What to Expect from the Windows 10 November Update

Microsoft is eagerly preparing Windows 10’s November 2019 Update for release within the next few weeks. Codenamed 19H2, the November release will be referred to as “version 1909,” and will be the smallest, quickest, and easiest Feature Update yet.

Contrary to the 1903 (May 2019) Update that included a mass collection of enhancements and features, the next release “will be a scoped set of features for select performance improvements, enterprise features, and quality enhancements,” stated Microsoft. Put simply, this next feature update will be more like a service pack or cumulative update and shouldn’t affect end-users as much as any previous update has done.

Since the Windows 7 operating system is quickly coming to an end on January 14, 2020, Microsoft has been striving to get this one right, and there’s testament to that. As of September 5, Microsoft stated that every Windows Insider in the “Release Preview” ring has been offered this new November update. When the October 2018 Update was released last year, there was zero testing in the “Release Preview” and thus a whole slew of issues arose, leaving a distinctly sour taste for many users. On October 10th, Microsoft stated that Windows Insiders in the Release Preview ring already attained what Microsoft expects as the final build.

New Features in Windows 10 1909

Here is the list of new features being introduced as part of the newest update (as provided directly from Microsoft):

• Third-party digital assistants can active above the Lock screen using voice commands
• Quickly create an event straight from the Calendar flyout on the Taskbar. Just select the date and time at the lower right corner of the Taskbar to open the Calendar flyout and pick your desired date and start typing in the text box – you’ll now see inline options to set a time and location

• The navigation pane on the Start menu now expands when you hover over it with your mouse to better inform where clicking goes
• Friendly images to show what is meant by “banner” and “Action Center” when adjusting the notifications on apps in order to make these settings more approachable and understandableand start typing in the text box – you’ll now see inline options to set a time and location

• Notifications settings under Settings > System > Notifications will now default to sorting notifications will now default to sorting notification senders by most recently shown notification, rather than sender name. This makes it easier to find and configure frequent and recent senders. Microsoft has also added a setting to turn off playing sound when notifications appear
• Options shown to configure and turn off notifications from an app/website right on the notification, both as a banner and in Action Center
• Manage notifications” button to the top of Action Center that launches the main “Notifications & actions” Settings page
• Additional debugging capabilities for newer Intel processors (only for hardware manufacturers)
• General battery life and power efficiency improvements for PCs with certain processors
• A CPU may have multiple “favored” cores (logical processors of the highest available scheduling class). To provide better performance and reliability, a rotation policy that distributes work more fairly among these favored cores has been implemented
• Windows Defender Credential Guard for ARM64 devices has been enabled for additional protection against credential theft for enterprises deploying ARM64 devices in their organizations
• The search box in File Explorer has been updated to now be powered by Windows Search. This change will help integrate OneDrive content online with the traditional indexed results
• Added ability for Narrator and other assistive technologies to read and learn where the FN key is located on keyboards and what state it is in (locked versus unlocked)

Like any Feature Update, it can be deferred on business editions of Windows 10 leveraging Group Policy or Windows Update for Business settings. Organizations that run Windows 10 Enterprise edition version 1909 will have full update support for 30 months (like any Fall Update), until well into 2022.

Manage and Secure Your Environment

Easily deploy Windows Feature Updates with Syxsense Manage and Syxsense Secure. View an accurate count of all your Windows 10 devices and what version of Win10 is installed. Get started with a free trial of one of our simple and powerful solutions.

The First BlueKeep Attacks Have Struck

The first wave of attacks exploiting the BlueKeep vulnerability have been detected by security researchers; however, the flaw is not being used as a self-spreading worm, as Microsoft was initially warning about since May of this year.

The recent attacks have instead been using a demo BlueKeep exploit to hack into these unsecured and unpatched Windows systems to install a cryptocurrency miner, stealing processing resources from various devices across the globe.

Interestingly, instead of a worm that migrates automatically and spreads instantaneously, the attackers have leveraged the vulnerability’s replicating capability to scan for other vulnerable devices in the Internet to exploit.

What Security Researchers Learned About BlueKeep

Researcher Kevin Beaumont, the expert who named the vulnerability BlueKeep, has been running a worldwide honeypot network (named BluePot) in an effort to catch exploitation attempts. The apparent attacks appear to have begun on October 23, when Beaumont’s honeypots started crashing and rebooting, but he only realized it was due to BlueKeep attack attempts on November 2.

Beaumont analyzed the attacks with assistance from British researcher Marcus Hutchins and they determined that the attackers behind the campaign have been leveraging a BlueKeep ‘Metasploit’ module, released in early September of this year, to then deliver a Monero miner. Monero is a cryptocurrency that relies on proof-of-work mining to achieve distributed consensus.

According to various sources, the hackers do not appear to have attempted to create a worm that spreads inside a network and Beaumont stated that the attacks crashed 10 of the 11 honeypots he was running.

“In conclusion, so far the content being delivered with BlueKeep appears to be frankly a bit lame – coin miners aren’t exactly a big threat – however it is clear people now understand how to execute attacks on random targets, and they are starting to do it. This activity doesn’t cause me to worry, but it does cause my spider sense to say ‘this will get worse, later’,” Beaumont wrote in a blog post.

How to Handle BlueKeep

It’s clear the BlueKeep vulnerability is still dangerous and can cause disastrous consequences; however, at this time, attackers just haven’t gotten it right.

But why take your chances? The Bluekeep vulnerability (CVE-2019-0708) has patches available from Microsoft for the operating systems it affects:

• Windows XP
• Windows Server 2003 R2
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2

Syxsense Manage and Syxsense Secure can easily resolve the vulnerability across the entire environment with a Patch Deploy Task. Simply target all devices for the BlueKeep updates (provided by Syxsense) at a time that’s best for the organization, and rest assured the vulnerability will be remediated within no time.