Sorry for the lack of posts in the last week, I have been busy looking for a new location and working on the new TorroXtra website.
Microsoft pushes Emergency Patch for Zero-Day Internet Explorer Flaw
It’s time to immediately patch your Internet Explorer – Once again!
Microsoft has issued an emergency out-of-band patch for all supported versions of Internet Explorer browser, to fix a critical security flaw that hackers are actively exploiting to hijack control of targeted computers.
The Zero-Day flaw (assigned CVE-2015-2502) is a Remote Code Execution vulnerability that could be exploited when a user visits a booby-trapped website or open a malicious email on an affected machine.
The security bug actually resides in the way Internet Explorer handles objects in memory. If successfully exploited, a hacker could gain the same user privileges as the current user. Users and administrators are advised to install the patch, that has been issued as a Windows update, as soon as possible.
Windows 10 Doesn’t Stop Spying You, Even After Disabling It’s Creepy Features
In our previous articles, we raised concern about Windows 10 privacy issues, including its controversial Wi-Fi Sense feature. Also, to cope up with these issues, I provided you a one-click solution to fix all privacy compromising features that allow Microsoft to track users.
But unfortunately, all those efforts got wasted because Microsoft still tracks you, even after you harden your Windows 10 privacy to an extreme level by disabling all privacy-infringing settings.
This time the culprits are – Cortana and Bing search.
Windows 10 features, including Cortana and Bing search, continue communicating with Microsoft’s servers and sending it data, even after you turned the features off.
Cortana is Cheating on You
With Cortana and searching the Web from the Start menu turned off, a request to http://www.bing.com is still made for a file called threshold.appcache that contains some Cortana information, whenever a user opens Start and start typing.
The operating system’s voice assistant Cortana sends information containing user’s identifying computer ID that persists across reboots. This allows Microsoft to distinguish between the Cortana requests from different computers.
The worrisome part is that Cortana sends this data even though she is disabled.
Windows 10 Sends your Data via Unencrypted Channel
Moreover, it also appears that Microsoft keeps on sending data to its servers via its Live Tiles in the Start menu. Even if users clear all the Tiles, Windows 10 re-install new tile info from Microsoft.
However, Windows 10 do so using unencrypted HTTP connections, potentially leaving users open to malicious actors who could intercept the traffic between users and the company, which is more troublesome.
In response to the latest report, Microsoft said that all communications between a Windows 10 machine and Microsoft are only to make the retrieval of updates easier.
“As part of delivering Windows 10 as a service, updates may be offered to provide ongoing new features to Bing searches, such as new visual layouts, styles and search code,” Microsoft said.
Microsoft further added that “no query or search usage data” is sent to the company, in accordance with the user’s selected privacy settings, and the same applied to searching offline for apps, files and settings on the device.
Copied from: Swati Khandelwal
Senior Technical Writer at Hacker News. Social Media Lover and Gadgets Girl. Speaker, Cyber Security Expert and Technical Writer.