tactics. Both Woolwine and Hussey believe the shift in tactics for ransomware groups is a response to organizations investing more time and effort into backups.
“My impression is that few victims were paying the ransom because organizations have stepped up their ability to recover infected assets and restore data from backups quickly in response to ransomware,” Woolwine said in an email to SearchSecurity.
One of the primary things Trustwave advises as a managed security services provider, is to have intelligent, well-designed backup procedures, Hussey said.
“These new tactics are a response to companies that are mitigating ransomware risk by properly applying the backups. It has been effective. A lot of companies invested in backup solutions and design backup solutions to kind of protect from this ongoing scourge of ransomware. Now the response is even with backup data, if threat actors exfiltrate first and then threaten to release the private information, this is a new element of the threat,” Hussey said.
When threat actors make it past the perimeter to the endpoint and have access to the data, it makes sense to steal it as further incentive for organizations to pay to unencrypt the data, Woolwine said. And the threat actors pay particular attention to the most sensitive types of data inside a corporate network.
“Initially, we were seeing exploit kits like Cobalt Strike used by the attackers to look for specific files of interest manually. I say ‘look,’ but the Windows search function, especially if the endpoint is connected to a corporate file server, is largely sufficient to identify documents that say things like ‘NDA,’ ‘contract’ and ‘confidential,” Woolwine said. “More recently, we’ve seen these searches scripted so they can execute more quickly.”
According to Woolwine, phishing and drive-by continue to be preferred vectors of delivery for most ransomware attacks, but those techniques are shifting too.
“We also see attackers target specific internet-facing systems that have been unpatched, as well as targeting RDP servers with brute-force authentication attempts. In either case, once the vulnerability is exploited or the credentials guessed, the attackers will install ransomware before disconnecting,” Woolwine said. “The rise in tactics is very likely due to the shift from ransom to data exposure. It’s no longer about how many machines you can infect but infecting the machines that have access to the most data.”
Hussey said these new tactics were unexpected at the time; they are the next logical step in the ransomware progression, and he expects more threat actors to adopt them in the future.
It’s safe to say that due to the ongoing COVID-19 pandemic, SAP Sapphire Now 2020 will be like none that has come before it.
SAP Sapphire Now is an annual event where SAP customers, partners and company executives can hear about SAP’s newest technology and latest strategy, learn skills and pursue certifications, and — perhaps most importantly — network and hobnob with denizens of the SAP ecosystem.
But the days of in-person hobnobbing are gone, at least for now, and, like many other enterprise conferences and trade shows, SAP Sapphire Now will be held virtually this year, with streaming keynotes, online sessions and demos from SAP and partners.
The virtual version of SAP Sapphire Now will attempt to provide the same kind of content and messaging from the top levels of SAP, but in a different way, said Alicia Tillman, global chief marketing officer at SAP.
“The objective here, over the course of a very short period of time, was to stand up something as new and as different as this,” Tillman said. “How do we get the content right? How do we make it global? And how do we create an exceptional experience, as all three of those components need to come together?”
3 virtual programs
This year’s SAP Sapphire Now consists of three programs: Sapphire Now Unplugged, Sapphire Now Vision and Sapphire Now Converge, Tillman said.
Sapphire Now Unplugged is a series of videos of SAP executives speaking with external thought leaders and innovators, such as Ian Bremmer, Malcolm Gladwell and NBA commissioner Adam Silver. The last episode of the series will be made available June 11.
SAP Sapphire Now Vision begins June 15 with new SAP CEO Christian Klein’s keynote address. He is expected to set the strategy for SAP’s vision of the intelligent enterprise, which uses advanced enterprise systems to enable companies to transform old business processes or develop new business models. SAP Sapphire Now Converge begins after the keynote, Tillman said, and consists of 11 online channels that will have live content from SAP, partners and customers. The channels will cover a range of SAP technology, platform and industry areas, including ERP, finance, HR, procurement, supply chain, platforms, customer experience and experience management. Presentations will be made available for on-demand viewing.
The goal is to provide content that’s informative but in a format that keeps attendees engaged, according to Tillman. Sessions will be short or will be laced with entertainment breaks to keep things interesting. In one high-profile example, rock legend Sting will perform live at breaks in Klein’s keynote.
Tillman argues that the virtual SAP Sapphire Now could present an advantage for a global audience that may not have always been able to travel to Orlando.
“SAP Sapphire Now will use a ‘follow the sun’ model, where the sessions will air at the regionally relevant time,” she said. “All the content is going to be translated with subtitles into 14 different local languages. And the regions are also going to layer into that short segments hosted by each regional president, who will have local customers and localized content to make it relevant for their particular market.”
Missing the human touch
The online version of SAP Sapphire Now will be a significant change from an event that annually drew thousands of attendees to the sprawling Orange County Convention Center in Orlando.
There will likely be something lost with the lack of human interaction, but it is difficult to judge what those losses will be, said Shaun Syvertsen, managing partner and CEO of ConvergentIS, an SAP business partner based in Calgary, Alta.
ConvergentIS provides services for SAP implementation and migrations, with a particular focus on UX design and building SAP Fiori apps. The company has been a part of several recent SAP Sapphire events as a sponsor and exhibitor, and this year will present the first session in the Sapphire Converge UX channel, Syvertsen said.
“The ad hoc meetings that happened during Sapphire are a little bit more difficult to schedule this year,” he said. “Although you’ll avoid getting all those steps in when you’re trying to get from one end of the floor to the other to go meet someone on time for that meeting.”
Syvertsen described SAP Sapphire Now as a valuable event to attend because of the opportunities to meet with SAP professionals he may not have otherwise connected with, including one who provided marketing expertise for ConvergentIS.
“I never really would have gotten to know him if we hadn’t attended events like Sapphire and SAP TechEd in person,” he said. “That’s probably the secret sauce for Sapphire that made it worth investing money and sponsoring, traveling, and that’s really hard to do from the virtual remote limited interaction perspective.”
Dawn of a new Sapphire era
SAP Sapphire Now veterans said that the virtual event could represent an opportunity to introduce a new look for SAP, spearheaded by its young, new CEO Klein. But there will also be something lost without the human interaction that characterized the live events.
One major question is whether the online format will be able to match the dynamism of live keynotes, demos and breakout sessions that characterizes traditional conferences.
“We will see the usual number of tracks and keynotes, but can SAP take advantage of the new format successfully or will it deliver a boring digital event with too much canned content, lack of interaction and little engagement,” said Holger Mueller, vice president and principal analyst at Constellation Research. “This will be an interesting one to see, as vendors are now four months into the new normal for events like this and the bar has been raised steadily. What was a ‘B’ for an event in April will be a ‘D’ in June and an ‘F’ in the fall.”
The SAP Sapphire Now Online format, which will present content tailored to a global audience and will support some interaction, may work well, said Jon Reed, co-founder of Diginomica.com, an enterprise computing analysis and news site.
“On paper at least, it seems more interactive than most such events we’ve seen,” Reed said. “It’s ambitious in scope, and we’ll see if SAP is able to deliver on some of that live interactivity. It’s important to note that SAP sees this as a chance to bring in a global audience that couldn’t get to Orlando.”
“You can make a compelling online conference — Celonis and a few others have done a pretty good job — but there are some that have been absolutely mind-numbingly horrible,” Greenbaum said. “It looks like SAP is trying to do the right things to not make it boring and mind-numbing, so I’m cautiously optimistic. It’s harder for all of us because of the number of hours we’ve spent on Zoom, but I know there’s going be some compelling content.”
SAP Sapphire Now will also be a key moment for Klein to demonstrate that he has SAP under control, Reed said.
“Klein’s keynote will be important to watch, as people will use that to gauge whether he is ready for the daunting challenges SAP faces,” he said. “I believe he’s the right person to lead SAP right now, but you have to prove it out.”
It will be worth tuning into SAP Sapphire Now because there have been so many changes with the company’s leadership structure in the past year, Greenbaum said.
Greenbaum pointed to several SAP executives who have recently assumed positions with major responsibilities and large portfolios, including Thomas Saueressig, president of SAP product engineering, and Adaire Fox-Martin, head of SAP customer success.
“There have been a lot of big changes, not just with Klein,” he said.