New Insider build
On Wednesday, May 15, the Windows Insider team released a new Fast Ring build. Apart from Task Manager now showing the disk type (SSD or HDD), build 18898 does not contain any notable changes or new features.
Insider Dev Tour 2019 dates & locations announced
The traditional post-Build international Insider Dev Tour 2019 schedule and its list of host cities was announced this week. Quoting from the official Windows blog:
Each year after Microsoft Build, we run a world-wide developer event to bring all the latest Microsoft 365 technology to you, in person.
Through the collaboration between the MVP (Most Valuable Professionals) and RD (Regional Directors) communities, Dev Collective, Windows, Office, Developer Tools, and the Insider Team, we’ve expanded the content this year to bring you even more developer awesomeness. More code. More demos. More useful knowledge.
Check the dates and locations, and register to attend one close to you: Insider Dev tour 2019
Azure AD finally allows longer than 16 character password
To bring it finally to par with on-premises AD, Azure Active Directory now allows passwords of up to 256 characters, including spaces. The earlier 16 character no spaces rule has received some criticism, with IT admins strenuously requesting the limited-length policy to be changed.
On Tuesday, Microsoft announced that Azure AD now allows passwords of up to 256 characters, and that passwords can now contain spaces.
Intel Discloses Another Serious Chip-Level Vulnerability
On May 14, Intel published a support bulletin entitled Side Channel Vulnerability Microarchitectural Data Sampling. Win10.guru’s Ed Tittel sais in his post on this topic that:
According to many security experts and Windows watchers, the MDS vulnerabiliites are more serious than either Spectre or Meltdown.
Microsoft releases security patch for XP and Server 2003
Setting a new record, Microsoft released a security patch for a legacy operating system fully five years after its end of life date. Windows XP and Server 2003 received a security patch this week to protect them from a serious vulnerability:
Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.
Read more in a post on the official Microsoft blog: Prevent a worm by updating Remote Desktop Services (CVE-2019-0708).
If you are still using XP or Server 2003, note that these patches must be manually downloaded and installed. They will not be offered through Windows Update.
That’s it this week.
Author: Kari Finn
A former Windows Insider MVP, Kari started in computing in the mid 80’s writing code for VAX / VMS systems. Since then, he’s worked in a variety of IT positions. He specializes in Windows image capture, customization, repair and deployment as well as Hyper-V virtualization. Kari is a proud Team Member at number #1 Windows site TenForums.com.