Five Microsoft Technologies to look out for in 2021

While making predictions in this environment is difficult, there is a list of five Microsoft technologies that could impact Microsoft’s business customer base in 2021.

 

 

Predictions this year seem to be more unreliable than usual. As shown by the year 2020, attempting to predict what any more do not make sense. But these five may have the greatest potential impact on business users in 2021.

 

  1. MetaOS for mobile masses:

 

Microsoft has an evolving strategy and baseline in the Microsoft 365 cloud space that is somewhat better known internally than externally. This initiative is known as “Meta OS” (and also sometimes as “Taos”). Metaos is conceived as a single mobile platform that provides a consistent set of services for work and entertainment on all devices. It is not an OS, unlike Windows, but it consists of a number of layers or layers, including the Office substrate and Microsoft Graph, as well as the application model, which includes the work that Microsoft does with the Fluid Framework (its fast collaborative editing and object embedding technology); Power Apps development tools and Visual Studio.

In 2021, we will learn more about how Microsoft views applications as a set of products and services for a single task (for example, Planner, Stream, Tasks, Lists, Files, Whiteboard, Notes). Fluid Framework plays a big role here. This strategy and its implementation can have serious implications for developers, consumers, and first-level employees.

 

  1. Universal Search: new information at your fingertips

 

Microsoft founder Bill Gates sought to give users the ability to get information, rather than search for it. His keynote address at Comdex 1990 was even titled ” Information at Your Fingertips.” Decades later, Microsoft is finally getting closer to bringing this idea to life with its universal search technology.

 

From 2018 to 2020, Microsoft teams created elements for unified search in Windows, Edge, and existing Office applications. Microsoft Search is the company’s unified intranet search offering, which should exist alongside Bing, Microsoft’s web search technology. Microsoft Search and the basic Microsoft Graph API are designed to help understand users ‘ working lives (documents, objects, people they regularly work with, etc.). According to officials, Bing’s main goal is to provide an understanding of the world outside the organization, with the extraction of abbreviations and entities, the understanding of machine reading, computer vision and other tools and technologies.

 

In 2021, Microsoft will actively look for ways to encourage more users to “enable” single search and use it to get results wherever they are-in the Office app, in the new Edge browser, or even inside Bing. Unified search works perfectly with Project Cortex, Microsoft’s knowledge management technologies. And, just like in metaos, single search is focused on people and is not tied to any particular device.

  1. The “Smart Frontier”: More than just the Internet of Things

 

Microsoft was the first major cloud service provider to adopt hybrid solutions. While some officials have called PCs and servers examples of” smart peripherals, ” Microsoft’s adoption of this definition is likely to become more prominent in 2021 and beyond.

 

When many people think of “peripheral” devices, they immediately think of Internet of Things (IoT) products. But over the past couple of years, Microsoft has expanded its portfolio of peripherals. Secure PCs such as Azure Stack Edge Pro and Pro R are peripherals. Any device with built-in AI processing capabilities qualifies as an intelligent peripheral device. Even the recently announced Azure modular data centers – data centers inside shipping containers that can operate without an internet connection, connect periodically and / or continuously via satellite – are also peripherals.

Microsoft has yet to announce its competitor AWS Outposts, codenamed Fiji. It is expected that this could be a 2021 announcement. It is designed to provide users with the ability to run Azure as an on-premises cloud, managed by public Azure and provided as server racks provided by Microsoft directly to users. Fiji is also part of Microsoft’s smart device family.

 

  1. Cloud PCs-Desktop virtualization at a fixed rate:

 

Microsoft is expected to announce its “Cloud PC as a Service” offering in the spring of 2021. The cloud PC, codenamed Deschutes, is built on top of the existing Windows Virtual Desktop service. But, unlike WVD, Cloud PC will be a fixed-rate service on a subscription basis, not on a consumption price.

A cloud PC will be an option for customers who want to use their own Windows PCs made by Microsoft and / or other PC manufacturers, mostly as thin clients, with Windows, Office, and possibly other software virtually delivered by Microsoft. It could debut alongside Windows 10X, giving the first group of 10X users a way to run their existing Win32 applications (as the first version of 10X will not include support for the Win32 container, our sources say).

Depending on how different cloud PC plans are priced, this service has the potential to become a strong member of the Microsoft 365 / commercial cloud stable service package.

 

  1. Windows 10X – Another test for Chromebook Compete:

 

In 2021, Microsoft Device Director Panos Panay and his team hope to prove that the company has decided to invest more in improving Windows. Through various efforts, including the launch of Windows 10X, a new version of Windows 10 that should be simpler and better in every way.

 

Microsoft’s original plan was for 10X to debut as an OS for dual-screen and foldable Windows devices. The new post-COVID plan calls for 10X to debut on new single-screen PCs, including clamshell laptops and 2-in-1s, among other form factors. Microsoft officials have publicly denied that the 10X is the company’s latest attempt to compete with the Chromebook, but sources say it’s definitely the best place for 10X devices. Their initial target markets include education and rank-and-file workers – the same customer groups that Microsoft focused on with Windows 10 in S Mode (and which officials also declined to publicly state was an attempt to compete with Chromebooks).

 

Microsoft officials have not made 10X available to external Windows Insider testers. Word is 10X will only be available on brand new (not existing) PCs, and shipments to these devices may begin this spring. Windows 10X is expected to run on Intel-based PCs at launch, but Microsoft is testing 10X internally on Arm devices, sources say, so it’s possible it will also be available on new Arm-based devices at some point in the future.

Amazon: New cloudshell provides command-line access to AWS from the browser

AWS presents its response to the command-line interfaces of Google and Microsoft browsers for accessing cloud resources.

 

Amazon Web Services launched cloudshell, a browser-based shell for command-line access to run scripts and access various AWS resources.

The Developer Web shell is designed for developers who prefer to work in a browser and want to have a command line to access AWS tools.

According to AWS , CloudShell works on Amazon Linux and pre-installed 2 General command line interfaces, AWS, and the execution environments and the AWS SDK for programming languages Python and Node.js.

There are also popular command-line utilities to shells, such as Bash, PowerShell, Zsh, editors, version control system Git and package management – npm / Java pip / Python.

cloudshell is free for users, but developers are charged for other AWS resources used with cloudshell to create and run applications. Users can also download files up to 1 GB in size from cloudshell to their local computer. They can use up to 10 simultaneous shells in each region for free.

The new shell is designed to be used from the AWS Management Console, where clicking the shell icon in the top navigation bar opens the cloudshell environment in a new browser tab. The new browser tab uses your console credentials.

AWS cloudshell is similar to Microsoft Azure Cloud Shell and Google Cloud Platform Cloud Shell.

According to TechCrunch, Amazon CTO Werner Vogels said that new cloudshell sessions are automatically pre-configured to have the same API permissions as the user in the AWS console.

This avoids having to manage multiple AWS profiles or credentials in different test and production environments, and makes it easier to start a new cloudshell session.

cloudshell is available in the Eastern United States (Northern Virginia), Eastern United States (Ohio), Western United States (Oregon), Europe (Ireland), and Asia-Pacific (Tokyo) regions. The rest of the regions are located in the nearest road map.

According to the cloudshell FAQ , cloudshell does not currently support Windows instances or new AWS macOS instances .

Apple on the background of lawsuits decided to independently reduce the fee from developers in the App Store from 30 to 15 percent

The events of recent months, initiated by Epic Games against Apple, as well as the EU antitrust investigation initiated by Spotify and other legal claims at various levels, have pushed the Corporation to take independent steps to mitigate the situation around relations with both users and software developers in the App Store – namely, to reduce the tax rate from January 2021 from the standard 30% accepted by other companies, such as Google, to 15%, that is, exactly 2 times.

 

 

This reduction in Commission fees will apply to companies that have a turnover of less than $ 1 million per year – in order to allow small businesses and developers to invest more in business and increase staff, as well as in the development of new innovative features.

The size of the turnover in the $ 1 million Apple explained the results of their internal studies showing that the success of applications and, accordingly, their developers about this amount, and the decrease in turnover is below specified limit will again get the opportunity to use the discount…

 

The process of many years of debate at various levels between Apple and its 28 million app developers, while expanding the number of active devices to 1.5 billion units, finally led to at least some compromise solution.

 

Epic Games ‘ high-profile lawsuit against Apple itself will be considered in 2021, and in the run-up to its consideration, there is speculation that in this way the company hopes to mitigate the consequences of its strict corporate policy regarding Commission fees: 30% were assigned from the very beginning of the App Store in 2008.

The most interesting thing is that the results of developer surveys indicate that the additional funds that can be obtained as a result of lower fees will be overwhelmingly reinvested in application development, staff growth and innovation – and the current policy leads to stagnation of small and promising projects…

Trojan cryptographer in Linux: fine handwork

Kaspersky Lab has discovered malicious software written for Linux – this is the Windows version of the RansomExx cryptographer. Both versions differ in that they are entered into the system manually.

 

The new version of the cryptographer, discovered by Kaspersky Lab experts, is a product of the development of the authors of The ransomexx Trojan, which is indicated by several factors:

 

– using the same model of communication with victims of extortion;

– similarity of text versions in the ransom correspondence;

– and, most importantly, the similarity of the code is obvious to experts, even taking into account the fact that it was compiled by different means and for different platforms.

 

 

RansomExx has been noted in many places in the world: in the Brazilian Supreme court of justice, the Texas Department of transportation, Konica, IPG Photonics, and Tyler Technologies…

 

The special sophistication of the target impact of this Trojan is that for its full functioning, the network and system are first hacked, and only then the cryptographer is introduced manually.

Thus, in this mode of operation, attackers move freely within the network and system, which does not allow regular security tools to fully respond to the attack. Detection of such intrusions is possible only with the use of fairly advanced tools for detecting malicious behavior and comprehensive Analytics. Taking into account the professional level of malicious software developers, this presents additional difficulties, since they have a good understanding of how counteraction systems work and therefore minimize all the risks of detection.

 

Read more:

 

the Linux version is an ELF executable file called “svc-new”, which generates a 256-bit key that encrypts all files on the target system using the AES block cipher in ECB mode. Further, the AES key is additionally encrypted with the RSA-4096 public key embedded in the Trojan code, and finally, it is added to all encrypted files.

 

It is noted that it lacks the following functions (as unnecessary, due to the specifics of implementation):

– data exchange with the command server;

– anti-analysis tools;

– the ability to stop the process.

 

In addition, unlike the Windows version, the new version does not clog up all the free space on the server.

 

When paying a ransom, the victim receives two descriptors at once-both for Linux and for Windows. The RSA-4096 public private key and the encrypted file extension are embedded in the executable files of the descriptors.

Vulnerability WordPress plugin can “put” up to 100,000 sites

New vulnerability in WordPress plugin dobaviti concerns site administrators: expanding the Ultimate Member plugin to simplify profiles and community sites, with the number of active installations of more than 100,000, who urgently need to update to the latest current version.

 

The reason is a critical bug that led to the possibility of exploiting several fairly easy-to-use vulnerabilities that potentially allow you to take full control of the site…

 

 

The plugin itself makes it possible to create websites and significantly simplifies the process of registering and creating online communities with flexibly configurable access levels, roles and privileges for users.

 

On November 9, 2020, Wordfence Threat Intelligence published a report in which analyst Chloe Chamberland presented three bugs that can allow users to increase their privileges in the system to the highest and completely take control of any WordPress site by exploiting a vulnerable version of the Ultimate Member plugin.

The vulnerability was discovered on October 26, and a new plugin release was released on October 29 with the release of Ultimate Member 2.1.12, which closes the possibility of exploiting an error that leads to privilege escalation.

 

The most critical bug found out of the three found was classified as critical (very important), as it allowed unauthorized users to increase their privileges to administrative by exploiting an error in the code.

 

“As soon as an attacker gets administrative access to a WordPress site, they actually take over the entire site and can perform any actions, from disabling the site to further infecting the site with malware,” Chamberland explained.

 

The second error was also classified as serious-CVSS 10 out of 10: error of privilege escalation without authentication through user metadata and granting administrator access during registration, as well as user roles (the administrator role is selected during registration).

 

The third bug was classified in 9.8 out of 10, as it requires wp-admin access to the page profile.php it is still considered critical because it allows any verified attacker to elevate privileges to administrator without much effort.

 

Although Ultimate Member 2.1.12, which fixes three vulnerabilities, was released on October 26, the new version of the plugin was downloaded approximately 75,000 times (with almost 32,000 of them the day after the update was released). This means that at least 25,000 WordPress websites with active Ultimate Member installations are still potentially vulnerable to attacks if attackers start using these bugs as part of future malware campaigns.

Microsoft is preparing to automatically update all devices with Windows 10 (1903)

In December 2020, Microsoft will stop supporting Windows 10 with the index 1903, better known as Windows 10 May 2019 Update. As part of this update, Microsoft has prepared an automatic update for all devices running Windows 10 (1903) to the latest version.

 

 

It is planned that in the near future, Microsoft will form update packages to the newest versions.

 

At the same time, it is interesting that the software platform will not be updated immediately to the latest versions – the software manufacturer prefers to make the transition from previous versions as smoothly as possible, gradually, and therefore the systems will be updated first to Windows 10 (1909) or Windows 10 November 2019 Update, since this set of updates contains mainly those fixes and improvements that are focused on the stability of the system, so that the transition to Windows 10 (1909) does not cause any problems for users.

“All editions of Windows 10 version 1903 and Windows 10 Server version 1903 will cease to be serviced on December 8, 2020. After this date, devices running these editions of Windows will no longer receive security updates. We recommend that you update these devices to a supported OS version as soon as possible to continue receiving monthly security updates, as well as fixes that are not related to security,” Microsoft said in a statement.

 

Potentially, this actually means that in the time period after December 8, 2020, all devices running Windows 10 (1903) will become unsafe, as they will run out of support and stop receiving updates.

 

To upgrade to the current version, it is advisable to use the “Windows update Center” or other available method for monitoring the version of the software platform…

Critical vulnerability in Oracle: danger level 9.8 out of 10 points

For Oracle WebLogic Server urgently released a patch to the vulnerability, on the basis of which there are already precedents for active exploitation. Also, a few days ago, a fairly close vulnerability was identified in the same software.

 

The urgent release of an extraordinary patch for such a critical vulnerability was extremely relevant for Oracle Corporation due to the beginning of active exploitation of this flaw in the Oracle WebLogic Server software. This vulnerability is called CVE-2020-14750 and is found in many versions of WebLogic Server.

 

Since this software is mainly used as a platform for operating (developing, testing, branching and running enterprise SOFTWARE in, for example, Java), most often in a local and cloud environment, the risk of exploiting such a vulnerability is quite high.

The degree of danger (threat), according to Oracle experts, is 9.8 points out of 10 due to the possibility of using this vulnerability to launch unauthorized users to execute arbitrary code and gain control over the vulnerable server via an HTTP request.

 

Oracle does not provide technical details. It is interesting that, nevertheless, there is information from the same Oracle that the described vulnerability is related to the previous adjacent patch of the October 2020 release (that is, the previous bug also allowed remote launch of arbitrary code to an unauthorized user – a vulnerability with the index CVE-2020-14882, compromising the system using a specially prepared HTTPGET request). Both vulnerabilities affect Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

 

Oracle Corporation warns its users about the urgent need to update to the latest (patched) version of WebLogic Server as soon as possible. Given the extremely active use of these bugs in cybercriminal attack structures, a delay in updating can cause significant financial and reputational losses for server operators.

Microsoft Edge started crowding other browsers

The new browser from Microsoft is steadily increasing its share in the global Internet space. The transition to technology from Google made it possible from the beginning of the year almost from scratch to take the market volume at the beginning of October this year more than 10%, according to the analytical company NetMarketShare.

 

The share of the Edge browser based on Chromium in September 2020 was about 8.84%, and in October it was already 10.22%.

 

 

Microsoft made a great move with pre-installing the browser in the operating system, and strengthened its position by entering the browser on previous versions of Windows with updates throughout the year, not counting promotions in all its other products.

 

The state of competitors in the browser market: the share of Google Chrome is 69.25% (in September-69.94%), and the share of Safari also decreased (over the past month on computers with MacOs, the share fell from 3.57% to 3.4%), according to Windows Latest.

That is, over the past few months, the new browser from Microsoft has withdrawn market share of about 3%, and Chrome has lost about 2% …

 

Historically:

 

Summing up the results of 2018, Microsoft has put an end to the long-term struggle for primacy between browser technologies, admitting its final defeat in the competitive battle with Chromium. Thus, it was decided to integrate the Blink page rendering algorithm from Google and The JavaScript V8 engine into the new browser project.

 

Released in January 2020, Edge, based on Chrome, became the second most popular By April, ahead of all others. Interestingly, Microsoft has made available versions of its product for both MacOs, iOs, Android and Windows 7.

 

in Addition, there are extremely interesting test versions of Edge based on Chromium, which has no analogues in current browsers.

This feature, taking into account the trend towards increasing widescreen over the past 5 years, is clearly gaining popularity among testers and is predicted to have an equally bright response from the user audience.

Microsoft launched its “vertical cloud” called the Microsoft Cloud for Healthcare made available

In may, 2020 on the 2020 fair Build, Microsoft announced the launch of the cloud Microsoft Cloud for Healthcare in the status of accessibility for users from 28 October 2020 with combining components such as Azure, Microsoft 365, 365, and Power Dynamics Platform.

 

 

Microsoft has prepared this cloud for its healthcare Department to process structured and unstructured data about the health of platform users and provides customers with very wide opportunities and options: from various bots for interacting with AI to protecting patients with reduced immunity for various reasons from any epidemics and intra-clinical infections using virtual doctor visits, with a full set of protection, including personal data of those who

Microsoft said in a statement that Microsoft Cloud for Healthcare ” accelerates and simplifies the delivery of more efficient services and helps customers maintain end-to-end security, regulatory compliance, and medical data compatibility.”

In addition, Microsoft Cloud for Healthcare is also able to organize access, use and exchange of medical records in electronic form not only between different health care providers, but also between patients and health insurance companies.

Currently, Microsoft is looking for partners to create their own cloud for the healthcare system – that is, they now need not only independent software vendors, but also system integrators.

The fact is that Microsoft Corporation already offers many similar and related products to the market, but this is the first time such a complex is operating under a single brand.

 

Microsoft took its first step towards integration into the healthcare system more than a decade ago, but it had to reduce and sell most of the previously acquired medical assets, and a couple of years ago it announced the creation of its research division called Healthcare NExT with a focus on healthcare.

NOKIA infrastructure moves to Google Cloud

Nokia and Google Cloud executives have signed a strategic partnership agreement that will see NOKIA move its it infrastructure to the Google Cloud over the next five years. The agreement stipulates that NOKIA’s data centers and SERVERS will be relocated from all over the world, including various software components.

 

 

As presented in Nokia’s press release, this transaction shows the direction of growth trends and the desire for stability in the direction of an IT strategy focused on the latest modern cloud technologies, as well as efforts to actively strengthen and match the time in their digital aspects of activity, which also provides additional opportunities for both cooperation and employees of the company, while improving the quality of service to the customer base.

It is assumed that such an Alliance in conjunction with Nokia and Google Cloud in the future will give a significant increase in operational performance, overall efficiency and bring quite significant savings when taking into account the reduction of space occupied by equipment and reduced energy consumption of the infrastructure, not counting the reduced need for the equipment itself.

 

Over the past few months, companies have developed a unique service migration system that will allow you to smoothly, within 1-2 years, and completely painlessly and unnoticeably for end users to switch to the Google Cloud service, where, along with closing your own data centers, Nokia will minimize the impact on your business while creating a solid Foundation for the future. Google Cloud participates in integration by providing its specialists in the data migration process.

 

It is believed that a fairly wide range of Google software solutions in computing technologies, network solutions, and data storage infrastructure with special flexibility and rapid deployment during migration will make it possible to minimize risks in terms of both time and security of data migration.

 

The local system of the entire Nokia IT infrastructure will be moved to Google Cloud, the migration of Nokia services itself has been launched and no one has noticed anything yet-the movement is uninterrupted…