The week brought everything from Ignite news aplenty – as expected – to a rather serious set of Exchange on-prem vulnerabilities, and the usual Windows Insider builds. You can find info about that, as well as much more below, in your Microsoft digest for the week of February 28 – March 6.
An unfortunate Exchange
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, otherwise known as the set of vulnerabilities in Exchange on-premises servers that were used by state-sponsored Chinese hacking group HAFNIUM in its attacks this week (and the days prior).
While news of the exploits started circulating at the beginning of the year, the vulnerability chaining did not happen until earlier this week. Microsoft has outlined a number of Indicators of Compromise (or IOCs), along with pushing out out-of-band patches for all affected Exchange on-prem servers – versions 2013 through to 2019. The company has urged admins to apply those patches as soon as possible, as the vulnerabilities are actively being exploited via the use of web shells.
It is alleged by KerbsOnSecurity that as many as 30,000 U.S. organizations are affected by these newly discovered vulnerabilities, and that the number may be far greater than that worldwide. It’s unclear whether this attack was made possible as a result of the Solorigate security event that unfolded earlier this year.
Ignite in the spring
As previously announced, on March 2, Microsoft kicked off the second part of its Ignite conference. At the virtual event, the company took the wraps off a number of solutions ranging from the consumer to the enterprise sectors, from previews to services and products now entering general availability.
For one, there’s a new service called Intelligent Order Management, due to be integrated in the company’s enterprise resource planning (or ERP) platform, Dynamics 365. There’s also integration with Teams to look forward to, as well as the advent of a new low-code language for Power BI dubbed Power Fx.
Remaining in the management sphere, there’s now RBAC (role-based access control) support in Azure Machine Learning, updates to Cloud for Healthcare and new industry clouds, compute and storage updates for mission-critical apps in Azure, and more.
The company also took to the virtual stage to highlight a number of Azure and Microsoft 365 security solutions – ranging from Azure Sentinel to Azure Firewall and Secured-core – either in GA or preview, along with data loss prevention and compliance solutions previews, and new certifications for compliance and Windows Virtual Desktop. The firm also highlighted Zero Trust updates and other identity solution upgrades as part of the virtual event.
It's worth also mentioning that the firm is opening a new datacenter region in China, has put out Visual Studio 2019 version 16.9 – as well as adding Apple Silicon Mac support in VS Code -, as well as a preview version of Windows Server 2022 with the same Secured-core enhancements it added in Azure. On a somewhat related note to the latter, Windows Admin Center version 2103 is now available with automatic update support, and tons of other features.
Switching to productivity, Outlook now has a more free-form view for its calendar section, Universal Print has been made available to all Microsoft 365 customers, there are new modules available for the company’s Viva Employee Experience Platform (EXP), and Teams now has PowerPoint Live support that’s GA, more Teams Rooms features, and up to 1,000-person webinar support for the education sector.
Lastly, we’ll highlight the fact that Microsoft has announced a bunch of new mixed reality services that can be used with the HoloLens 2, along with the Azure-powered mixed reality platform, Microsoft Mesh.
The latter, while continuing the company’s “tradition” of terrible naming schemes – no, this has nothing to do with Windows Live Mesh -, is more of an extension to its original vision presented with the unveiling of the HoloLens v1.
It essentially allows folks to be present in the same virtual environment and use the perks of said environment in the discussion and prototyping of various products, ideas, and concepts. In other words, kind of similar to Together mode in Teams, but with holograms and virtual avatars.
It wouldn’t be a weekly Microsoft column without talking at least a little bit about Windows.
As such, we’ve seen the company push out 21H1 to all Beta channel users as a “recommended update”. Following in the footsteps of some of its predecessors, 21H1 is an enablement package, meaning it acts like a switch to enable features already present in the code.
The company has also pushed out build 21327 to the Dev channel, complete with a number of News and Interest improvements, as well as the usual array of bug fixes. Though not in this particular build, the firm has also fixed a weird drive bug whereby upon navigating to a specific location via CMD, the user would be presented with a “The file or directory is corrupted and unreadable” message triggering a restart prompt and subsequent running of the check disk (chkdsk) utility.
In other, not quite as surprising news, the Surface Hub Windows 10 Team rollout has experienced yet another delay, and Chief Product Officer Panos Panay is pumped for the “next generation of Windows”. Then again, I don’t think there’s been a time when Panay wasn’t pumped, so that isn’t saying much. I guess we’ll need to see Sun Valley with our own eyes later this year to see what the excitement is all about.
- The new Extensions menu is available to Insiders in the Canary and Dev channels, with the Dev build 90.0.810.1 adding vertical tab improvements, Bing search and sleeping tabs – as well as vertical tabs – in Edge 89 (stable). In addition, the company is also testing a built-in Math Solver, improvements to the PDF reader, and an eventual unification of the Edge codebase on all platforms.
- A new job listing points to 5G and better camera in the next Surface Duo, one of the brains behind the Lumia PureView tech has joined the Surface team, the Surface Laptop 1 and 2 have gotten new firmware and driver updates, and our very own Rich Woods has reviewed the Surface Pro 7+.
- Windows Terminal Preview 1.7 adds UI improvements, PowerToys 0.33.1 is now out featuring a new first load experience, Microsoft Lists will soon get custom template support, Outlook is getting support for more accounts on the Mac, and new poll features are coming to Teams. Additionally, runtime inspection of XLM macros is now supported in Excel, as is version history in Excel on the web, while the OneDrive roadmap updates include dark mode on the web, and Microsoft is shuttering its UserVoice forms.
To log off, we’ll take a look at some gaming deals and freebies.
First off, there are the ever-present Deals with Gold, which allow folks who are subscribed to Xbox Live Gold to get even steeper discounts on a number of games. Among those on offer this time are Alien: Isolation – The Collection, Far Cry 2, Need For Speed, Rayman 3 HD, and more.
And if those aren’t quite your cup of tea, there’s always Metal Slug 3 and Warface: Breakout to claim at no additional cost for Live Gold members. Dandara: Trials of Fear Edition, from the previous Games with Gold promotion, is still up for grabs as well.
Missed any of the previous columns? Be sure to have a look right here.