RSS

Microsoft abandons typical Patch Tuesday playbook to fix Equation Editor flaw

Enlarge (credit: Flickr user: Ivan T)

When a company like Microsoft needs to fix a security flaw in one of its products, the process is normally straightforward: determine where the bug lies, change the program’s source code to fix the bug, and then recompile the program. But it looks like the company had to step outside this typical process for one of the flaws it patched this Tuesday. Instead of fixing the source code, it appears that the company’s developers made a series of careful changes directly to the buggy program’s executable file.

Bug CVE-2017-11882 is a buffer overflow in the ancient Equation Editor that comes with Office. The Equation Editor allocates a fixed-size piece of memory to hold a font name and then copies the font name from the equation file into this piece of memory. It doesn’t, however, check to ensure that the font name will fit into this piece of memory. When provided with a font name that’s too long, the Equation Editor overflows the buffer, corrupting its own memory, and an attacker can use this to execute arbitrary malicious code.

Curious how a buffer overflow works? Previously on Ars we did a deep-dive explanation. (video link)

Read 7 remaining paragraphs | Comments

Advertisements
 
Leave a comment

Posted by on November 17, 2017 in Uncategorized

 

Microsoft and GitHub team up to take Git virtual file system to macOS, Linux

Enlarge (credit: Git)

One of the more surprising stories of the past year was Microsoft’s announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client.

That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux.

Microsoft wanted to move to Git because of Git’s features, like its easy branching and its popularity among developers. But the transition faced three problems. Git wasn’t designed for such vast numbers of developers—more than 20,000 actively working on the codebase. Also, Git wasn’t designed for a codebase that was so large, either in terms of the number of files and version history for each file, or in terms of sheer size, coming in at more than 300GB. When using standard Git, working with the source repository was unacceptably slow. Common operations (such as checking which files have been modified) would take multiple minutes.

Read 7 remaining paragraphs | Comments

 
Leave a comment

Posted by on November 16, 2017 in Uncategorized

 

Surface Book 2 review: Monster performance, but lightning hasn’t struck twice

Enlarge / The 15-inch Surface Book 2. (credit: Peter Bright)

Introduced a little over two years ago, Microsoft’s Surface Book was the hybrid laptop that I had long hoped the company would build. Like the Surface Pro, it worked as a true standalone tablet, but it had the all-important stiff hinge, making it suitable for use on your lap in a way that the Surface Pro’s kickstand and Type Covers never really supported.

The Surface Book was not just a useful form factor; it was also something of a technological showcase. Other hybrid designs I’ve used, such as the ThinkPad Helix, had clunky mechanical linkages between the tablet portion and the base. The Surface Book boasted a clever software-controlled system. The fulcrum hinge design, which helped keep the device balanced when the screen was open, is elegant and visually striking.

And to top it all off, the Surface Book came with an optional discrete GPU, with the GPU housed not in the tablet part but in the base. While we’ve seen many systems with switchable graphics—using the low-power integrated GPU unless you’re playing a game or similar and need the full power of the discrete chip—having the discrete GPU be in a separate component was an exciting twist.

Read 41 remaining paragraphs | Comments

 
Leave a comment

Posted by on November 16, 2017 in Uncategorized

 

Google launches a paid enterprise edition of its Dialogflow chatbot builder

 Google today announced the beta launch of its enterprise edition of Dialogflow, its tool for building chatbots and other conversational applications. In addition, Dialogflow (both in its free and enterprise version) is now getting built-in support for speech recognition, something that developers previously had to source through the Google Cloud Speech API or similar services. Unsurprisingly,… Read More

 
Leave a comment

Posted by on November 16, 2017 in Uncategorized

 

New Venzee tool brings data transformation and validation to your blockchain project

 If the blockchain is going to be an immutable record, you need to start with clean data. The question is, how do you get clean data into a blockchain database to begin with. It’s kind of a quandary for use cases not starting with a green field, but Venzee, a startup that has been helping customers clean up their retail supply chain data to share with large vendors, thinks it has an… Read More

 
Leave a comment

Posted by on November 16, 2017 in Uncategorized

 

Algorithmia now helps businesses manage and deploy their machine learning models

 Algorithmia started out as an online marketplace for — can you guess it? — algorithms. Many of these algorithms that developers offered on the service focused on machine learning (think face detection, sentiment analysis, etc.). Today, with the boom in ML/AI, that’s obviously a big draw and Algorithmia is now taking its next step in this direction with the launch of a new… Read More

 
Leave a comment

Posted by on November 16, 2017 in Uncategorized

 

Email marketer SendGrid up 13% following IPO

 Marketing email company SendGrid had a decent first day on the New York Stock Exchange on Wednesday. After pricing shares at $16, the company closed at $18.03, or up almost 13%. The Denver-based company had raised $131 million after pricing its IPO at $16, above the expected range of $13.50 to $15.50. SendGrid also upsized its IPO, selling 8.2 million shares, instead of 7.7 million.… Read More

 
Leave a comment

Posted by on November 15, 2017 in Uncategorized