Tag Archives: internet

February Patch Tuesday resolves IE zero-day

Microsoft resolved an Internet Explorer zero-day and multiple publicly disclosed bugs among the 99 vulnerabilities it addressed on February Patch Tuesday. 

In addition to the IE zero-day, Microsoft shared information about four other publicly disclosed vulnerabilities on February Patch Tuesday. Administrators will want to speed up their patching process with systems affected by these previously disclosed threats.

“There is enough information out there where threat actors could reverse engineer them pretty quickly,” said Chris Goettl, director of product management and security at Ivanti, a security and IT management vendor based in South Jordan, Utah.

Chris Goettl, director of product management and security, IvantiChris Goettl

Twelve CVEs this month are rated critical. In addition to Internet Explorer, other Microsoft products patched this month include the Windows operating system, ChakraCore, Exchange Server, SQL Server, Microsoft Office, Windows Malicious Software Removal Tool, Windows Surface Hub and the Microsoft Edge browser. Microsoft’s release notes indicate both Edge browsers — the original HTML-based one and the new Chromium-based one — have corrections available for February Patch Tuesday.

The number of CVEs this month is the highest amount in recent memory since August 2019 when Microsoft corrected 93 unique CVEs.

Goettl noted that, aside from security updates for Exchange Server and SQL Server, the sheer number of CVEs in February Patch Tuesday shouldn’t worry administrators because a significant portion of them involve the same products that get the most patches: Windows OS, web browsers and Microsoft Office.

“There’s not a significantly higher number of updates this month compared to previous months. The good news for the operations side of the house is whether it’s 15 CVEs or 99 CVEs, you know you’re probably going to have the same lineup of updates on any given month,” he said.

Microsoft addresses Internet Explorer zero-day

On Jan. 17, Microsoft issued a security advisory (ADV200001) for the Internet Explorer zero-day (CVE-2020-0674) but, because no patch was available, the company provided steps to mitigate potential damage by instructing administrators to restrict access to the JavaScript dynamic link library.

“That’s a pretty drastic restriction. Anything that requires jscript.dll in the browser would have been inoperable,” Goettl said.

The bug, which affects Windows server and client operating systems, is a remote-code execution vulnerability related to how the Internet Explorer scripting engine handles objects in memory.  The vulnerability is rated critical only for client OSes due to the built-in protections on Windows Server that limit exposure to attacks originating from Internet Explorer.

An attacker who uses the IE zero-day exploit, either through a specially crafted website or a Microsoft Office document, could gain system access and pick up the same user rights as the current user. If the affected user is an administrator, the attacker could take full control to perform a variety of tasks, including viewing data or creating a new account with full user rights.

Microsoft released security updates to address the other previously disclosed vulnerabilities:

CVE-2020-0683 and CVE-2020-0686: These are elevation-of-privilege vulnerabilities rated important for Windows operating systems related to a flaw in the Windows Installer that could let an attack evade access restrictions to add or remove files. 

CVE-2020-0689: This vulnerability, rated important for Windows systems, could let an attacker evade secure boot and run malicious code. The security update prevents the operation of third-party bootloaders.

CVE-2020-0706: This information disclosure vulnerability affects both Internet Explorer and the Microsoft Edge browser (HTML-based version), but requires the affected user to click on a link that leads to a malicious site.

Fixes for Exchange Server and SQL Server released

Microsoft released two fixes for Exchange Server rated important that the company marked with “Exploitation More Likely.”

CVE-2020-0688 is a remote-code execution vulnerability related to the platform mishandling objects in memory that an attacker could exploit without any user interaction by sending a specially crafted email to the server.  Without the patch, the Exchange Server could be overtaken and allow the attacker to run a variety of tasks, including install programs and delete data.

CVE-2020-0692 is an elevation-of-privilege vulnerability that, if exploited, would give the attacker the same rights as any user of the Exchange Server and risk the exposure of mailbox contents. The update changes how Exchange Web Services handles security access tokens to prevent this threat.

For SQL Server, CVE-2020-0618 is a remote-code execution vulnerability rated important related to the platform’s reporting services feature that, if exploited, would let an attacker execute code in the context the service account.

Microsoft dangles fixes for unsupported Windows systems

Windows 7 and Windows Server 2008 and 2008 R2 left extended support last month but, in a curious turn of events, Microsoft continues to publicize the availability of patches for those systems this month — but only for Extended Security Update subscribers.

“You can look, but you can’t touch,” Goettl said.

Users who go to the Microsoft Security Update portal can select Windows 7, Windows Server 2008 and Windows Server 2008 R2 systems to see the CVEs affecting those systems. For February Patch Tuesday, the number for each OS eclipses 40.

“I’ve been dealing with these extended support situations all the way back to Windows NT4. This is the first time where it’s been like this,” Goettl said. “Nobody — nobody — ever saw anything about these CVEs unless they had subscribed, and even then you had to log into your MSDN or a TechNet account to even see any of the details.”

Go to Original Article
Author:

Data silos hinder IoT in healthcare; tech giants could help

The Internet of Things in healthcare may not be a new idea, but it’s the key to creating a more connected world within healthcare, according to one analyst.

The Internet of Things, or IoT, is the connection of a group of digitized objects that can collect, send and receive data. Digital medical device use was born out of clinical need, often circumventing IT for approval or advice, said Gartner analyst Gregg Pessin. Now healthcare organizations are dealing with silos of IoT devices and data.

Gregg PessinGregg Pessin

“In the past, the CIO or the IT department has had little input into what happens in that acquisition process, so you end up with IoT solutions, many of them from many different companies, that all work in their own little world inside that clinical environment,” Pessin said.

That is changing. Healthcare organizations are beginning to see value in breaking down silos and bringing IoT data together to create a single view of a patient. Tech giants like AWS are pushing into the healthcare market providing platforms to gather and analyze IoT data while making it more accessible.

CIO’s perspective on IoT in healthcare

IoT data silos and the lack of interoperability in healthcare are major challenges, according to Craig Richardville, CIO of SCL Health, based in Broomfield, Colo. They must be overcome for a healthcare organization to make better use of the IoT data it’s collecting.

Craig RichardvilleCraig Richardville

In healthcare, integrating vast amounts of IoT data into provider workflows is a complex, uphill battle, Richardville said. But as the healthcare industry matures, he said, there is growing opportunity to standardize and integrate IoT data back into provider workflows to create a more complete view of a patient.

“That’s really the ecosystem we all want to create,” he said. “The end game is [a system] that is fully connected all the way through, safely and securely, that allows us to consume or digest that information and get that back into someone’s professional workflow so they can take advantage of the information. The outcome of that is we make better decisions.” 

Richardville believes IoT is the future of healthcare, further enabling a healthcare organization’s connection to patients in their homes. IoT in healthcare can grow an organization’s capabilities when it comes to remote patient monitoring, social determinants of health and other areas of healthcare. IoT data can help providers and healthcare leaders “make more precise and intelligent decisions,” he said. 

Richardville said IoT could provide greater connection to patients but that privacy and security should remain top of mind for healthcare CIOs as that connection to patients and data collection grows. It’s also important that a healthcare system has the capability to analyze the data coming from connected devices — an area where tech giants could play a significant role.

Companies like Amazon, Apple, Google and Microsoft, all of which continue to push into healthcare, could provide healthcare organizations with IoT data gathering and analytics capabilities, Richardville said. SCL Health has a “strong relationship” with Google, which he sees as an “accelerator” to the digital healthcare work the organization is doing.  

“When you look at the companies, whether it’s Amazon or Google or Microsoft, all getting into this space … it actually allows us to be able to lift our game,” Richardville said. 

When it comes to IoT, Gartner’s Pessin said there is strong motivation in healthcare to move toward platform products, which offer tools to gather and analyze IoT data.  

Tech giants further enable IoT in healthcare

Healthcare organizations are buying more patient data-collecting and IoT-enabled devices, which is creating a “tidal wave of data” healthcare CIOs have to deal with, Pessin said.

The amount of computing and storage power required to process that much data is likely more than an on-premises data center can handle. That’s where external, third-party players like tech giants come in, according to Pessin.

“What are they great at? They’re great at scaling resources and they’re adding all of these great, specific kinds of platform solutions like IoT services that they can sell on the platform,” Pessin said.

AWS, for example, has AWS IoT services that health IT and medical device manufacturer Philips Healthcare is using. Philips created a customer-facing HealthSuite digital platform to provide customers with the capability to “connect devices, collect electronic health data, aggregate and store data securely, analyze data and create solutions on the cloud,” according to the Philips HealthSuite digital platform website.

Dale Wiggins, general manager of the HealthSuite digital platform, said Philips chose AWS to be its cloud provider to store large amounts of data and large X-ray and MRI image files from Philips medical devices. The next step for the Philips HealthSuite platform is to use AWS IoT services for remote support management of Philips devices, Wiggins said.

AWS IoT provides Philips with a more cost-effective way to offer remote support capabilities on Philips devices to healthcare customers, he said.

“We’re looking at using IoT to solve a lot of legacy issues with our existing remote support capabilities with new, cutting-edge, always on, always available services that AWS really supports through what they provide with IoT,” he said.

AWS IoT offers device software, control services and data services, depending on customer needs, according to Dirk Didascalou, vice president of AWS IoT. AWS provides the infrastructure for IoT services and is HIPAA-compliant, but it does not have access to customer data through AWS IoT, Didascalou said.

Partnerships with tech giants and healthcare organizations, medical device manufacturers and even EHRs are becoming the norm, according to Pessin. Healthcare organizations create the data and tech giants can provide tools to collect, analyze and store that data. Pessin said healthcare CIOs have to be ready to develop partnerships between the two.

“The advances in digital care delivery that are coming are going to require massive resources, and it’s those large digital giants that have that available,” Pessin said. 

Go to Original Article
Author:

Microsoft closes IE zero-day on November Patch Tuesday

Administrators will need to focus on deploying fixes for an Internet Explorer zero-day and a Microsoft Excel bug as part of the November Patch Tuesday security updates.

Microsoft issued corrections for 75 vulnerabilities, 14 rated critical, in this month’s releases which also delivered fixes for Windows operating systems, Microsoft Office and Office 365 applications, Edge browser, Exchange Server, ChakraCore, Secure Boot, Visual Studio and Azure Stack.

In addition to these November Patch Tuesday updates, administrators should also look at the Google Chrome browser to fix a zero-day (CVE-2019-13720) reported by Kaspersky Labs researchers. Google corrected the flaw in build 78.0.3904.87 released on Oct. 31 for Windows, Mac and Linux systems.

Microsoft plugs Internet Explorer zero-day

The Internet Explorer zero-day (CVE-2019-1429), rated critical for Windows client systems and moderate for the server OS, covers the range of browsers from Internet Explorer 9 to 11. The flaw is a memory corruption vulnerability that could let an attacker execute code remotely on a system in the context of the current user. If that user is an administrator, then the attacker would gain full control of the system.

On a system run by a user with lower privileges, the attacker would need to do additional work through another exploit to elevate their privilege. Organizations that follow least privilege will be less susceptible to the exploit until administrators can roll out the update to Windows systems. Exposure to the zero-day can occur in several scenarios, from visiting a malicious website to opening an application or Microsoft Office document that contains the exploit.

“[There are] a few different ways to exploit [the IE zero-day], such as going to a site that allows user-contributed content like ads that can be injected with this type of malicious content to serve up the attack,” said Chris Goettl, director of product management and security at Ivanti, a security and IT management vendor based in South Jordan, Utah.

Chris Goettl, director of product management and security, IvantiChris Goettl

Organizations can take nontechnical measures, such as implement training that instructs users on how to avoid suspicious emails and websites, but the best way to prevent exploitation is to roll out the security update as quickly as possible because the vulnerability is under active attack, Goettl said.

Microsoft resolved a security feature bypass in Microsoft Excel 2016/2019 for macOS systems (CVE-2019-1457) rated important that had been publicly disclosed. The security update corrects a bug that did not enforce the macro settings for Excel documents. A user who opened a malicious Excel worksheet would trigger the exploit when it runs a macro. Microsoft’s advisory stipulated the preview pane is not an attack vector for this vulnerability.

Other security updates worth noting for November Patch Tuesday include:

  • A critical servicing update to ChakraCore to correct three memory corruption bugs (CVE-2019-1426, CVE-2019-1427 and CVE-2019-1428) that affect the Microsoft Edge browser in client and server operating systems. The remote code execution vulnerability could let an attacker run arbitrary code in the context of the current user to obtain the same user rights.
  • A remote code execution vulnerability in Exchange Server 2013/2016/2019 (CVE-2019-1373) that would let an attacker run arbitrary code. The exploit requires a user to run a PowerShell cmdlet. The update corrects how Exchange serializes its metadata.
  • A critical remote code execution vulnerability (CVE-2019-1419) in all supported Windows versions related to OpenType font parsing in the Windows Adobe Type Manager Library. An attacker could exploit the bug either by having a user open a malicious document or go to a website embedded with specially crafted OpenType fonts.
  • Microsoft resolved nine vulnerabilities affecting the Hyper-V virtualization platform. CVE-2019-0719, CVE-2019-0721, CVE-2019-1389, CVE-2019-1397 and CVE-2019-1398 relate to critical remote code execution bugs. CVE-2019-0712, CVE-2019-1309, CVE-2019-1310 and CVE-2019-1399 are denial-of-service flaws rated important.

Microsoft shares information on Trusted Platform Module bug

[There are] a few different ways to exploit [the IE zero-day], such as going to a site that allows user-contributed content like ads that can be injected with this type of malicious content to serve up the attack.
Chris GoettlDirector of product management and security, Ivanti

Microsoft also issued an advisory (ADV190024) for a vulnerability (CVE-2019-16863) in the Trusted Platform Module (TPM) firmware. The company indicated there is no patch because the flaw is not in the Windows OS or a Microsoft application, but rather in certain TPM chipsets. Microsoft said users should contact their TPM manufacturer for further information.
TPM chips stop unauthorized modifications to hardware and use cryptographic keys to detect tampering in firmware and the operating system.
“Other software or services you are running might use this algorithm. Therefore, if your system is affected and requires the installation of TPM firmware updates, you might need to reenroll in security services you are running to remediate those affected services,” the advisory said.
The flaw affects TPM firmware based on the Trusted Computing Guidelines specification family 2.0, according to Microsoft.

Microsoft releases more servicing stack updates

For the third month in a row, Microsoft released updates for the servicing stack for Windows client and server operating systems. Microsoft does not typically give a clear deadline when a servicing stack needs to be applied but has given as little as two months in some instances, Goettl said.

Servicing stack updates are not part of the cumulative updates for Windows but rather are installed separately.

Researchers say first BlueKeep exploit attempts underway

In security news beyond the November Patch Tuesday security updates, the first reports of the BlueKeep exploit targeting users began at the end of October when security researcher Kevin Beaumont spotted hacking attempts using the RDP flaw on his honeypots and reported the findings on his blog.

On May Patch Tuesday, Microsoft corrected the critical remote code execution flaw (CVE-2019-0708) dubbed BlueKeep that affects Windows 7 and Windows Server 2008/2008R2 systems. Due to the “wormable” nature of the vulnerability, many in IT felt BlueKeep might surpass the impact of the WannaCry outbreak. At one point there were more than a million public IPs running RDP that were vulnerable to a BlueKeep attack, which should serve as a wake-up call for IT to tighten up lax RDP practices, Goettl said.

“People should just be a little bit more intelligent about how they’re using RDP. You are opening a gateway into your network,” Goettl said. “There are people who have public-facing RDP that’s not behind a VPN, doesn’t require authentication. There are about four or five things people can do to better secure RDP services, especially when they’re exposing it to public IPs, but they’re just not doing it.”

Go to Original Article
Author:

Verizon 5G rollout could change broadband competition

Verizon has chosen to temporarily forego standards and launch a proprietary 5G internet service to homes in four U.S. cities. The rush to market could start generating a return from the billions of dollars spent on developing the fifth-generation wireless technology.

Verizon introduced its 5G Home service this week and said it would be available Oct. 1 in select neighborhoods in Houston, Indianapolis, Los Angeles and Sacramento, Calif. The service provider promised a baseline speed of about 300 Mbps, which is significantly higher than Verizon’s current fiber optic service, Fios.

Customers covered in the Verizon 5G rollout could experience speeds close to 1 Gbps if they are in a favorable location relative to Verizon’s 5G small cell site that broadcasts the wireless signal to the home.

Verizon plans to charge wireless subscribers $50 a month for the 5G service and nonwireless subscribers $70 a month. Verizon won’t charge for the first three months of service or for the 5G router and its installation in the home.

The promotional deal makes the 5G offering similar in pricing to the internet service Verizon currently provides through its Fios product, which delivers speeds of only about 100 Mbps or less, said Tom Nolle, principal analyst at technology consulting firm CIMI Corp., based in Township, N.J., in a research note.

“I think Verizon will be moving to normalize their pricing across FiOS and 5G, which could give Verizon users the best internet bargain out there today,” Nolle wrote.

Verizon 5G rollout using nonstandard gear

The home and cell site gear used in the Verizon 5G rollout are temporary. The company plans to replace the proprietary 5G equipment with devices built around universal standards set by the 3rd Generation Partnership Project (3GPP). Verizon will replace the equipment as suppliers deliver standard gear.

Verizon is willing to forego standards initially to be quick to market with 5G internet services and to start generating revenue as soon as possible, said Rajesh Ghai, an analyst at IDC.

“This is a brand-new service for Verizon — incremental revenue,” he said. “They’re not going to eat into anything they’re already selling. They don’t have to get their existing customer base to adopt it.”

Because 5G is a fixed-wireless technology, Verizon can compete against cable companies and rival AT&T without having to bring a cable connection to homes or apartment buildings.

“If you have broadband deliverable to homes over the air, then it becomes a lot faster for a customer to provision the service,” Ghai said. “You get the box from Verizon, and it’s ready to go.”

Indeed, Verizon has made ordering the service easy by launching a website for would-be subscribers.

Verizon 5G rollout includes TV over IP

Verizon’s handling of TV over IP (TVoIP) through the 5G service is also significant. Subscribers get Google’s YouTube TV at no charge for the first three months and then have the option of continuing the service for $40 a month.

The offer shows Verizon is experimenting with TVoIP without having to buy a content provider. “If they like what happens, they could shift FiOS to TVoIP too, and drop a lot of cost along the way,” Nolle said. Also, Verizon could collect user data and website activity on the 5G service and use the information in other applications, such as ad selection.

For Sale – AMD FX 8320, 990FX + 8GB + internet security

I’m open to offers on all items
PRICES NOW INC P&P

Bullguard Internet Security Activation Code £10

AMD FX 8320 with cooler
asus sabertooth 990fx r2.0
8gb Corsair Dominator RAM

£130 inc P&P open to offers

Watercooling parts
All parts are used, have taken out of a working loop.

Phobya Balancer 250 silver nickel
Now £17 inc P&P

[​IMG]

Price and currency: £10 £130
Delivery: Delivery cost is included within my country
Payment method: Bank or Paypal Gift
Location: Rotherham
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – AMD FX 8320, 990FX + 8GB + internet security

I’m open to offers on all items
PRICES NOW INC P&P

Bullguard Internet Security Activation Code £10

AMD FX 8320 with cooler
asus sabertooth 990fx r2.0
8gb Corsair Dominator RAM

£130 inc P&P open to offers

Watercooling parts
All parts are used, have taken out of a working loop.

Phobya Balancer 250 silver nickel
Now £17 inc P&P

[​IMG]

Price and currency: £10 £130
Delivery: Delivery cost is included within my country
Payment method: Bank or Paypal Gift
Location: Rotherham
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – AMD FX 8320, 990FX + 8GB + internet security

I’m open to offers on all items
PRICES NOW INC P&P

Bullguard Internet Security Activation Code £10

AMD FX 8320 with cooler
asus sabertooth 990fx r2.0
8gb Corsair Dominator RAM

£130 inc P&P open to offers

Watercooling parts
All parts are used, have taken out of a working loop.

Phobya Balancer 250 silver nickel
Now £17 inc P&P

[​IMG]

Price and currency: £10 £130
Delivery: Delivery cost is included within my country
Payment method: Bank or Paypal Gift
Location: Rotherham
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – AMD FX 8320, 990FX + 8GB + internet security

I’m open to offers on all items
PRICES NOW INC P&P

Bullguard Internet Security Activation Code £10

AMD FX 8320 with cooler
asus sabertooth 990fx r2.0
8gb Corsair Dominator RAM

£130 inc P&P open to offers

Watercooling parts
All parts are used, have taken out of a working loop.

Phobya Balancer 250 silver nickel
Now £17 inc P&P

[​IMG]

Price and currency: £10 £130
Delivery: Delivery cost is included within my country
Payment method: Bank or Paypal Gift
Location: Rotherham
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Intelligent Search that can save you money: hotel booking, home services price ranges, and more

The Internet has put thousands of stores and service providers at our fingertips, allowing us to buy goods and services with the click of a button. This convenience comes with a set of challenges, especially when it comes to deciding which product to buy, which provider to hire, and how to get the most value for our money. Consumers cite anxiety and the fear of buyer’s remorse as their major pain points.

Today Bing is happy to announce the launch of new intelligent features designed to allow you to estimate and compare prices across multiple providers, give you insights to make the right trade-offs around price, and get more savings on products through a new deals experience – all built to help you save money.
 

Hotel booking

Typical users go through multiple sites before they make a choice on which hotel to book, and even then they often don’t feel confident they made the best choice. In May we released a hotel booking experience with aggregated pricing from third party booking sites. These features get even more powerful with what we’re announcing today: intelligent tips, a price trends view, and a comparison view.

First, Bing displays booking tips when you’re looking at hotels for which there are competing options you may not have considered. For example, if there are higher-rated hotels near the one you’re looking at with the same rate, or hotels that are closer to the airport and cheaper, we will let you know of the alternatives and tradeoffs for the options you’re looking at.


 
Second, Bing provides historical price trends for the date range you’re exploring to help make price-based trade-offs. Many sites only let you see the rate after you’ve already selected a date, so users end up clicking through many times to check the rates throughout the date range they’re interested in. Our price trend feature allows users to browse price trends over time in a single view.


 

Third, our new comparison view provides a comprehensive overview of pricing by hotel option. No more digging through multiple sites and reviews to find out what amenities are offered and if there are hidden fees! You’ll simply be able to see the detailed breakdowns side-by-side so you can feel assured you’re making the best choice for your needs and budget.


 

Home services pricing and scheduling

 

Hotel-booking unfortunately isn’t the only painful purchase experience for many users. We also heard that users are often frustrated when it comes to choosing a home service provider, as quotes can vary substantially from one service to another, and many people aren’t confident in how much they should expect to pay.

That’s why we built cost ranges to provide transparency for home services like sink installation costs and toilet repairs. These ranges show a visual distribution of prices, specific to your zip code so they’re tied to your location. We want you to feel empowered to plan your budget and even negotiate a quote with a specific provider!

This price data comes via our partnership with Porch, so you can feel confident you’re getting a comprehensive view.


 
After you’ve gotten a view of what to expect for pricing, Bing helps you collect quotes from multiple providers with just a few clicks. For example, if you search for “plumbers Bellevue”, you’ll get a listing of plumbers in that area with a ‘Get Quote’ for supported providers. Click that button and you’re taken to a pre-populated form on Yelp, where you can select up to 10 similar providers and send out a bulk request for quotes instead of having to contact each provider individually.
 

 

Coupons and deals

Finally, we realized that trying to find deals can be a time-consuming. Between the fine print, expiration dates, and confusing language, it’s easy to be unsure if you’re really getting a good deal or not.

Bing now aggregates deals across first- and third-party listings then displays them when you search for retailers or coupons. We surface relevant insights like ‘expiring soon’, whether the offers are online or in-store only, and more.


 

We hope you’re as excited by these money-saving features as we are — you can try them for yourself with our feature tour! All of them are available in the US, and apart from the home services price ranges these features are currently on desktop only. We will continue rolling out these features to mobile platforms and international markets in coming months.

While you’re trying out these new experiences, please also remember to sign in to Microsoft Rewards – you’ll earn points for your Bing searches and can redeem them towards gift cards and save even more!

Thanks,

The Bing Team
 

Microsoft’s Airband Grant Fund invests in 8 start-ups delivering internet-connected solutions to rural communities around the globe – Microsoft on the Issues

Today, internet access is as essential as electricity. It empowers entrepreneurs to start and grow small businesses, farmers to implement precision agriculture, doctors to improve community health and students to do better in school. But almost half the world’s population is still not online, often because they live in underserved areas, and therefore miss out on opportunities to take advantage of and become part of the digital economy. As a global technology company, we believe we have a responsibility and a great opportunity to help close this gap.

That’s why we’re excited to announce the eight early-stage companies selected for our third annual Airband Grant Fund. These start-ups are overcoming barriers to provide affordable internet access to unconnected and underserved communities in the U.S., Africa and Asia using TV white spaces (TVWS) and other promising last-mile access technologies. Our grant fund will provide financing, technology, mentorship, networking opportunities and other support to help scale these start-ups’ innovative new technologies, services and business models. The Airband Grant Fund is part of the Microsoft Airband Initiative, launched last year to extend broadband access across the United States and, ultimately, connectivity around the globe.

We are excited to partner with this year’s cohort of Airband grantees, which include:

These companies are improving life for some of the most underserved communities here in the U.S. and around the world. For example, approximately 35 percent of people living on tribal lands in the U.S. lack broadband. Tribal Digital Village wants to change that. With support from our Airband Grant Fund, they will use TVWS – vacant broadcast spectrum that enables internet connections in challenging rural terrain – and other technologies to deploy broadband to tribal homes on 20 isolated reservations in Southern California. “We realized that without access to the internet, tribal students weren’t going to have access to advanced opportunities that other kids had,” said Matt Rantanen, director of technology for Tribal Digital Village. “But there was no infrastructure on tribal land and no telecommunications companies wanted to work with us to build it out. So we had to build it ourselves.”

ColdHubs is another organization finding innovative ways to tackle the broadband access challenge. In Owerri, Nigeria, ColdHubs is transforming their refrigerated crop storage rooms into Wi-Fi hot spots using TVWS technology. The company aims to empower smallholder farmers with the ability to earn better livelihoods. Their solar-powered crop storage facilities help reduce food spoilage, which causes 470 million smallholder farmers to lose 25 percent of their annual income. Farmers who use ColdHubs can extend the freshness of their fruits and vegetables from two to about 21 days, reducing post-harvest loss by 80 percent. By turning these facilities into Wi-Fi “Farm Connect Centers,” ColdHubs will enable farmers to get online and access agricultural training, resources to improve crop yields and marketing and digital skills training.

Whether in the U.S. or around the world, we believe in nurturing innovative solutions by supporting local companies and entrepreneurs. We are eager to work in close partnership with these Airband Grant Fund recipients over the next year to refine and expand the reach of their solutions. And in the coming months, we’ll have more to share on the exciting progress we’re making on our Airband Initiative, and our goal to deliver broadband to 2 million rural Americans by 2022, and to extend connectivity to underserved communities around the world. Learn more about the Airband Grant Fund recipients here.

Tags: ,