On Tuesday, Microsoft has announced two new experiences to help ensure that Windows 10 users are in control of their privacy through a new “Privacy Dashboard”, reminding they’re committed to privacy with the Windows 10 Creators update. “These Windows 10 changes are being introduced in a Windows Insider build soon for feedback first and will be rolled out to everyone when the Windows 10 Creators Update becomes available,” writes Terry Myerson.
First up, a new web-based privacy dashboard launched today, so “users can see and control their activity data from Microsoft including location, search, browsing, and Cortana Notebook data across multiple Microsoft services,” Myerson said. “Over time more functionality and categories of data will be adding,” he said.
To review and clear data such as browsing history, search history, location activity, and Cortana’s Notebook – all in one place, you just need to “signed in with your Microsoft account, then go to account.microsoft.com/privacy.”
Second, a new privacy set up experience in Creators Update, simplifying Diagnostic data levels and further reducing data collected at the Basic level is introduced as well.
In this regard, a new set up experience with the ability to choose right settings, replaces previous Express Settings is introduced today.
With this new set up experience, during migrating from Windows 7 or Windows 8, or a fresh install, you’ll be provided with simple but important settings to choose before moving forward with setup. However, already on Windows 10, “will show notifications to choose privacy settings.” This process will be making way into an upcoming Windows Insider build soon.
Diagnostic data collection is simplified to two levels: Basic and Full. Those previously selected Enhanced level, will be able to choose Basic or Full with the Creators Update.
In addition, data collected at Basic level now includes only “data vital to Windows operation,” as well as also ncludes basic error reporting back to Microsoft.
“This data keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly,” he said.
This new set up experience is made voice-capable, and this voice data remains on the device as part of the set up process.
In the screenshot below, you can sse the new privacy settings set up experience:
As you make privacy choices, the new set up experience will share information about what impact each choice:
Lastly, support for Content Security Policy Level 2 (CSP2) in Microsoft Edge introduced today, “is an effective defense-in-depth mechanism against cross site scripting and content injection attacks.”
CSP2 is currently available in the Insider Fast ring now starting with EdgeHTML 15.15002, and “will ship to stable builds with Windows 10 Creators Update.”
Further the team notes, focus is now on adding support for strict-dynamic from “CSP3 spec to enable developers and site administrators to reduce their reliance on whitelists and tighten their CSP implementations.”
CSP Browser Test loaded in Edge, with CSP and CSP Level 2 both passing
In other security news, Microsoft pushed the first Patch Tuesday of the New Year including fixes for both mobile and desktop Windows operaitng systems.
- MS17-001 is a security update for Microsoft Edge deemed to be Important, on Microsoft’s severity scale. The patch fixes an exploit that potentially allowed attackers to elevate their privileges on targeted machines. Users had to be tricked into viewing a malicious website, through which the attacker could gain elevated privileges. There’s no sign that this exploit was being used in the wild.
- MS17-002 addresses issues in supported versions of Microsoft Office and Microsoft Office Services and Web Apps. The vulnerability fixed here allowed for remote code execution if the user opened a maliciously crafted Microsoft Office file. Those running without administrative rights would be less impacted. This patch is also deemed to be Important.
- MS17-003 is the only security patch for this month designated as Critical. However, this update doesn’t come from Microsoft but from Adobe. This is the monthly batch of Flash patches that addresses security issues on all supported versions of Windows.
- MS17-004 changes the way the Local Security Authority Subsystem Service (LSASS) in Windows handles specially crafted authentication requests. It does this to protect the system from potential denial of service attacks that could trigger system reboots. This vulnerability is deemed to be Important.
Following, yesterday’s release of the Windows 10 Insider Preview Build 15002 for PCs in the Fast ring, Microsoft as part of the cumulative updates for PC and Mobile including Anniversary Update as well as 1511 and 1507 for PCs released Windows 10 build 14393.693.
Windows 10 version 1511 build 10586, receiving an update to build 10586.753 addresses security issues related to Microsoft Edge.
While, the original Windows 10 now called version 1507 updates to build 10240.17236 addressed security issues related to Microsoft Edge too.
Here’s a changelog:
- Improved the reliability of Groove Music playback in the background, App-V, video playback and Remote Desktop.
- Addressed issue where after successful fingerprint authentication on a device with the screen off, the screen does not turn back on.
- Addressed issue where only one input device works when you connect two similar input devices to the same machine.
- Addressed issue in the App-V Connection Group that allows users to have access to pieces of functionality that they were not designated to for access.
- Addressed issue that prevents users from selecting multiple certificates simultaneously through the UI.
- Addressed issue where the Request Control function does not work with Remote Assistance if the user being assisted is on Windows Server 2008 R2 or Windows Server 2012.
- Addressed issue that prevents a smart card module from pairing with a contactless smart card reader.
- Addressed issue with license conversion of Server Core from evaluation version to a retail version.
- Addressed issue that prevents users from opening Internet shortcut (.URL) files with Internet Explorer when Enhanced Protected Mode is enabled.
- Addressed issue that prevents users from logging on if a device has been away from the corporate network over a period of time.
- Addressed additional issues with Microsoft Edge, clustering, Internet Explorer, Windows Update, input devices, facial recognition, Logon, Hyper-V, PCI bus drivers and Windows Kernel.
Update 01/12: Microsoft’s January 2017 Cumulative Update for SharePoint Server 2016, includes a Feature Pack 1 as well as two fixes, namely KB3141486 and KB3141487.
- Some terms are translated into multiple languages to make sure that the meaning is accurate.
- You can’t access the Shortcuts link through keyboard in grid edit mode of a SharePoint task list. Additionally, screen readers can’t read or access information panels in SharePoint Server 2016.
- The PSConfig tool may recommend incorrect cmdlets.
- Sometimes, the PSConfig tool shows the upgrade as 100 percent completed even though it still takes some time before the tool moves to the next status. This problem occurs because the tool must complete some minor steps after it upgrades the products. Progress messages are displayed for these steps.
- Fixes the following cmdlet legacy issues of the Administrative Actions Logging feature:
- Support partial execution for the cmdlet and update the help document correspondingly.
- Refine the messages for some exceptions and logs.
- After you try to configure and use the Lotus Notes connector for SharePoint Server, the crawl fails.
- You can’t use the CSOM API to set the BookingType property for enterprise resources in projects.
- A system access control list (SACL) isn’t read correctly for large file paths that exceed the Windows limitation of 260 characters. This causes the SACL to be discoverable by any user in the query results even if the user doesn’t have the appropriate permissions.
- After you make multiple changes to the same user in quick succession in SharePoint Server 2016, the Quick Sync job can’t be completed successfully.
- When you configure hybrid taxonomy, the specified Local Term Store Name parameter is now case-insensitive even though it was previously case-sensitive.
- You can’t restore site collection that have site URLs. Additionally, you receive the following error message – Error: Violation of PRIMARY KEY constraint ‘PK_SiteUrlMap’. Cannot insert duplicate key in object ‘dbo.SiteUrlMap’
- When you add a subtask to an existing subtask of a SharePoint task list, multiple subtasks are created instead of just one subtask, in certain conditions.
- When you copy and paste subtasks in grid edit mode of a SharePoint task list, multiple subtasks are created unexpectedly.
- SharePoint Server 2016 becomes unresponsive and the server experiences high CPU usage that requires a restart. Additionally, you can’t access sites, or you get extremely slow page load times.
This security update also contains improvements and fixes for Project Server 2016:
- When you apply status updates in PWA, actual work is added to some assignments unexpectedly. For example, you have an assignment that has 35 hours total work, and the status update is to apply 9 hours. When you view the results in Project Professional, you find that the assignment is unexpectedly completed. Meanwhile, the total work and the actual work have increased to 400 hours.
The second KB update includes multiple translations for various terms, and some terms in Brazilian for Project Online, as well as fixing the following issues:
- The PSConfig tool may recommend incorrect cmdlets.
- Sometimes, the PSConfig tool shows the upgrade as 100%. However, it still takes some time before it moves to the next status. This symptom occurs because the tool has some minor steps after it updates the products. Progress messages will be displayed for these steps.
- Fixes the following cmdlet legacy issues for the Administrative Actions Logging feature:
- Supports partial execution for the cmdlet and updates the help document correspondingly.
- Refines the messages for some exceptions and logs.