Microsoft has rolled out a patch that will warn Windows 7 users that security updates will soon come to an end.
The patch rolled out Wednesday warning users of the impending deadline, January 14, 2020, when the software giant will no longer roll out fixes for security flaws and vulnerabilities. The deadline comes some 10 years after Windows 7 first debuted in 2009, more than half a decade before Microsoft’s most recent operating system Windows 10 was introduced.
Microsoft’s move to stop issuing security updates is part of the company’s ongoing effort to push users to its latest software, which stands on a greater security foundation and improvements to mitigate attacks.
Starting April 18, users on Windows 7 will begin receiving warnings about the approaching cut-off.
Windows 7 still commands some 40 percent of the desktop market, according to Net Applications. With exactly 300 days before the deadline, the clock is ticking on consumer security support.
For years, Microsoft allowed Windows 7 users to upgrade to Windows 10 for free to try to encourage growth and upgrades. With those incentives gone, many only have the lack of security updates to look ahead to, which will put business data and systems at risk of cyber attack.
Did you know Alexa records everything you say? Here’s how to delete it all
Voice assistants like Alexa may be incredibly popular, but they’re also new technology, and they’re raising a few big questions. One of those questions is just how voice commands and related conversations are processed and stored. Alexa devices, for example, store recordings of your history of commands or Alexa-related discussion that it picks up on. This data is held in Amazon cloud services and doesn’t just go away on its own.
That makes some people pretty uncomfortable, especially those who are sensitive about their privacy or worried how these recordings may be used. The good news is that you can delete your history of Alexa recordings whenever you want to. Here’s how to do it.
STEP 1: OPEN THE ALEXA APP
Navigate to the Alexa app you use to control your Alexa device. It’s probably on a mobile device you have, and the icon is a light blue with a white circle. Open up the app, and sign in using your Amazon account password if necessary. If you’ve never used your Alexa app before, or if it’s been a very long time since you’ve used it, Alexa may run you through a quick setup procedure first. This only takes about a minute or so to get through.
When you arrive at the home screen, look in the upper left-hand corner and select the icon that looks like dashed lines, or the main menu. Look down to the bottom of the menu and select the option that says Settings.
From here, look at the top of the new menu and select Alexa Account. This will take you to yet another menu. At the bottom you should see an option that says Alexa Privacy. Select this to begin.
STEP 2: SORT AND GO THROUGH YOUR RECENT ALEXA HISTORY
The Alexa Privacy section will give you several different options for reviewing the sensitive information that Alexa has collected. You may want to spend some time here. But for this particular task, you will want to go to Review Voice History. This will open a new screen with all your recorded Alexa conversations.
At the top of the screen, you will see an option to change the Date Range. You can choose options for seeing today’s commands, yesterday’s, and so on, all the way to viewing your entire history. If you really want to weed through all your recordings, you need to choose All History. This will display all your conversations with Alexa when they occurred, and on what device.
STEP 3: DELETE YOUR HISTORY AS YOU WISH
As you view your recordings, you will notice that some have the text of your conversations, like, “Alexa, is it gonna snow today?” but that other recordings say, “Text not available – audio was not intended for Alexa.” These recordings happen when Alexa is still listening for a second after answering your question (it’s caught me mocking it before), or if nearby conversations sounds like someone said “Alexa” but the voice assistant determines that no one was really talking to it. You can click on these recordings to play them and see what they are if you are curious.
To the left of each recording, you will see a checkbox. Select the checkbox of every recording that you want to delete. Then go up top and choose Delete Selected Recordings to remove them all.
STEP 4: DELETE YOUR WHOLE HISTORY AT ONCE IF YOU NEED TO
If you don’t want to take the time to review all your recordings, or don’t really care what they say, you can also delete them all without looking. Simply look at the top of the Review Voice History menu and select Delete All Recordings for All History.
You can also delete your entire history from your computer without going to the Alexa app. Simply go to Amazon’s Manage Your Content and Devices site, and make sure that you are in the Devices tab. Here you will see all the devices connect to this Amazon account. Select an Alexa device, and then look below the name of the device to see an option that says Delete Voice Recordings. Select this, and Amazon will pop up a quick warning screen. Select Delete, and you should get a message that says Your deletion request was received. All done!
FINAL NOTE ON DELETING ALEXA RECORDINGS
Deleting Alexa recordings is an important part of your privacy, and Alexa recordings have made their way into prosecution cases before, although there’s not a lot of precedence for this sort of thing so far. We understand if you don’t want your recordings existing out there in the cloud. However, there is an important caveat to deleting your messages: Alexa uses your recordings to help improve the accuracy of its listening functions. In other words, the more you talk to Alexa, the smarter it becomes at recognizing your voice and understanding what you’re saying. When you delete all your recordings, you’re getting rid of Alexa’s “memory” of your voice, so Alexa may have more trouble recognizing your commands. It’s a small price to pay, but worth noting. You can always build the recognition back up again with new voice commands.
Earlier this week Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. That was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, was being used together with the Chrome exploit to take over Windows systems. Google is now urging all Windows 7 users to upgrade to Windows 10, as well as make sure their Chrome browser is up to date, to escape the attention of the combined threat.
The Windows zero-day is a local privilege escalation in the win32k.sys kernel driver that allows it to escape the security sandbox. The vulnerability can be used to elevate system privileges by an attacker who might then be able to execute remote malicious code. “The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances” Clement Lecigne said, adding “we strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.”
The Google Threat Analysis Group disclosed the zero-day to Microsoft who have said they are working on a fix but, as of yet, there is no indication of how long this might take. Currently, the status of this vulnerability has to remain as a critical and unpatched one. For this reason, Google is advising users of Windows 7 should upgrade to Windows 10 and apply patches from Microsoft as soon as they become available. “Not all vulnerabilities are created equal, and many, if considered on their own, are not cause for undue concern,” says Jim O’Gorman, president of Offensive Security, who continues “if they were flagged by the organization’s security solution, they likely would not have been prioritized in patching. It’s when a group of seemingly minor flaws are chained together that they can be used to devastating effect.”
I report and analyse breaking cybersecurity and privacy storiesGoogle Chrome’s security lead and engineering director, Justin Schuh, has warned that users of the most popular web browser should update “like right this minute.” Why the urgency? Simply put, there is a zero-day vulnerability for Chrome that the Google Threat Analysis Group has determined is being actively exploited in the wild. What does that all mean? Well, a vulnerability is just a bug or flaw in the code and while they all need to be fixed, not all of them either can be or are being exploited. A zero-day vulnerability is one that threat actors have managed to create an exploit for, a way of doing bad things to your device or data before the good guys even knew the vulnerability existed. In other words, they have zero days in which to issue a fix. The bad news for users of Google Chrome is that this particular zero-day vulnerability, CVE-2019-5786, is already being exploited by the bad guys. Which is why it’s so important to make sure your browser has been updated to the latest patched version that fixes the vulnerability.
The problem explained
Although information regarding CVE-2019-5786 remains scarce currently, Satnam Narang, a senior research engineer at Tenable, says it is a “Use-After-Free (UAF) vulnerability in FileReader, an application programming interface (API) included in browsers to allow web applications to read the contents of files stored on a user’s computer.” Some further digging by Catalin Cimpanu over at ZDNet suggests that there are malicious PDF files in the wild that are being used to exploit this vulnerability. “The PDF documents would contact a remote domain with information on the users’ device –such as IP address, OS version, Chrome version, and the path of the PDF file on the user’s computer,” Cimpanu says. These could just be used for tracking purposes, but there is also the potential for more malicious behavior. The ‘use-after-free’ vulnerability is a memory corruption flaw that carries the risk of escalated privileges on a machine where a threat actor has modified data in memory through exploiting it. That’s why Google has issued the urgent update warning, as the potential is there for exploits to be crafted that could enable an attacker to remotely run arbitrary code (a remote code execution attack) whilst escaping the browser’s built-in sandbox protection.
What to do next
Luckily this is an easy problem to fix, just make sure you do it as soon as you’ve finished reading this! First, head over to the drop-down menu in Chrome (you’ll find it at the far right of the toolbar – click on the three stacked dots) and select Help|About Google Chrome. You could also type chrome://settings/help in the address bar if you prefer, which takes you to the same dialog box. This will tell you if you have the current version running or if there is an update available. To be safe from this zero-day exploit, make sure that it says you are running version 72.0.3626.121 (Official Build). If not, then Chrome should go and fetch the latest version and update your browser for you automatically.
Travis Biehn, technical strategist and research lead at Synopsys, said “Google Chrome is some of the most robustly engineered C and C++ code on the planet, the security teams working on Chrome are world-class. Despite Google’s security program, and despite their active collaboration with leading security researchers through generous bug bounty programs, it still suffers from memory corruption attacks related to the use of C and C++. Luckily for the public, Chrome ships with an effective mechanism for update and patching – one that can get a critical fix out to end users in real time.”
Normally updates happen in the background when you close and reopen your computer’s browser. But if you haven’t closed your browser in a while, you might see a pending update:
On your computer, open Chrome.
At the top right, look at More .
If an update is pending, the icon will be colored:
Green: An update’s been available for 2 days.
Orange: An update’s been available for 4 days.
Red: An update’s been available for 7 days.
To update Google Chrome:
On your computer, open Chrome.
At the top right, click More .
Click Update Google Chrome. If you don’t see this button, you’re on the latest version.
The browser saves your opened tabs and windows and reopens them automatically when it restarts. If you’d prefer not to restart right away, click Not now. The next time you restart your browser, the update will be applied.