Microsoft has changed Windows As A Service and this was explained in a blog post by Michael Niehaus. As we announced back in April, Microsoft is aligning our servicing models with twice-per-year feature update releases targeting March and September, and 18-month servicing timelines for each release.  While the first fully-aligned release will occur later this year with the Windows 10 Fall Creators Update release and a corresponding Office 365 ProPlus release, we got a head start with the Windows 10 1703 release (a.k.a. Creators Update):  It marks the first of our semi-annual releases, each of which will be serviced for 18 months. As part of the alignment with Windows 10 and Office 365 ProPlus, we are also adopting common terminology to make it as easy as possible to understand the servicing process.  The two most important terms to understand: Semi-Annual Channel. These are the twice-per-year feature update releases, targeting March and September, designed for the broad population of general-purpose PCs used throughout organizations.  Each of these releases will be serviced for 18 months from the date of release.  (The Semi-Annual Channel replaces the Current Branch [CB] and Current Branch for Business [CBB] concepts.) Long-Term Servicing Channel. These are less frequent releases, expected every 2-3 years (with the next one expected in 2019), designed for special-purpose PCs such as those used in point-of-sale systems or controlling factory or medical equipment.  Each of these releases will be serviced for 10 years from the date of release.  (The Long-Term Servicing Channel replaces the Long-Term Servicing Branch [LTSB].) With each Semi-Annual Channel release, we begin deploying right away to targeted consumer devices and gradually ramp up to full deployment based on the telemetry that we receive.  As John Cable discussed on the Windows Experience blog, we recommend that enterprises follow the same approach. Start with targeted deployments to validate that apps, devices and infrastructure used by the organization works well with the new release.  When that validation is complete, begin broadly deploying. Windows 10 1703 is ready for that broad deployment, based on feedback that we’ve received from organizations, ISVs, partners, OEMs, and consumers that have already done it.  As a convenience to help organizations that haven’t yet begun this broad deployment, we are updating the Windows 10 1703 packages and ISOs on the Volume License Servicing Center, MSDN, Windows Update, Windows Update for Business, and Windows Server Update Services, integrating the July cumulative update into the original Windows 10 1703 packages. For more information on the common terminology, see the as well as the corresponding Office 365 ProPlus servicing guidance.  Today we have also made available a new Microsoft Mechanics video to help explain the servicing process: And here's the video explaining the changes:  

Microsoft is excited to release Windows 10 Insider Preview Build 16251 for PC to Windows Insiders in the Fast ring! The same build will be available for Insiders who opted in to Skip Ahead. We are also releasing Windows 10 Mobile Insider Preview Build 15235 to Insiders in the Fast ring. We won’t have a new Windows Server Insider Preview build for Windows Insiders this week. What’s New in Build 16251 For PC Windows lets you link your phone and PC You may remember at Build Microsoft talked about PCs and phones working better together. With Build 16251, they are introducing the first set of features that enable “linking” your phone to your PC. This build’s scenario is focused on cross-device web-browsing. Today, we’re asking for you Windows Insiders to help us test this experience out using your Android phones.  Support for iPhone is coming very soon, stay tuned. To get started, after installing today’s new build on your PC, go to Settings > Phone and link your phone. Having you link your phone ensures that your sessions from your phone are continued only on to the PC that you’ve chosen. After adding your phone to be linked, you will receive an SMS from us directing you to install a test application called “Microsoft Apps” for Android that completes the link between your phone and PC and enables one of our first cross device browsing scenarios. After you’ve linked your phone, just go to your phone and start browsing the web. When you are at a website you want to view on your PC, simply invoke the native share experience on your phone and share the website to the “Continue on PC” option. You might need to click the “…” or more to add this test app to your share menu.  Once invoked, it will first ask you to sign in with your Microsoft Account.  It is important you use the same account you are using on your PC.  Next it will ask you if you want to “Continue now” or “Continue later”. If you choose “Continue now”, the website will magically open on the linked PC.  If you choose to “Continue later”, the website will show up under Action Center for you to get to later when you’re ready. Try it out and let us to know of any issues you run into! read the full announcement here > https://blogs.windows.com/windowsexperience/2017/07/26/announcing-windows-10-insider-preview-build-16251-pc-build-15235-mobile/  

The return of EternalBlue On June 27th 2017, another RansomWare attack took hold targeting the same eternal blue (SMBv1) vulnerabilities as WannaCry before it. This attack however doesn't reach out to the internet like WannaCry did, it's an internal network attack. However, this attack seems to have deliberately targeted businesses in Ukraine, and as the email address used for encryption keys was disabled almost immediately, there's no point in anyone paying ransom if their files are encrypted as they'd never get a reply (with the decryption info). Patch Patch Patch If you haven't done it already (and if you have not, why not especially after WannaCry), head over to this Technet link and apply the patches, do it. Stopping the damage That said, a security researcher found a way of stopping the ransomware from encrypting machines affected by placing a read-only file called Perfc in the Windows directory, eg: C:\Windows\Perfc The presence of that file will be enough to stop the contents of the hard disc from being encrypted by this malware, however the reason this malware spread in the first place is down to vulnerabilities (unpatched) in the operating system. Those vulnerabilities include two from the leaked NSA exploits, so if you've patched your operating systems against those known vulnerabilities you should be safe. Protection against this new ransomware attack Microsoft have advised the following to keep you protected against this (and similar) RansomWare attacks: "We recommend customers that have not yet installed security update MS17-010 to do so as soon as possible. Until you can apply the patch, we also recommend two possible workarounds to reduce the attack surface: Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 and as recommended previously Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445 As the threat targets ports 139 and 445, you customers can block any traffic on those ports to prevent propagation either into or out of machines in the network. You can also disable remote WMI and file sharing. These may have large impacts on the capability of your network, but may be suggested for a very short time period while you assess the impact and apply definition updates. Windows Defender Antivirus detects this threat as Ransom:Win32/Petya as of the 1.247.197.0 update. Windows Defender Antivirus uses cloud-based protection, helping to protect you from the latest threats. For enterprises, use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running. Monitor networks with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities. Download this playbook to see how you can leverage Windows Defender ATP to detect, investigate, and mitigate ransomware in networks: Windows Defender Advanced Threat Protection – Ransomware response playbook." Recommended Reading https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?utm_campaign=windows-noob.com https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/ https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/ https://www.binarydefense.com/petya-ransomware-without-fluff/ http://blog.coretech.dk/swo/petya-ransomware-the-attack-method-and-preventing-it/ https://azure.microsoft.com/en-us/blog/petya-ransomware-prevention-detection-in-azure-security-center/ https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/ http://blog.uk.fujitsu.com/information-security/petya-medoc-and-the-delivery-of-malicious-software/#.WVeKWCmxXD4 https://www.1e.com/blogs/2017/06/30/stop-future-petya-attacks/?utm_content=56869130&utm_medium=social&utm_source=windows-noob.com

Microsoft issued a “highly unusual” patch for Windows XP last month to help prevent the spread of the massive WannaCry malware. At least 75,000 computers in 99 countries were affected by the malware which encrypts a computer and demands a $300 ransom before unlocking it. Microsoft stopped supporting Windows XP in April 2014, but the software giant is now taking the unprecedented move of including it in the company’s Patch Tuesday round of security updates today. “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” says Adrienne Hall, general manager of crisis management at Microsoft. “To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.”   read the story @ TheVerge

Ransomware has been around for a few years now but up until yesterday, it wasn't that well known about. This latest RansomWare called WannaCry has changed that for ever. Ransomware encrypted data on at least 75,000 systems in 99 countries on Friday. Payments were demanded for access to be restored. European countries, including Russia, were among the worst hit. Companies around Europe were hit and investigations are underway to see who was responsible. This was such a big attack that Microsoft released patches for unsupported operating systems (such as Windows XP) to allow those businesses still running them, a chance to protect themselves. Guidance available In addition to making patches available, Microsoft has published guidance to explain what is necessary in protecting yourself against this Ransomware and any others based on the same vulnerabilities (SMBv1). These vulnerabilities were patched by Microsoft in March of this year, but of course there were no patches (at that time) for unsupported operating systems such as Windows XP. Download Patches for unsupported Operating Systems To patch your unsupported operating systems, get over to this url and download the available patches. WannaCry has multiple vectors, but you should remove one vector, SMBv1. Do as follows 1. Block 445 inbound 2. Install MS17-010 3. Remove SMB1