 As the infosec community talked about potential cyber attacks leveraging vulnerabilities in antivirus products, Microsoft took notes and started to work on a solution. The company announced that its Windows Defender can run in a sandbox. Antivirus software runs with the highest privileges on the operating system, a level of access coveted by any threat actor, so any exploitable vulnerabilities in these products add to the possibilities of taking over the system. By making Windows Defender run in a sandbox, Microsoft makes sure that the security holes its product may have stay contained within the isolated environment; unless the attacker finds a way to escape the sandbox, which is among the toughest things to do, the system remains safe. Windows Defender has seen its share of vulnerability reports. Last year, Google's experts Natalie Silvanovich and Tavis Ormandy announced a remote code execution (RCE) bug severe enough to make Microsoft release an out-of-band update to fix the problem. In April this year, Microsoft patched another RCE in Windows Defender, which could be abused via a specially crafted RAR file. When the antivirus got to scanning it, as part of its protection routine, the would trigger, giving the attacker control over the system in the context of the local user. Microsoft is not aware of any attacks in-the-wild actively targeting or exploiting its antivirus solution but acknowledges the potential risk hence its effort to sandbox Windows Defender. The rest of this story can be found on OUR FORUM.  With Microsoft looking to bring "console quality" streaming to phones and tablets with Project xCloud, how will the company achieve that when touch controls are still pretty bad? It seems the company is looking to bring physical controllers to mobile devices to offset this problem, according to these Microsoft Research papers. The research paper documents some of the popular solutions to gaming via a touch screen while hailing the Nintendo Switch and PlayStation Portable (PSP) for circumventing touch-based control limitations with full joysticks and buttons. Microsoft built the prototypes out of foam and then had them 3D printed, based on conceptual renders. The work was carried out quite a while ago, back in 2014, but it seems Microsoft Research has resurfaced their efforts recently, noting the recent success of the Nintendo Switch. While this research may be far away from turning into an actual product, it's pretty imperative that Microsoft takes a serious role in exploring how it can improve the way Xbox games will handle on a mobile device to help take Project xCloud mainstream. Touch-based inputs have always felt like a half-way solution and will feel even more like one when they come up against games designed from the ground-up for responsive, tactile inputs. Learn more by visiting OUR FORUM.  The FDA cleared the Microsoft HoloLens for 510(k) clearance to the OpenSight Augmented Reality System. OpenSight is the first AR (augmented reality) application for use in “pre-operative surgical planning.” As outlined in a press release by Novarad, OpenSight uses 2D, 3D, and 4D images overlayed onto patients’ bodies to provide a visual guide on what doctors may encounter internally during surgery. OpenSight uses HoloLens because the headset allows a better experience, allowing to simultaneously visualize 3D patient images in AR and the actual patient. OpenSight aims to improve surgical planning and decrease the amount of time spent in the operating room. Here’s a look at what a doctor would see when using HoloLens with OpenSight. Dr. Wendell Gibby, MD, Novarad CEO, and co-creator of OpenSight, believes that FDA approval will help doctors be better prepared for surgery and be more successful in surgical procedures, reducing the risk of serious complications for the patient. Additionally, OpenSight allows for a multi-user experience using multiple HoloLens headsets that can help create a better environment for teaching and training new doctors. A teaching version of the software is also available for medical students to perform virtual dissections of cadavers. Learn more at OUR FORUM. |
Latest Articles
|