It’s not a simultaneous release but Microsoft recently rolled out the mobile version of Windows 10 build 14342. The new build comes to Windows Insiders on the Fast ring less than a week after a similarly numbered build rolled out to Insiders’ PCs.
Build 14342 for mobile isn’t all that different from the PC release we looked at last week. At the top of the change list is the death of Wi-Fi Sense. Microsoft removed the feature from mobile builds just as it did earlier with PCs. Anyone running the stable version of Windows 10 Mobile can expect to lose the Wi-Fi password sharing feature once the Anniversary Update rolls out this summer. Wi-Fi Sense will still offer to connect you to open Wi-Fi hotspots near you, however.
Windows 10 users who haven’t got enough OneDrive in their lives now have three ways to access Microsoft's cloud storage service from their PCs. Late Monday night, the company released its OneDrive universal Windows platform (UWP) app for Windows 10 PCs and the Surface Hub.
The OneDrive Windows Store app for Windows 10 doesn’t look all that different from the Windows 8 version that many of us ignored back in the “dark days.” Now that Windows Store apps can operate in windowed mode instead of full screen-only, some traditional PC users might actually want to access OneDrive this way.
It seems there's a major hole in the core Symantec antivirus engine which is used across the company's main security products including the Norton range, although the firm has (unsurprisingly) moved quickly to address this issue.
The flaw was discovered by renowned white hat security expert Tavis Ormandy (who is part of Google's Project Zero team), with the AV engine being susceptible to a crafted and malformed portable-executable (PE) header file, capable of causing a buffer overflow.
Such a file could potentially be delivered via an email attachment or a malicious website, and successful exploitation will result in a Blue Screen of Death system crash.
As bad as it gets
On OS X and Linux machines, the attacker can gain root access via a remote heap overflow, and as for Microsoft's operating system, Ormandy notes: "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability – this is about as bad as it can possibly get."
As mentioned, Symantec has been quick to react, with software already being patched via LiveUpdate. If LiveUpdate has run recently on your machine(s), you should have the fix.
If you're not sure whether your security product has been updated, then you can manually fire up LiveUpdate to download the patched engine. Simply navigate to LiveUpdate in the interface, and run it until all available updates are installed.
Make sure you're covered, though, as this is a nasty little glitch.
Ormandy has been responsible for finding a number of vulnerabilities across all manner of security products, including the likes of Trend Micro, Sophos and Malwarebytes.
Via: The Register