Tag Archives: released

Watch For, Hackathon 2017 winner, powers Mixer’s massively successful HypeZone

HypeZone, released in December 2017, rapidly gained millions of new users to livestream community Mixer. HypeZone’s secret weapon? The 2017 Hackathon Grand Prize Winner, Watch For, a Microsoft Garage project.

Last month, Microsoft’s fifth annual One Week Hackathon wrapped up with astounding numbers. This year, during the largest private hackathon on the planet, over 23,000 employees registered to hack, and ultimately created 5,800 projects. As judging for this year’s projects begins and eager hackers await the winner announcements, it’s the perfect time to reconnect with last year’s Grand Prize Winner.

Originally called Lookout, the project team now known as Watch For has made tremendous strides in both personal growth and Microsoft business growth. Over the past year, team members Lenin Ravindranath Sivalingam, Matthai Philipose and Peter Bodik have been working as an incubation startup within Microsoft Research with autonomy and ownership to steer their project in a direction they desire.

The team’s original idea, which won the 2017 Hackathon, was an app to monitor live video streams on behalf of a user and notify him or her when specified events occur. Such a seemingly simple idea can be very powerful using artificial intelligence with many different applications.

2017 Hackathon winning team: Hackathon 2017 winning team: Matthai Philipose, Lenin Sivalingam, Yifan Wu, Peter Bodik and Victor Bahl. (Photo by Elizabeth Ong)
Hackathon 2017 winning team: Matthai Philipose, Lenin Sivalingam, Yifan Wu, Peter Bodik and Victor Bahl. (Photo by Elizabeth Ong)

As part of Microsoft Research, the project team members previously worked on video analytics for enterprise scenarios in their day jobs. One of their biggest partners was working with the city to monitor and analyze traffic cameras for a better understanding of how pedestrians, bikes, and vehicles crossed intersections.

Not surprisingly, livestreams are big in enterprise settings, and that translates as well to consumer settings. For Lenin, Matthai, and Peter, the most interesting part of working on a hack project was experimenting with how best to apply video analysis to consumer scenarios.

“What attracted me to this hackathon project was the chance to apply AI in large scale and at low-cost to the consumer setting. Our project really pushes the envelope on how efficient the AI systems would need to be, and it’s also meaningful in that my kids and mother can understand it and use it.” Matthai explained, adding, “And I love the idea of working with Lenin and Peter.”

The team took what they learned over the years about video analytics and traffic cams, and created such a compelling project that not only did Microsoft CEO Satya Nadella put his influence behind them, but the senior leadership team took notice and became excited about the possibilities. Ed Essey, principal program manager of Microsoft Garage, helped prepare the team to think and work like a lean startup.

Over the course of several months, they fine-tuned a business strategy for their product – including the team’s special blend of expertise, knowledge, experience, and idea-leadership – that led the team to work on Watch For full time.
In September 2017, a few weeks after the team’s Hackathon win, the Mixer group reached out to the team, having seen their project video. Mixer, acquired by Microsoft in 2016 as Beam, is a next-generation, interactive live streaming platform with a large gaming audience.

Taking a community-first focus on features, Matt Salsamendi, principal software engineering lead, Mixer and Chad Gibson, general manager, Mixer saw huge opportunity to accelerate Mixer’s vision in the computer vision space and were excited to partner with other Microsoft teams working in this area.

HypeZone Fortnite

The more popular games on Mixer tend to be multiplayer battle-royale style competitions where the last person standing wins. “Games like PlayerUnknown’s Battlegrounds (PUBG) and Fortnite are pretty new. For these games, a very simple thing works very well to light up Mixer scenarios.” Peter explained.

The scenario that Matt and Chad of Mixer wanted to execute on was how best to surface the most interesting parts of streams to a bigger audience. There are thousands of streams at any given time, of which only a couple hundred get viewed by most people. How do the rest of the streamers get any visibility and how do you avoid wasting those assets? How do Mixer fans discover those hidden gems? “The game streaming ecosystem has lots of undiscovered content, people wanting to be discovered, and viewers wanting to discover more compelling moments.”

“The game streaming ecosystem has lots of undiscovered content, people wanting to be discovered, and viewers wanting to discover more compelling moments.”

Lenin, Matthai, and Peter started to work closely with the Mixer team last September, and an ambitious goal organically formed, of launching new channels in winter of 2017 tailored with content discovered by AI models trained to “Watch For” specific events in streams. The timing coincided with PUBG’s release on Xbox One, which was fast becoming one of the most popular games on Mixer.

Mixer already had a front-end design where a single channel could host many different people’s streams continuously – they took advantage of that, and queried Watch For’s backend to determine when to switch between streams for the most interesting content. Thus, HypeZone was born – channels on Mixer using Watch For algorithms to highlight the final, nail-biting rounds of last-person standing games like PUBG that viewers found so engaging to watch.

“Matt already had the idea of HypeZone itself, to switch from stream to stream within a channel – but the experience of HypeZone evolved very quickly during our collaboration.” Lenin recalled. “We met with Matt and Chad early September. Two weeks later we had a prototype that we showed them. Then we kept improving its accuracy. By mid-October we had another prototype that they could use to run their HypeZone experience. We tested it for another 3 weeks. Then, 2 days before release, PUBG changed their UI. 1 day before release, we had to completely change all our models.”

Despite the whirlwind of activity, the Watch For team appreciated Mixer’s style of working fast and friendly. “As a business group, Mixer is very agile and easy to work with. We work close and we work well together.”

VictoryRoyale

“The choice of content for HypeZone is determined by all the analysis Watch For does. Which is one of the reasons why we were able to move so fast,” Peter explained. Peter and team had to tailor their AI models for HypeZone by building core video analytics skills specific to each game.

Over the last several months, HypeZone channels were among the most popular channels on Mixer. “It’s a win-win product. Viewers love it because it shows only the most exciting content, and streamers love it because they get featured on Mixer’s front page and get new followers. They start streaming more because they want to be featured on HypeZone and gain followers.” Game producers can also be counted among the many fans as HypeZone provides more exposure for their games.

The biggest challenge – and the team’s biggest accomplishment – was how to get HypeZone to scale, and at low-cost.

“HypeZone is driven by Watch For’s large-scale video analysis of every stream that’s coming into Mixer. Every stream we try to understand what’s on the screen. We look for various metadata that tell us the game is exciting. Text on the screen, icons that tell you state of the game, player stats and score. Over time we have evolved to understand more and more.” Lenin explained.

The secret sauce is very much a combination of Matthai’s AI expertise and Lenin and Peter’s end-to-end distributive systems knowledge that allows them to deeply and efficiently analyze and understand each stream’s content in real-time.

“This is one of the advantages of being in a company like Microsoft. The Garage and Hackathon gave us visibility, but there was a product group (Mixer) out there looking around who had a great understanding of their customers, and that Watch For might light up their market.” Matthai recalled how it all came together. “There was an element of luck that battle royale type games came into vogue around the same time. It’s a combination of all of these things that made this partnership work so well.”

“It’s one thing to have cool demos and enthusiasm from senior leadership, but it’s another thing to see our customers enjoying, laughing and crying , wanting to see more. That’s what really lit a fire under the whole project, that connection.”

A game-changer for streaming content platforms and how content can be surfaced and consumed – Watch For is a stellar example of using artificial intelligence for consumer scenarios. What’s next for Watch For? The team continues to work with Mixer, and other groups, to create awesome experiences yet to come using the power of AI.

Story by Meixia Huang

Check out HypeZone on Mixer https://mixer.com/
Get videos on the Mixer Channel One on YouTube
Follow Mixer on Twitter: https://twitter.com/WatchMixer
Read more about this Hackathon team:
Artificial intelligence eclipses cloud and mobile projects to win the day at Microsoft 2017 Hackathon

LogMeIn enhances GoToWebinar with analytics, on-demand viewer

LogMeIn has released a revamped version of the GoToWebinar cloud webcasting platform that gives users an interactive analytics dashboard, a new video-editing tool and the ability to publish recorded webinars to a website for on-demand viewing.

The analytics console lets users generate bar and line graphs by filtering aggregate viewership and engagement data. Previously, users had to download separate analytics spreadsheets for each webinar and could only analyze multiple events at once by manually combining those records.

The interactive interface should help marketers and trainers — the two most common types of live webcasters — track trends in attendance or watch-through rates over time. The vendor will also help users identify which times of day and days of the week draw the largest audiences.

Businesses are increasingly seeking access to more comprehensive analytics before, during and after web conferences and live broadcasts, according to Roopam Jain, analyst at Frost & Sullivan. “GoToWebinar’s new analytics dashboard brings the service more at par with where the market is today,” she said.

LogMeIn also broadened access to its on-demand video repository, GoToStage, where all GoToWebinar users can now publish recordings of their webinars. The platform, released in beta last year, sorts videos by topic, so viewers can use the site to discover videos of interest.

With the release of GoToStage, LogMeIn is addressing a gap in the webinar market, as more businesses look to use on-demand videos to increase viewership and continuously generate customer leads, Jain said. 

“There are not many webinar vendors today who offer a single integrated platform that combines on-demand webinars with a persistent content delivery platform built for social marketing,” Jain said. “GoToStage addresses that opportunity.”

LogMeIn builds out profile to remain competitive

The overhaul of cloud webcasting platforms comes a couple months after the vendor refreshed its flagship web conferencing platform, GoToMeeting, adding instant messaging and automatic transcription.

LogMeIn was named one of four leaders in the 2018 Gartner Magic Quadrant for Meeting Solutions that was released this week, slightly trailing Cisco, Microsoft and Zoom. In addition to GoToWebinar, the vendor’s other products include GoToTraining, Grasshopper, OpenVoice and the Jive cloud unified communications platform.

LogMeIn is facing increasing competition from Microsoft, which in July added live broadcasting capabilities to its on-demand video responsivity, Microsoft Stream, and integrated that product with its team collaboration app, Microsoft Teams.

Cisco, meanwhile, recently combined its online meetings and team collaboration platforms — now branded as Cisco Webex and Cisco Webex Teams — and expanded the cloud infrastructure of those products to lay the groundwork for advanced video use cases, such as augmented and virtual reality.

LogMeIn has sought to differentiate its platforms by designing easy-to-use interfaces and selling the products at a relatively low price.

“GoToWebinar has seen the most success with [small and midsize businesses] that often opt for best-of-breed solutions,” Jain said. “With the redesigned user interface and a new disruptive pricing, it will continue to appeal to businesses that look for simplicity, ease of use and lower pricing.”

PlayerUnknown’s Battlegrounds Full Product Release Now Available on Xbox One – Xbox Wire

Today, the Full Product Release (1.0) update for PlayerUnknown’s Battlegrounds (PUBG) released for new and existing owners across the Xbox One family of devices. This is a big moment for the PUBG Xbox community, now over nine million players strong, who have been every bit an important part of the development process since we first launched in Xbox Game Preview in December 2017. With the support of fans and the team at Microsoft, it’s been an incredible journey and we’re just getting started.

The Full Product Release comes with several exciting updates, including the Xbox One debut of the Sanhok Map, available today, along with Event Pass: Sanhok, which unlocks awesome rewards for leveling up and completing missions. The Sanhok Map is included with the Full Product Release 1.0 update, and Event Pass: Sanhok can be purchased in the Microsoft Store or the PUBG in-game Store beginning today. For additional details on all of the new features included in the Full Product Release update today and in the weeks ahead, click here.

While Full Product Release represents an exciting milestone for PUBG on Xbox One, it does not represent the end of the journey. The game will continue to be updated and optimized, and we have an exciting roadmap of new features and content ahead in the months to come, including the winter release of an all-new snow map.

The Full Product Release of PUBG for Xbox One is available for $29.99 USD digitally and as a retail disc version at participating retailers worldwide. If you already own the Xbox Game Preview version of PUBG on Xbox One you will receive a content update automatically today at no additional cost.

As shared previously, we’re also providing some special bonuses both to new players and those who have supported PUBG over the past nine months.

To enhance the ultimate PUBG experience on Xbox, fans can also look forward to the PlayerUnknown’s Battlegrounds Limited Edition Xbox Wireless Controller, which is now available for pre-order at the online at the Microsoft Store and starts shipping to retailers worldwide on October 30 for $69.99 USD.

Be sure to tune into Mixer’s very own HypeZone PUBG Channel to catch the most exciting, down-to-the-wire PUBG action that give viewers the opportunity to discover streamers of all levels during the most intense moments of the game.

Whether you’re already a player or your chicken dinner hunt starts today – now is the best time to jump into PUBG on Xbox One!

Windows 10 zero-day disclosed on Twitter, no fix in sight

A mishandled disclosure process saw proof-of-concept code for a Windows 10 zero-day flaw released on Twitter, but Microsoft has no patch available.

A self-described retired vulnerability researcher who goes by the handle SandboxEscaper announced the Windows 10 zero-day on Twitter on Aug. 27, complete with proof-of-concept (POC) code hosted on GitHub, but didn’t notify Microsoft beforehand. The flaw is part of the Windows Task Scheduler, and it can allow an attacker to obtain system privileges.

According to the CERT Coordination Center (CERT/CC) advisory, the “Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface.”

“We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems,” Will Dormann, vulnerability analyst for CERT/CC, wrote in the advisory. “Compatibility with other Windows versions may be possible with modification of the publicly-available exploit source code.”

Dormann also confirmed on Twitter that although the POC released by SandboxEscaper was designed to be a Windows 10 zero-day and affect 64-bit systems, the exploit would also work on 32-bit systems with “minor tweaks.”

Craig Young, computer security researcher at Tripwire, based in Portland, Ore., noted that the Windows 10 zero-day would allow “the caller to manipulate file permissions of protected system files.”

“This can be used to overwrite system libraries with malicious code to hijack Windows. With this published exploit code, it is trivial for malware to take complete control of the system after the malware has been loaded,” Young wrote via email. “Without a privilege escalation bug like this, the malware would be dependent on users clicking through access control alerts or entering administrator credentials.”

Risk vs. exploit code  

Experts generally agreed the level of risk for this Task Scheduler Windows 10 zero-day wouldn’t normally be too severe, because the exploit requires local access. This means an attacker would have to trick a user into downloading and running a malicious program, or they would need to have previously gained access to a system. However, experts said the release of the POC code changes the risk profile for the Windows 10 zero-day.

Allan Liska, solutions architect at Recorded Future, based in Somerville, Mass., added that this Windows 10 zero-day is another flaw in a long history of issues in the Windows Task Scheduler service.

“At this time, there is no patch for the vulnerability. One possible mitigation is to prevent untrusted — usually guest — users from running code. However, if an attacker gains access with user-level privilege, this mitigation will not work,” Liska said in an email. “The best bet until Microsoft releases a patch is to monitor for suspicious activity from Task Scheduler, and for this specific POC, monitor for the print spooler service spawning unusual processes,” he continued.

“Though bear in mind that while the POC uses the print spooler service, this vulnerability is not limited to just the print spooler. With some minor tweaking, the POC code could be used to execute other services.”

Although there were no specific details, SandboxEscaper expressed frustration with Microsoft and infosec in general before releasing the Windows 10 zero-day on Twitter, but appeared regretful two days later.

SandboxEscaper had mentioned a battle with depression and a desire to quit vulnerability research in a number of tweets leading up to releasing the POC code, and the vast majority of commenters offered messages of empathy or aid.

Microsoft did not respond to requests for comment at the time of this post.

Mitel targets enterprises with MiCloud Engage contact center

Mitel has released a contact-center-as-a-service platform that — unlike its other contact center offerings — is detached from its unified communication products. The over-the-top product should appeal to large organizations, which are more likely to buy their contact center and Unified Communications apps separately. 

MiCloud Engage Contact Center, which runs in the multi-tenant public cloud of Amazon Web Services, supports voice, web chat, SMS and email channels, and integrates with Facebook Messenger and customer relationship management (CRM) software.

The MiCloud Engage platform plugs two gaps in the vendor’s cloud contact center portfolio. It scales to over 5,000 agents, significantly more than the 1,000-agent capacity of its flagship cloud platform, MiCloud Flex.

Furthermore, Mitel has traditionally bundled its UC and contact center products, a combination that appeals to the vendor’s historical customer base of small and midsize businesses. MiCloud Engage, in contrast, is available as a stand-alone offering.

Mitel hopes the new platform will help it gain a foothold among enterprises, which are more often customers of Avaya, Cisco or Genesys. It could also appeal to individual divisions or lines of business within a large organization.

Mitel continues cloud pivot ahead of acquisition

The release of MiCloud Engage comes months shy of the publicly traded company’s planned acquisition by the private equity firm Searchlight Capital Partners L.P. The $2 billion deal, announced in April, is expected to close by the year’s end.

Going private should help Mitel grow its cloud business because it will be able to focus on long-term growth rather than quarterly earnings. Following a series of recent acquisitions, the company also benefits from a relatively large install base and a broad mix of cloud UC offerings.

Mitel’s 2017 acquisition of ShoreTel made it one of the top UC-as-a-service vendors worldwide, along with 8×8 and RingCentral. Still, only 6% of Mitel’s 70 million UC seats were in the cloud at the outset of 2018: 1.1 million in the public cloud and another 3 million hosted in Mitel’s data centers.

Ultimately, MiCloud Engage could serve as a conduit to more enterprises buying Mitel’s UC products, the core of its business. Gartner ranks Mitel among the top four UC vendors, alongside Microsoft, Cisco and Avaya.

“If you can’t win the UC business, then winning the contact center business and creating a backdoor that way is a good strategy,” said Zeus Kerravala, the founder and principal analyst at ZK Research in Westminster, Mass. “Getting your foot in the door is the important piece, and that’s what they’re trying to do with [MiCloud Engage].”

HubSpot Conversations adds chatbots, collaborative inbox

In an effort to become a platform its users rarely leave, HubSpot has released HubSpot Conversations, a tool that helps users keep track of customer interactions regardless of the channel.

The new module comes a few months after HubSpot introduced Service Hub, HubSpot’s new service product, and adds communication capabilities to the Cambridge, Mass., martech vendor’s marketing and service systems.

HubSpot Conversations has three main components: a collaborative inbox tool, chatbot capabilities and lead routing.

All of these capabilities were a welcome addition to the HubSpot tech stack for customer Frame My TV, a Haverhill, Mass., manufacturing company that builds custom frames for wall-mounted televisions.

“It allowed us, as a small business, to bring all of our remote employees under one umbrella,” said Kevin Hancock, principal at Frame My TV.

Hancock has a small core staff of about six employees, with roughly a dozen more freelance workers in sales and other departments. Having most of his technology all within HubSpot has made marketing and selling easier and more efficient — due to fewer integrations with third-party tools.

It allows me to focus on running the business and not having to focus on the technology.
Kevin Hancockprincipal, Frame My TV

“It allows me to focus on running the business and not having to focus on the technology,” Hancock said. “The top benefit of HubSpot Conversations is it puts the prospect information into the CRM for us and can trigger certain functionality.”

Previously, Hancock’s sales reps would have to toggle in-between different UI and input information in HubSpot on particular inbound prospects. With those interactions being recorded by HubSpot Conversations, the system is able to update the customer information automatically. Conversations also integrate with Slack, which Hancock and his team use more than email to communicate.

Separating spam from leads

While Hancock said HubSpot Conversations has improved efficiency for Frame My TV, he expressed some uneasiness about some aspects of the product. When working within inbound marketing, a common problem that arises is an abundance of irrelevant material — something HubSpot is still trying to work through with the collaborative inbox feature of Conversations.

“The number one hurdle with Conversations is figuring out how to handle the flurry of junk mail,” Hancock said. “Conceptually it makes sense to bring them into one place, but spam is a problem. I don’t want those emails to end up as contacts and muddying up the inbox.”

Hancock said that while he has turned off the feature, HubSpot is trying to fix the problem.

“It needs to have an option that when a message comes in to add that email as a contact,” he said.

HubSpot recently released Conversations, a new feature that brings all prospect interactions into one place.
The user interface for HubSpot Conversations shows how the tool brings all conversations and interactions into one place.

Chatbots come to HubSpot

Another feature of HubSpot Conversations that Frame My TV had deployed is building out chatbots, helping to gather initial information on inquiries and working to find the ideal number of questions to ask before moving over to live chat.

“One challenge we have is we sell a product to the top 5% — people aren’t buying it because of the cost, it’s a desire to finish off a room,” Hancock said. “So we have to qualify people a little bit and a lot of that can be sifted through using a bot.”

Building a chatbot for HubSpot was made possible by HubSpot’s acquisition of Motion AI in 2017.

HubSpot is seeking to build a platform-wide product — similar to what Salesforce has done over the years — with the goal of getting its users to stay on the HubSpot platform for all their needs, according to the company.

“With Conversations, what we’re trying to do is give teams that full clear picture of that customer relationship,” said Elise Beck, product marketing manager for Conversations. “As teams engage and work with prospects through their journey, they can keep things tied to CRM and keep tabs on what has happened.”

Beck added that HubSpot Conversations is available now within all existing HubSpot products as a drop-down item at no additional charge.

HubSpot’s annual user conference, Inbound 2018, is in Boston Sept. 4 to 7. Check back to SearchCRM.com for coverage of the conference.

New Cohesity backup adds Helios SaaS management

Cohesity Inc. today released Helios, a SaaS application that works in conjunction with Cohesity DataPlatform to give IT administrators greater control over their consolidated secondary data.

Helios allows Cohesity backup customers to manage data under control of DataPlatform software, whether it is on premises or in public clouds. Helios enables customers to view and search secondary data, make global policy changes and perform upgrades through a single dashboard.

Helios requires an extra license separate from DataPlatform, based on the amount of data under management. Positioned as an add-on for DataPlatform users, it’s designed to enhance secondary data management with a slew of features, including some that utilize predictive analytics and machine learning.

With Helios, Cohesity is following the lead of rival Rubrik Inc., which launched its Polaris SaaS-based management last April. Cohesity and Rubrik sell scale-out, node-based secondary storage platforms that manage data on premises and in the cloud.

Raj Dutt, product marketing director at Cohesity, said one of Helios’ core goals is to simplify multicluster administration. The Cohesity backup SmartAssist feature suggests resource allocations across the environment based on service-level agreements set by the administrator. Using machine learning, Helios examines how an infrastructure is being used and suggests when to add resources or make adjustments. Helios will also allow its users to make peer comparisons by sharing anonymized metadata from other Cohesity customers.

Other features include global hardware health monitoring, pattern and password detection, video compression and machine learning to analyze how changes will impact clusters before they are rolled out.

Cohesity Helios screenshot
Helios brings multicluster management under one dashboard.

Dutt said the difference between Helios and competitors, such as Dell EMC CloudIQ analytics and Rubrik Polaris, is “almost none of the [others] offer active management on a global scale.”

Although Helios is generally available today, Dutt said not all of its features will be ready to go right out of the gate. They will be rolled out as part of monthly releases of the core Cohesity backup software, with the expectation that all of the planned capabilities will be available by the end of 2018.

Cohesity backup checks the SaaS boxes

Edwin Yuen, senior analyst at Enterprise Strategy Group, said Helios fills the major requirements for SaaS-based management across clusters and clouds.

They’re experts in their storage and they’re adding a management layer on top of it.
Edwin Yuensenior analyst, Enterprise Strategy Group

“Within systems management, you need to have three things,” he said. “One is inventory — you need to be able to know what you have out there and go and find it. No. 2, you need to have status — you need to know what’s going on with them. And three, you need to have actions — you need to actually be able to do something about them. A lot of tools don’t actually do that. … Helios does.”

Yuen also pointed out that many vendors are moving from simply selling their software licenses to SaaS-based, subscription models. “It’s often consumption-based, it’s a living service, you’ll get data updates so you’re not always waiting for another version,” Yuen said. “If you are going to manage across multiple destinations, that model does make a lot of sense.”

As more products offering assisted integration and optimization like the Cohesity backup software emerge in the multi-cloud management space, Yuen speculates there will be a growing demand for cross-platform, vendor-agnostic products. Helios can see and manage the metadata hosted on Microsoft Azure, Google and Amazon Web Services public clouds — as long as you’re running Cohesity DataPlatform.

“They’re experts in their storage and they’re adding a management layer on top of it,” Yuen said. “The question is are you going to be an expert in the management layer so that it doesn’t matter what storage you have? I think there’s going to be demand for this type of solution across the board for managing data.”

August Patch Tuesday closes CPU bug, two zero-day exploits

Microsoft closed two zero-day vulnerabilities and released a fix for a new exploit for Intel processors on August Patch Tuesday.

Microsoft released an advisory (ADV-180018) on the latest speculative execution side channel vulnerability in Intel Core and Xeon processors called L1 Terminal Fault. Dubbed Foreshadow by security researchers, the vulnerability lets an attacker read data as it passes between a host and a virtual machine and a hypervisor.

The earlier Spectre and Meltdown variants allowed process-to-process interactions, but this latest hardware exploit allows a guest system to retrieve data from another guest system, said Brian Secrist, content manager at Ivanti, based in South Jordan, Utah.  

Once again, we have a bunch of hoops to jump through to get to full remediation… 2018 is keeping us real busy.
Brian Secristcontent manager, Ivanti

Full protection from Foreshadow (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) on Windows requires a registry change, Microsoft patch and Intel firmware update to close the vulnerability.

“Once again, we have a bunch of hoops to jump through to get to full remediation,” Secrist said. “2018 is keeping us real busy.”

Microsoft addresses two zero-day exploits

Microsoft also closed a pair of zero-day remote code execution vulnerabilities. The first (CVE-2018-8373), in the Microsoft Scripting Engine with known exploits that affect all versions of Internet Explorer, allows an attacker to run arbitrary code on unpatched machines in the context of users who visit a specially crafted website. Depending on the user’s rights, the attacker could install programs or view and delete data. The patch changes how the scripting engine handles objects in memory. This CVE is critical for Windows desktop systems and important for server versions.

Rated important, the second zero-day (CVE-2018-8414) uses a Windows Shell bug in Windows 10 and Windows Server SAC Server Core for remote-code execution attacks. This vulnerability requires the user to run a malicious file either from email or a web site, after which an attacker can run code at the privilege level of the current user. The patch makes Windows Shell validate file paths properly.

August Patch Tuesday closes more than 60 vulnerabilities

More than half of the 60 vulnerabilities disclosed in August Patch Tuesday affect browsers or the scripting engine. Administrators should prioritize patching workstations and servers for a critical remote code execution vulnerability (CVE-2018-8345) that triggers when viewed by a user. Microsoft resolved this exploit by correcting the processing of shortcut .LNK references.

“Because the user doesn’t have to click on the malicious .LNK file to actually exploit the vulnerability, compared to browser vulnerability, it’s more likely for a server admin to be browsing through files. If they see this shortcut and the system renders it, then that’s when the exploit runs,” said Jimmy Graham, director of product management at Qualys, based in Foster City, Calif.

Jimmy Graham, QualysJimmy Graham, Qualys

Almost every major third-party vendor released patches and updates between the July and August Patch Tuesday, said Secrist. Adobe released four updates, including fixes for Adobe Flash and Acrobat. Google Chrome released version 68, and Firefox released updates for Thunderbird.

“We haven’t seen any increase in attacks or anything, just an example of better research and better coverage of vulnerabilities,” Secrist said.

July Patch Tuesday issues anger IT workers

After the July Patch Tuesday releases, Microsoft warned customers of potential SQL Server startup problems on Windows desktop (7 and 8.1) and server (2008 R2 and 2012 R2) versions on July 26. The company released several hotfixes and recommended uninstalling the July patches. Such rollbacks of faulty Microsoft updates have become a recurring headache for administrators.

Microsoft security updates for July also caused problems for the .NET Framework. On July 16, Microsoft posted a blog that “encouraged” Exchange customers to delay applying the July 10 updates to avoid disruptions with mail delivery. Hotfixes for affected systems — all supported versions of Windows Server — did not arrive until July 17. Up until that point, the only remedy was to uninstall the .NET Framework 4.7.2 update.

“Clearly there is a quality assurance issue of some kind,” Secrist said. “There’s another .NET release this month. Hopefully they spend more time on this one. We always strongly recommend you run [patches] through a test group and make sure they are stable before you push them out.”

Jeff Guillet, CEO of EXPTA Consulting in Pacifica, Calif., reached out to the Exchange product group for more information when the disruptions first occurred and said it was a two-fold problem of “really bad patches and bad communication.”

“Nobody even acknowledged that there was a problem and then all of a sudden they said, ‘Oh, by the way, we fixed this.’ [Administrators] had to troubleshoot it themselves because there was no communication from Microsoft saying this was a problem,” said Guillet.

While the intent of Patch Tuesday is to protect systems from vulnerabilities, the recent spate of patching issues concerns some IT administrators.

“Everybody’s kind of come to terms with [monthly patching], but the expectation was that a patch isn’t going to break stuff,” said Guillet. “So if it’s going to start breaking things, now I need to worry about testing it and I don’t have time because the next patches are coming up next Tuesday.”

For Sale – MY17 MacBook Pro 15″ TB, i7 2.9, 16GB, 512GB SSD, Radeon Pro 560, Grey – As New – Warranty May 2020

Was hoping to wait for the new laptops to be released, but needed a new laptop at the time and it has now been replaced with the 6-core variant.

Device still in very good, practically new, condition… only 8 battery cycles.

Bought from John Lewis, warranty til 21st May 2020.

Spec:
15″ w/ Touch Bar
Intel Core i7 2.9GHz
16GB RAM
512GB SSD
Radeon Pro 560
Space Grey

Original box included.

Price £1850 including shipping. Receipt included.

[​IMG]foto_no_exif (2) by CosmicLogos, on Flickr

[​IMG]foto_no_exif (3) by CosmicLogos, on Flickr

[​IMG]foto_no_exif (4) by CosmicLogos, on Flickr

[​IMG]foto_no_exif (5) by CosmicLogos, on Flickr

Price and currency: £1850
Delivery: Delivery cost is included within my country
Payment method: BT
Location: Ongar, Essex
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – MY17 MacBook Pro 15″ TB, i7 2.9, 16GB, 512GB SSD, Radeon Pro 560, Grey – As New – Warranty May 2020

Was hoping to wait for the new laptops to be released, but needed a new laptop at the time and it has now been replaced with the 6-core variant.

Device still in very good, practically new, condition… only 8 battery cycles.

Bought from John Lewis, warranty til 21st May 2020.

Spec:
15″ w/ Touch Bar
Intel Core i7 2.9GHz
16GB RAM
512GB SSD
Radeon Pro 560
Space Grey

Original box included.

Price £1875 including shipping. Receipt included.

[​IMG]foto_no_exif (2) by CosmicLogos, on Flickr

[​IMG]foto_no_exif (3) by CosmicLogos, on Flickr

[​IMG]foto_no_exif (4) by CosmicLogos, on Flickr

[​IMG]foto_no_exif (5) by CosmicLogos, on Flickr

Price and currency: £1875
Delivery: Delivery cost is included within my country
Payment method: BT
Location: Ongar, Essex
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.