Microsoft Weekly - August 29 2021 recap

As the final full week of August comes to a close, we take a look back at the various bits of news that have surfaced, from the sea of gaming-related reveals, to the small but significant selection of security vulnerabilities. You’ll find info about those subjects and more below, in your Microsoft digest for the week of August 22 – 28.

Halo Infinite in December

Halo symbol on dark green squares

As is tradition at the end of August, gamescom took place this week, and thus a number of game announcements and related news tidbits were present. Microsoft of course chose to have its own showing, which revealed a number of first-party, Game Pass, and streaming-related things.

For one, Xbox Cloud Gaming (Project xCloud) is set to be made available for the Xbox One and Xbox Series families of consoles in Holiday 2021 – which holiday though, is up to Microsoft, and the solution will support 1080p 60FPS streaming. You’ll be able to differentiate between titles which do or do not support this feature via the small cloud icon, often placed directly onto the ‘Play’ button.

And as Cloud Gaming is part of Game Pass Ultimate, we’d be remiss not to mention the fact that Microsoft’s gaming sub is also gaining 10 Humble Games-published games when they launch. This being positioned as a partnership, means we could see more games arrive to the service in the future.

Speaking of the future, State of Decay 2 has crossed the 10 million player mark, with the developer announcing that the game’s Trumbull Valley will become a regular open-world region. This all is set to land September 1 as part of the game’s Homecoming update.

Sticking to the very same month, September 7 will be bringing World Update VI to Flight Simulator, with the Top Gun: Maverick free expansion landing November 19 (aligning with the release of the eponymous movie). Also in September, Minecraft Dungeons is set to dig its way to Steam, surfacing on September 22.

Moving onto October, the just-announced Wasteland 3: Cult of the Holy Detonation expansion is prepped to hit digital shelves – on October 5 -, followed by Age of Empires IV on October 28 (which just revealed its Holy Roman Empire and Rus civilizations).

In chronological order we then arrive at the month of November, with the 9th marking the release of Playground’s Forza Horizon 5, and the 15th seeing the launch of the special edition, Halo Infinite-themed Xbox Series X and Elite Series 2 Controller. The 15th also happens to be the 20th anniversary of Halo and the original Xbox (the Xbox one, not Xbox One).

As for the game after which the special edition is modeled, Halo Infinite was said to launch on December 8 according to a leak, a leak which was not long after officially confirmed during the gamescom presentation. Another notable launch, though not first-party, is Destiny 2: The Witch Queen expansion, landing February 22.

Loosely confirmed for sometime in the future is also Crusader Kings III. Pardox’s grand strategy will be hitting both the PlayStation 5 and the Xbox Series X|S…at one point, which I suspect depends entirely on how long it’ll take the developers to finish the game they’re currently playing. This may take a while, though hopefully not as long as Starfield, some of the major locations for which were revealed this week.

Of course, it’s not all about waiting for some nebulous time in the future to enjoy games as, for example, Double Fine’s excellent Psychonauts 2 is already available – you can check out our review here – as is the ability to grab Mayhem, a Borderlands-inspired ship in Sea of Thieves.

If the above aren’t quite your thing, there are Deals with Gold to browse for Destiny 2, Crysis Remastered and many more, as well as Warhammer: Chaosbane, Mulaka, Zone of the Enders HD Collection, and Samurai Shodown II to look forward to as September’s Games with Gold.

And as if that was not enough, a Halo Infinite dynamic theme has now been added as an option for Xbox Series X|S owners, and your Xbox 360 gamerpics are now going to be properly displayed for those of you who own an Xbox One or Xbox Series console.

Oh yeah, and the chunk of text above doesn’t quite cover all the Xbox announcements at gamescom. For those, take a trip to this link to find out more.

Tweaked support lists

Windows 11 logo dark grey on blue square background

The testing of Microsoft’s upcoming major version of Windows continues in the Beta and Dev channels, both of which got build 22000.168 on Friday. Beyond the usual array of known issues and fixes, the build introduces a couple of new features like expanded language support linked to the
Chat with Microsoft Teams feature, as well as a new Microsoft 365 widget, and small tweaks to the Store’s Library performance and general UI.

In case you’re not quite happy with the various bugs or potential crashes experienced as part of the Dev channel, even Microsoft itself has sent out a formal communication advising testers to move to the Beta channel. The company states that upcoming builds “may be less stable” and will not align with the version of the OS expected to be made available to the public later in 2021.

Speaking of availability, the firm has added the 7th-gen Core X and Xeon W series of processors from Intel – as well as the Core i7-7820HQ from the Surface Studio 2 – to its list of supported Windows 11 processors. The likely reason for this hodge-podge of official support has more to do with VBS (virtualization-based security), a feature that’s not present in unsupported CPUs.

Unfortunately, first-gen Ryzen processors from AMD did not make the cut, but if you really want to install this OS, Microsoft has left the door open for enthusiasts to use it on unsupported hardware. Be warned thought that you may not receive feature and security updates due to the hardware not being officially supported. As always, Microsoft takes another gold medal for clear and concise communication.

Lastly, if you don’t want to bother with the whole Insider Program testing, there’s Windows 11 in React, a browser-based simulation of Microsoft’s upcoming OS that you can try out. Though nowhere near as responsive as testing things on actual hardware or in a VM, it is nonetheless, an option.

Also an option would be for you to check out our Closer Look series, in which we focus on certain Windows 11 features. After Search, we’ve also moved the spotlight onto Widgets, as well as one of the more visible changes, the new Start menu.

Database chaos

Azure Cosmos DB logo on dark grey square background

Continuing with the rather unfortunate security news left and right, there’s a report from Upgard, a firm specializing in risk and attack surface management. According to it, due to folks using the default configs in Power Apps portals, 38 million customer records were exposed – across various companies – featuring everything from phone numbers to social security numbers.

This was due to these portals being configured by default to have APIs (and thus data related to them) publicly accessible. The issue even affected some of Microsoft’s own apps, according to Upgard.

Thankfully, Microsoft released an update in August to make APIs private by default. As with any kind of bad news, the flaw above was not the singular one to make headlines this week.

By way of security firm Wiz, a critical Azure Cosmos DB flaw was discovered, a flaw which makes use of a default configuration in Microsoft’s “planet-scale”, fully managed NoSQL database offering.

Dubbed ChaosDB – with a naming convention which follows in the footsteps of vulnerabilities like PrintNightmare -, the flaw makes use of Cosmos DB’s Jupyter Notebook integration. More specifically, the capability was introduced in 2019, and enabled by default for everybody in February of this year.

As a result of poor configuration of this feature, Wiz was able to trigger a privilege escalation which broke the notebook’s container, allowing the researchers to access Cosmos DB’s primary keys and the access token for the notebook’s blob storage. With this, the firm was able to gain admin access to all of the data hosted by the impacted accounts.

The vulnerability was discovered on August 9 and privately reported to Microsoft on August 12 – for which Wiz was awarded $40,000. Within 48 hours of the flaw being reported, Microsoft disabled Jupyter Notebook in Cosmos DB, as well as patched the vulnerability and informed its customers (including Fortune 500 companies) that it recommends rotating the private access keys.

According to the company, it has received no indication that any other external entity outside Wiz “had access to the primary read-write key”.

Dev channel

  • The final Edge Dev 94 build (94.0.992.1) is now out, adding a myriad of fixes and features.
  • Microsoft has fixed the bug causing in-place upgrade incompatibilities for Windows on ARM64 machines.
  • Support for Office Android apps on Chrome OS is set to be dropped by Microsoft next month.
  • The Surface Duo 2 has been spotted in benchmarks, sporting a Snapdragon 888 and 8GB of RAM.

Logging off

We wrap things up this week with an announcement about change – or rather, two announcements*.

Microsoft Logo symbol full color on dark grey square background

You’ve seen quite a bit of Windows and Surface chief Panos Panay, but this week he’s been in the news once more. Panay has gotten a promotion and is now part of the SLT which, contrary to first impressions no, is not some kind of sandwich like a BLT. Rather, it's the Senior Leadership Team.

These are the folks who form the advisory board for CEO Satya Nadella, amongst whom are also former CVP of Azure Scott Guthrie – now EVP of the Cloud and AI group – and the head of Xbox, Phil Spencer.

It will be interesting to see how the direction of the company changes now that Panay has a somewhat bigger say in the matter – otherwise he wouldn’t have been promoted to this position.

Missed any of the previous columns? Check them all out at this link.

Neowin Newsletter promo banner

If you’d like to get a daily digest of news from Neowin, we have a Newsletter you can sign up to either via the ‘Get our newsletter’ widget in the sidebar, or through this link.

*A final word from the author:

I alluded to not one, but in fact two changes, and the second one I wanted to keep separate from the content above.

This right here is my last ever Microsoft Weekly column, and indeed my last post – at least on the front page – on Neowin. Going forward, I’ll be handing the reins over to our very own Abhay Venkatesh, who will take the column in whichever direction he sees fit, be it in terms of tone, design, or anything else.

I don’t want this to be too lengthy, but I do want to give a great big thank you to everybody who I’ve had the pleasure of working alongside for the last four and a half years – you know who you are -, as well as to our readers for the varying types of feedback. 😋

Of course, a big thanks to Steve for the opportunity, the advice, and everything else in-between.

Abhay, over to you.