Amidst the beginning of a global pandemic, this month PowerShell 7 became Generally Available, Windows latest patch fixed serious SMBv3 flaws, Cortona will undergo a software revamp, and Microsoft adjusts Build plans. Listen to hear from host and Windows expert Brad Sams, and SmartDeploy CEO Aaron Suzuki, as they break down how this news affects end users. Continue reading for a more granular explanation on the topics discussed.
PowerShell 7 update features and fixes
PowerShell 7 was made Generally Available (GA) earlier this month for Mac, Windows, and Linux operating systems. For those unfamiliar, PowerShell 7 is the latest major update to PowerShell, a cross-platform automation tool and configuration framework geared for handling structured data (e.g. JSON, CSV, XML, etc.), REST APIs, and object models. PowerShell hasn’t undergone an update in roughly two years, so the PowerShell 7 release is packed with some welcomed new features and bug fixes. Most notably including, pipeline parallelization with ForEach-Object -Parallel, new operators, and a simplified dynamic error view and get-error cmdlet for easier error investigation. Users can also explore the new compatibility layer that allows users to import modules in an implicit Windows PowerShell session and includes a new view for automatic new version notifications. Additionally, PowerShell 7 offers increased backwards compatibility so that users on older versions of PowerShell can use new features introduced to PowerShell Core for the first time. It appears Microsoft is moving toward an uber PowerShell release with PowerShell 7. View the complete list of features and fixes in the PowerShell 7 release notes.
Another development with this release is Microsoft shipped the first update of PowerShell 7 to the Windows 10X emulator. This could be an indication that Microsoft intends for Windows 10X to be a sustainable and widely adopted platform. Listen in to hear Aaron and Brad share their predictions for the future of Windows 10X.
If you updated the latest Windows 10 patch, read this…
The recent March Windows patch was a hefty update addressing 115 security vulnerabilities, several of which were given a severity rating of “critical.” This means that the vulnerability could allow an attacker to execute code on a target system without any user interaction required. One of the critical flaws was a client/server remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) protocol. With this flaw, an attacker could exploit the way SMBv3 handles requests to run code on a target Server or SMB Client. The attacker can gain access by presenting the user with a benign-looking removable drive or remote share that contains a .LNK file pointing toward a malicious binary. When Windows processes the .LNK file, the binary will execute code of the attacker’s choice on the target system without the user having to click the link.
This was particularly dangerous as the “critical” classification indicates this is a “wormable” flaw, meaning the SMB (Windows file-sharing) defect can spread quickly to vulnerable systems across an internal network with little to no human interaction. This vulnerability was especially dangerous because Microsoft inadvertently posted a document releasing details about the vulnerability before the patch was ready, which greatly increased the likelihood of an attacker successfully exploiting it. They have since posted a new document addressing the SMBv3 defect and provided a workaround. Brad and Aaron also discuss a previous Windows update that caused many problems, including breaking the ability to manually update drivers within Windows, the ability to sign code in a Visual Studio dev environment, and other reported problems. Listen in to hear Aaron explain the challenges this poses for IT as they maneuver this update malfunction.
Prepare for the revamped Cortana
Microsoft recently announced their digital assistant, Cortana, will be adjusted to focus on user productivity and will include enhanced security and privacy features. These updates are Microsoft’s attempt to deliver more immediate help for users in Microsoft 365. Cortana’s new tasks in the upcoming Windows 10 update will be achieved through a chat-based UI that gives users the ability to interact with Cortana by voice or keyboard. Microsoft has also strengthened their security features on the digital assistant by granting users access to Cortana after securely logging into the device with a work or school account. For additional security provisions, some customer skills including music, connected home, and third-party skills will no longer be available. Both Aaron and Brad were unsurprised at the changes Microsoft plans to make with Cortana. Listen in to hear how Aaron uses Cortana and how these changes will improve the software’s adoption rate.
Microsoft 2020 Build
Considering recent events, Brad and Aaron toggled between the idea of whether Microsoft will be hosting their annual IT conference, Build, which was planned to be held in Seattle, WA in late May. Since the episode aired, Microsoft has taken precautions and will be hosting their conference virtually. We look forward to connecting with the IT community at Build, in Microsoft’s new digital format.