Page 59 of 105

Windows 10: A guide to the updates

August 30, 2024 / Security – Computerworld

The launch of a major Windows 10 update isn’t the end of a process — it’s really just the beginning. As soon as one of Microsoft’s feature updates (such as Windows 10 version 22H2) is released, the company quickly gets to work on improving it by fixing bugs, releasing security patches, and occasionally adding new features.

In this story we summarize what you need to know about each update released to the public for the most recent versions of Windows 10 — versions 22H2 and 21H2. (Microsoft releases updates for those two versions together.) For each build, we’ve included the date of its initial release and a link to Microsoft’s announcement about it. The most recent updates appear first.

For details about how to install and manage Windows updates, see “How to handle Windows 10 and 11 updates.” If you’re looking for information about Insider Program previews for upcoming feature releases of Windows 10, see “Windows 10 Insider Previews: A guide to the builds.”

Updates to Windows 10 versions 21H2 and 22H2

KB5049981 (OS Builds 19044.5371 and 19045.5371)

Release date: January 14, 2025

The update has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and January 2025 Security Updates.

There are two known issues in this build, including one in which devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update.

(Get more info about KB5049981.)

KB5048652 (OS Builds 19044.5247 and 19045.5247)

Release date: December 10, 2024

The update has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and December 2024 Security Updates.

(Get more info about KB5048652.)

KB5046714 (OS Build 19045.5198) Preview

Release date: November 21, 2024

This build fixes a variety of bugs, including one in which Win32 shortcuts did not back up to the cloud.

(Get more info about KB5046714 Preview.)

KB5046613 (OS Builds 19044.5131 and 19045.5131)

Release date: November 12, 2024

This update fixes a bug in which some games did not start or stopped responding after you installed KB5044384. This occurred because some games use a third-party DRM component that are not compatible with that update. This update makes changes to support those games while the game developers address the DRM issue.

The update also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and November 2024 Security Updates.

(Get more info about KB5046613.)

KB5045594 (OS Build 19045.5073) Preview

Release date: October 22, 2024

This build starts the rollout of the new account manager on the Start menu that makes it easy to view your account and access account settings. To change to a different user, select the ellipsis (…) next to “Sign out.” Not everyone will see this change yet, because it’s rolling out gradually.

The build also fixes a variety of bugs, including one in which a vmswitch triggers a stop error. This occurs when you use Load Balancing and Failover (LBFO) teaming with two virtual switches on a virtual machine (VM). In this case, one virtual switch uses single root Input/Output virtualization (SR-IOV).

(Get more info about KB5045594 Preview.)

KB5044273 (OS Builds 19044.5011 and 19045.5011)

Release date: October 8, 2024

This update has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and October 2024 Security Updates.

(Get more info about KB5044273.)

KB5043131 (OS Build 19045.4957) Preview

Release date: September 24, 2024

This build fixes several bugs, including one in which playback of some media might have stopped when you use certain surround sound technology, and another in which Windows server stopped responding when you used apps like File Explorer and the taskbar.

There is one known issue in this update, in which you might be unable to change your user account profile picture.

(Get more info about Windows 10 22H2 KB5043131 Preview).

KB5043064 (OS Builds 19044.4894 and 19045.4894)

Release date: September 10, 2024

This update has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and September 2024 Security Updates.

(Get more info about KB5043064.)

KB5041582 (OS Build 19045.4842) Preview

Release date: August 29, 2024

This build fixes several bugs, including one in which when a combo box had input focus, a memory leak could occur when you closed that window.

There is one known issue in this update, in which you might be unable to change your user account profile picture.

(Get more info about KB5041582 Preview.)

KB5041580 (OS Builds 19044.4780 and 19045.4780)

Release date: August 13, 2024

This release has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and August 2024 Security Updates.

(Get more info about KB5041580.)

KB5040525 (OS Build 19045.4717) Preview

Release date: July 23, 2024

This build fixes a variety of bugs, including one in which the Transmission Control Protocol (TCP) send code caused systems to stop responding during routine tasks, such as file transfers. This issue led to an extended send loop.

There is one known issue in this update, in which you might be unable to change your user account profile picture.

(Get more info about KB5040525 Preview.)

KB5040427 (OS Builds 19044.4651 and 19045.4651)

Release date: July 9, 2024

This update has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and July 2024 Security Updates.

There are two known issues in this build, including one in which you might be unable to change your user account profile picture.

(Get more info about KB5040427.)

KB5039299 (OS Build 19045.4598) Preview

Release date: June 25, 2024

This build fixes a variety of bugs, including one in which apps’ jump lists on the taskbar sometimes failed, and another in which systems didn’t resume from hibernation after BitLocker was turned off.

There are four known issues in this update, including one in which Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or have other icon alignment issues when attempting to use Copilot in Windows.

(Get more info about KB5039299 Preview.)

KB5039211 (OS Builds 19044.4529 and 19045.4529)

Release date: June 11, 2024

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and June 2024 Security Updates.

There are two known issues in this build, including one in which Copilot in Windows is not currently supported when your taskbar is located vertically on the right or left of your screen.

(Get more info about KB5039211.)

KB5037849 (OS Build 19045.4474) Preview

Release date: May 29, 2024

This build fixes a variety of bugs, including one in which devices could not authenticate a second Microsoft Entra ID account, and another in which TWAIN drivers stopped responding when used in a virtual environment.

There are four known issues in this update, including one in which Windows devices using more than one monitor might experience desktop icons moving unexpectedly between monitors or have other icon alignment issues when attempting to use Copilot in Windows.

(Get more info about KB5037849 Preview.)

KB5037768 (OS Builds 19044.4412 and 19045.4412)

Release date: May 14, 2024

This update fixes a bug that caused VPN connections to fail. In addition, it has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and May 2024 Security Updates.

There are four known issues in this build, including one in which Copilot in Windows is not currently supported when your taskbar is located vertically on the right or left of your screen.

(Get more info about KB5037768.)

KB5036979 (OS Build 19045.4355) Preview

Release date: April 23, 2024

With this build, you will start getting account-related notifications for Microsoft accounts in Settings > Home. The account also backs up all your account-related data and helps you to manage your subscriptions. The update also makes the Widgets on the lock screen more reliable.

A number of bugs have also been fixed, including one in which Windows Local Administrator Password Solution’s Post Authentication Actions (PAAs) did not occur at the end of the grace period. Instead, they occurred at restart.

(Get more info about KB5036979 Preview.)

KB5036892 (OS Builds 19044.4291 and 19045.4291)

Release date: April 9, 2024

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and April 2024 Security Updates.

There are two known issues in this build, including one in which Copilot in Windows is not currently supported when your taskbar is located vertically on the right or left of your screen.

(Get more info about KB5036892.)

KB5035941 (OS Build 19045.4239) Preview

Release date: March 26, 2024

In this build, Windows Hello for Business admins can now use mobile device management to turn off the prompt that appears when users sign in to an Entra-joined machine. To do it, turn on the “DisablePostLogonProvisioning” policy setting. After a user signs in, provisioning is off for Windows 10 and Windows 11 devices.

The update also update improves the Remote Desktop Session Host. You can now set up its “clipboard redirection” policy to work in a single direction from the local computer to the remote computer. You can also reverse that order.

A number of bugs have also been fixed, including one in which a network resource could not be accessed from a Remote Desktop session when the Remote Credential Guard feature was turned on, and another that affected the time service, in which the Windows Settings app did not match what IT admins configured using MDM or a Group Policy Object.

(Get more info about KB5035941 Preview.)

KB5035845 (OS Builds 19044.4170 and 19045.4170)

Release date: March 12, 2024

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and March 2024 Security Updates.

There are two known issues in this build, including one in which Copilot in Windows is not currently supported when your taskbar is located vertically on the right or left of your screen.

(Get more info about KB5035845.)

KB5034843 (OS Build 19045.4123) Preview

Release date: February 29, 2024

In this update, using Windows share, you can now directly share URLs to apps like WhatsApp, Gmail, Facebook, and LinkedIn. Sharing to X (formerly Twitter) is coming soon.

The update also fixes a variety of bugs, including one in which Azure Virtual Desktop virtual machines restarted randomly because of an access violation in lsass.exe, and another in Remote Desktop Web Authentication in which you might not have been able to connect to sovereign cloud endpoints.

There are two known issues in this build, including one in which Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows. In the second issue, Copilot in Windows is not supported when your taskbar is located vertically on the right or left of your screen.

(Get more info about KB5034843 Preview.)

KB5034763 (OS Builds 19044.4046 and 19045.4046)

Release date: February 13, 2023

This build fixes several bugs, including one in which explorer.exe stopped responding when you restarted or shut down a PC that had a controller accessory attached to it.

It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and February 2024 Security Updates.

There are two known issues in this build, including one in which Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen.

(Get more info about KB5034763.)

KB5034203 (OS Build 19045.3996) Preview

Release date: January 23, 2024

The update fixes a variety of bugs, including one that affected BitLocker data-only encryption. A mobile device management (MDM) service, such as Microsoft Intune, might not get the right data when you use the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node.

It also fixed a bug that affected Group Policy Folder Redirection in a multi-forest deployment. The issue stopped you from choosing a group account from the target domain. And it addresses an issue that caused some single-function printers to be installed as scanners.

(Get more info about KB5034203 Preview.)

KB5034122 (OS Builds 19044.3930 and 19045.3930)

Release date: January 9, 2023

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and January 2024 Security Updates.

There is one known issue in this build, affecting ID admins, in which using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. To mitigate the issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.

(Get more info about KB5034122.)

KB5032189 (OS Builds 19044.3693 and 19045.3693)

Release date: December 12, 2023

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and December 2023 Security Updates.

There is one known issue in this build, which affects ID admins, in which using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in MDM apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. To mitigate the issue in Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.

(Get more info about KB5033372.)

Windows 10 22H2 KB5032278 (OS Build 19045.3758) Preview

Release date: November 30, 2023

The update adds the Copilot in Windows (in preview) button to the right side of the taskbar. This only applies to devices that run Home or Pro editions (non-managed business devices). When you select it, the AI-powered Copilot in Windows appears at the right on your screen. It will not overlap with desktop content or block open app windows. The update also adds Windows Update opt-in notifications to the screen when you sign in.

The update also fixes a variety of bugs, including one that affected non-admin processes. It also fixes a leak in volatile notifications, which might have stopped you from signing into your computer.

There is one known issue in this build that applies to IT admins, in which using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment.

(Get more info about Windows 10 22H2 KB5032278 Preview.)

KB5032189 (OS Builds 19044.3693 and 19045.3693)

Release date: November 14, 2023

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and November 2023 Security Updates.

There is one known issue in this build that affects ID admins, in which using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in MDM apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. To mitigate the issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.

(Get more info about KB5032189.)

KB5031445 (OS Build 19045.3636) Preview

Release date: October 26, 2023

The update fixes a variety of bugs, including one in which touchscreens did not work properly when you used more than one display, and another in which there was a memory leak in ctfmon.exe.

There is one known issue in this build, which applies to IT admins, in which using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment.

(Get more info about KB5031445 Preview.)

KB5031356 (OS Builds 19044.3570 and 19045.3570)

Release date: October 10, 2023

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and October 2023 Security Updates.

(Get more info about KB5031356.)

KB5030300 (OS Build 19045.3516) Preview

Release date: September 26, 2023

This update brings back a search box design for accessing apps, files, settings, and more from Windows and the web. If you have a top, bottom, regular, or small icons taskbar, the search box appears.

The build also fixes a variety of bugs, including one in which Microsoft Defender stopped some USB printers from printing, and another in which in Windows Defender Application Control (WDAC) AppID Tagging policies could have greatly increased device startup time.

(Get more info about KB5030300 Preview.)

KB5030211 (OS Builds 19044.3448 and 19045.3448)

Release date: September 12, 2023

This build fixes a bug that affected authentication in which using a smart card to join or rejoin a computer to an Active Directory domain could have failed.

The build also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and September 2023 Security Updates.

(Get more info about KB5030211.)

KB5029331 (OS Build 19045.3393) Preview

Release date: August 22, 2023

This update improves how Windows detects your location to help give you better weather, news, and traffic information. It also expands the rollout of notification badging for Microsoft accounts on the Start menu, which gives you quick access to important account-related notifications. In addition, it adds Windows Backup to your device.

The update also fixes a wide variety of bugs, including one in which print jobs sent to a virtual print queue failed without an error, and another in which Remote Desktop (RD) sessions disconnected when multiple apps were in use.

There is one known issue in this update, in which devices with Windows installations created from custom offline media or a custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5029331 Preview.)

KB5029244 (OS Builds 19044.3324 and 19045.3324)

Release date: August 8, 2023

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and August 2023 Security Updates.

(Get more info about KB5029244.)

KB5028244 (OS Build 19045.3271) Preview

Release date: July 25, 2023

This update fixes a wide variety of bugs, including one in which Timeout Detection and Recovery (TDR) errors might have occurred when you played a game, another in which some display and audio devices were missing when your system resumed from sleep, and another in which some VPN clients could not establish connections.

There is one issue in this update, in which devices with Windows installations created from custom offline media or a custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5028244 Preview.)

KB5028166 (OS Builds 19044.3208 and 19045.3208)

Release date: July 11, 2023

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and July 2023 Security Updates.

(Get more info about KB5028166.)

KB5027293 (OS Build 19045.3155) Preview

Release date: June 27, 2023

This update adds new features and improvements to Microsoft Defender for Endpoint. For more information, see Microsoft Defender for Endpoint. It also lets you authenticate across Microsoft clouds. This feature also satisfies Conditional Access checks if they are needed.

A variety of bugs have been fixed, including one in which scheduled monthly tasks might not have run on time if the next occurrence happened when daylight savings time occured, and another in which all the registry settings under the Policies paths could have been deleted when you did not rename the local temporary user policy file during Group Policy processing.

There is one known issue in this update, in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5027293 Preview.)

KB5027215 (OS Builds 19044.3086 and 19045.3086)

Release date: June 13, 2023

This build has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and June 2023 Security Updates.

(Get more info about KB5027215.)

KB5026435 (OS Build 19045.3031) Preview

Release date: May 23, 2023

This update revamps the search box; Microsoft claims it will let you “easily access apps, files, settings, and more from Windows and the web. You will also have access to the latest search updates, such as search highlights.” If you don’t like the design, you can revert to the existing search box via taskbar context menu or by responding to a dialog that appears when you use search.

A variety of bugs have been fixed, including one that did not let you access the Server Message Block (SMB) shared folder and another in which the Windows Firewall dropped all connections to the IP address of a captive portal when you chose the Captive Portal Addresses option.

(Get more info about KB5026435 Preview.)

Windows 10 2022 Update (version 22H2)

Release date: October 18, 2022

The Windows 10 2022 Update is, in Microsoft’s words, “a scoped release focused on quality improvements to the overall Windows experience in existing feature areas such as quality, productivity and security.” In other words, there’s not much new here, although Computerworld blogger Susan Bradley did uncover a handful of new group policies in the release.

Home and Pro editions of the 2022 Update will receive 18 months of servicing, and Enterprise and Education editions will have 30 months of servicing.

To install the update, go to Settings > Update & Security > Windows Update and select Check for updates. If the update appears, select Download to install it.

(Get more info about the Windows 10 2022 Update.)

Windows 10 November 2021 Update (version 21H2)

Release date: November 16, 2021

Version 21H2, called the Windows 10 November 2021 Update, is the second feature update to Windows 10 released in 2021. Here’s a quick summary of what’s new:

Wi-Fi security has been enhanced with WPA3 H2E standards support.
GPU compute support has been added in the Windows Subsystem for Linux (WSL) and Azure IoT Edge for Linux on Windows (EFLOW) deployments for machine learning and other compute-intensive workflows.

There are also a number of features designed for IT and business:

Windows Hello for Business has a new deployment method called cloud trust that simplifies passwordless deployments.
For increased security, there have been changes to the Universal Windows Platform (UWP) VPN APIs, which includes the ability to implement common web-based authentication schemes and to reuse existing protocols.
Apps can now be provisioned from Azure Virtual Desktop. This allows those apps to run just like local apps, including the ability to copy and paste between remote and local apps.
The release closes the gap between Group Policy and mobile device management (MDM) settings. The device configuration settings catalog has been updated to list more than 1,400 settings previously not available for configuration via MDM. The new MDM policies include administrative template (ADMX) policies, such as App Compat, Event Forwarding, Servicing, and Task Scheduler.
An upgrade to Windows 10 Enterprise includes Universal Print, which now supports print jobs of up to 1GB or a series of print jobs from an individual user that add up to 1GB within any 15-minute period.
Universal Print integrates with OneDrive for web and Excel for web. This allows users of any browser or device connected to the internet to print documents hosted in OneDrive for web to a printer in their organization without installing printer drivers on their devices.

Microsoft has also announced that starting with this release, Windows 10 will get feature updates only once a year.

Windows 10 May 2021 Update (version 21H1)

Release date: May 18, 2021

Version 21H1, called the Windows 10 May 2021 Update, is the most recent update to Windows 10. This is a relatively minor update, but it does have a few new features.

Here’s a quick summary of what’s new in 21H1:

Windows Hello multicamera support: If you have an external Windows Hello camera for your PC, you can set the external camera as your default camera. (Windows Hello is used for signing into PCs.) Why should this change matter to you? If you have an external camera, you probably bought it because it’s superior to the built-in, internal one on your computer. So with this change, you’ll be able to use the more accurate camera for logging into your PC.
Improved Windows Defender Application Guard performance: Windows Defender Application Guard lets administrators configure applications to run in an isolated, virtualized container for improved security. With this change, documents will open more quickly. It can currently take up to a minute to open an Office document in it.
Better Windows Management Instrumentation (WMI) Group Policy Service support: Microsoft has made it easier for administrators to change settings to support remote work.

Windows 10 October 2020 Update (version 20H2)

Release date: October 20, 2020

Version 20H2, called the Windows 10 October 2020 Update, is the most recent update to Windows 10. This is a relatively minor update but does have a few new features.

Here’s a quick summary of what’s new in 20H2:

The new Chromium-based version of the Microsoft Edge browser is now built directly into Windows 10.
The System page of Control Panel has been removed. Those settings have been moved to the Settings app.
The Start menu’s tiled background will match your choice of Windows themes. So the tiled background will be light if you’re using the Windows 10 light theme and dark if you’re using the Windows 10 dark theme.
When you use Alt-Tab, Edge will now display each tab in your browser in a different Alt-Tab window. Previously, when you used Alt-Tab, Edge would get only a single window. You can change this new behavior by going to Settings > System > Multitasking.
When you pin a site to the taskbar in Edge, you can click or mouse over its icon to see all your browser tabs that are open for that website.
When you detach a keyboard on a 2-in-1 device, the device will automatically switch to the tablet-based interface. Previously, you were asked whether you wanted to switch. You can change that setting by going to Settings > System > Tablet.
The Your Phone app gets a variety of new features for some Samsung devices. When using one of the devices, you can interact with the Android apps on your phone from the Your Phone app on Windows 10.

What IT needs to know: Windows 10 version 20H2 also has a variety of small changes of note for sysadmins and those in IT.

IT professionals who administer multiple mobile devices get a new Modern Device Management (MDM) “Local Users and Groups” settings policy that mirrors options available for devices that are managed through Group Policy.
Windows Autopilot, used to set up and configure devices in enterprises, has gained a variety of small enhancement, including better deployment of HoloLens devices, the addition of co-management policies, enhancements to Autopilot deployment reporting, and the ability to reuse Configuration Manager task sequences to configure devices.
Microsoft Defender Application Guard now supports Office. This allows untrusted Office documents from outside an enterprise to launch in an isolated container to stop potentially malicious content from compromising computers or exploiting personal information found on them.
Latest Cumulative Updates (LCUs) and Servicing Stack Updates (SSUs) have been combined into a single cumulative monthly update, available via Microsoft Catalog or Windows Server Update Services.
Biometric sign-on has been made more secure. Windows Hello now has support for virtualization-based security for certain fingerprint and face sensors, which protects, isolates, and secures a user’s biometric authentication data.

For more details, see Microsoft’s “What’s new for IT pros in Windows 10, version 20H2.”

Windows 10 May 2020 Update (version 2004)

Release date: May 27, 2020

Version 2004, called the Windows 10 May 2020 Update, is the most recent update to Windows 10. This is a relatively minor update but does have a variety of new features for both users and system administrators. For more details, see: “Review: Windows 10 May 2020 Update delivers little tweaks that add up to… well, not a lot.”

Here’s a quick summary of what’s new in 2004:

Cortana now runs as a standalone app in a resizable window. It also loses a variety of capabilities, such as playing music, controlling home devices, and working on the lock screen.
Task Manager now displays new information, including the temperature of your GPU and your disk type.
Settings gets many small tweaks, including adding a header with account information, and a redone network status page that combines information that used to be found on multiple pages, such as your IP address, current connection properties and data usage.
The Windows Subsystem for Linux (WSL) gets more features. It now uses a real Linux kernel, and is faster than previously.
IT can now take advantage of Windows Hello biometrics logins rather than passwords, by setting that up as the default on enterprise devices.
Installing and setting up Windows for others has been made easier thanks to new controls added to Dynamic Update, which can lead to less downtime during installation for users.
A variety of new commands have been given to PowerShell for Delivery Optimization, a Windows networking service that reduces bandwidth consumption by sharing the work of downloading update and upgrade packages among multiple devices in business deployments.
The security of the Chromium version of Edge has been improved, thanks to porting Application Guard to it.

Windows 10 November 2019 Update (version 1909)

Release date: Nov. 12, 2019

Version 1909, called the Windows 10 November 2019 Update, is the most recent update to Windows 10. There are very few new features in this update, making it more like a service pack of old than a feature update. At this point it’s not clear whether in the future there will be one full-featured update and one service-pack-like update per year or whether Microsoft will go back to its two-feature-updates-a-year schedule. For more details, see “What we know so far about the unusual Windows 10 1909” and “5 unanswered questions about Windows 10 1909.”

Here’s a quick summary of what’s new for users in 1909.

It lets you create calendar events straight from the taskbar. To do it, click the time on the taskbar and you’ll open the Calendar view. Now click a date and time, then type the event’s name into the text box. You’ll also be able to choose the date, time and location.
When you type a search into the search box, it will now search through files in your OneDrive account as well as on your PC. Also, as you type, a drop-down menu with suggested files appears. Click a file to open it.
Voice assistants in addition to Cortana, including Amazon’s Alexa, will be able to run on Windows 10’s lock screen.
Under-the-hood improvements should speed up the performance of some PCs, as well as increase the battery life in some laptops.
The Start Menu has gotten minor tweaks. When you hover over items in the navigation pane on the left side of the menu, the items clearly show what you’re about to click.

What IT needs to know: The following features in 1909 are of note for IT staff.

Windows containers no longer need to have their host and container versions match. That requirement restricted Windows from supporting mixed-version container pod scenarios. Previously, containers from older versions of Windows 10 couldn’t be run on newer versions of Windows 10. In this update, it’s possible, so that a container made using 1903, for example, can be run on 1909.
Windows Defender Credential Guard, which protects enterprise users’ logins and credentials against theft, is now available for ARM64 devices. Some Windows 10 convertible PCs use ARM64.
Enterprises can now use Microsoft’s Intune enterprise mobility management (EMM) service to allow devices running Windows 10 in S mode to install and run Win32 (desktop) apps. Before this, S Mode only allowed devices to run apps from the Microsoft Store. Microsoft Store apps don’t run on the desktop.
The security of BitLocker encryption has been improved. Whenever BitLocker is used to encrypt a device, a recovery key is created, but before this security improvement, it was possible for an unauthorized user to get access to the recovery key and decrypt the device. Now, PCs have additional security if a key is exposed. Here’s how Microsoft explains the change: “Key-rolling or Key-rotation feature enables secure rolling of Recovery passwords on MDM managed AAD devices upon on demand request from Microsoft Intune/MDM tools or upon every time recovery password is used to unlock the BitLocker protected drive.”

There are two known issues in this update: one in which some users cannot set Win32 program defaults for certain app and file type combinations using the Open with… command or Settings > Apps > Default apps, and another in which Microsoft Notepad and other Win32 programs cannot be set as default applications.

(Get more info about KB4464455.)

Windows 10 October 2018 Update (version 1809)

Release date: October 2, 2018; paused October 5; re-released November 13, 2018

Version 1809, called the Windows 10 October 2018 Update, is the feature update that preceded the May 2019 Update. Here’s a quick summary of what’s new for users in it. (For more details, see our full review.)

A new, powered-up Windows Clipboard can hold multiple clips, store clips permanently, let you preview clips and choose which one you’d like to paste into a document, and share clips across Windows 10 devices.
A new screenshot and annotation tool called Snip & Sketch lets you capture and annotate the entire screen, a rectangular portion of the screen or a freehand-drawn portion of it. After you take a screen capture, you can annotate it and then save it to a file, copy it to the Clipboard, open it in another program or share it via email, social media and other methods.
Storage Sense, which helps save storage space, now works with OneDrive Files On-Demand to clean out files you’ve downloaded from OneDrive cloud storage to your PC but that you don’t use any longer. You can choose how long you would like the cloud files to stay on your PC unused before you want them deleted, from never to 60 days.
The Microsoft Edge browser lets you set autoplay permissions for sound and video on websites on a site-by-site basis. It also lets you look up word definitions in its built-in eReader for books and PDFs, and mark up PDFs and books using a highlighter and by adding notes.
The new Your Phone app links Windows 10 devices to iOS and Android phones. It allows you to start web browsing on an iOS or Android device and then continue where you left off on your PC. It also lets you view photos on your Android phone from your Windows 10 PC.
Search Previews have been powered up slightly. You no longer need to click to display the preview panel; it opens automatically. It also now shows files found on your PC.
Smaller changes include a new dark theme for File Explorer; the addition of the SwiftKey swipe keyboard, which lets you enter text by swiping a finger across an onscreen keyboard; updates that are less intrusive; and faster sign-ins on shared PCs.

What IT needs to know: There are few significant changes that affect IT in the Windows 10 October 2018 Update, other than New Microsoft Edge Group Policies that let admins enable and disable full-screen mode, printing, the favorites bar, and browser history saves. IT can also allow or ban Edge extensions (not that there are many available) and configure the Home button and new tab page and startup options.

Windows 10 April 2018 Update (version 1803)

Release date: April 30, 2018

Version 1803, called the Windows 10 April 2018 Update, is the major update to Windows 10 that preceded the October 2018 Update. Here’s a quick summary of what’s new for users in it. (For more details, see our full review.)

The most important new feature is Timeline, which lets you review and resume activities and open files you’ve started on your PC, or any other Windows PCs you have. It also tracks what you’ve done on iOS and Android devices if you install Microsoft’s digital assistant Cortana on them and are logged in. It shows a list of activities day by day for up to 30 days. Each activity shows up as a large tile, with the file name and document title or URL and website name across it, and the name of the application or app that created it across the top. Click any activity to reopen it. (Note that at present, Timeline only tracks activities in certain Microsoft programs such as the Edge browser and Office applications.)
The new Diagnostic Data Viewer is supported, which Microsoft is designed to let you see the “diagnostic data collected from your Windows devices, how it is used, and to provide you with increased control over that data.” However, the information is presented in such a complex, technical way that even programmers will likely have a difficult time understanding it. The viewer isn’t built directly into the Windows 10 April 2018 Update. Instead, you have to download it from the Microsoft Store.
The My People feature now lets you pin up to 10 contacts on the Windows taskbar. Previously, you could only pin up to three.
Microsoft Edge gets several minor tweaks, including a revamped Hub, the ability to mute auto-playing audio in tabs, and a forms-filler for web-based forms.
The Notebook feature of Cortana gets a new, cleaner interface for its Notebook. It now has two tabs, Organizer and Manage Skills. The Organizer makes it easier to create lists and set reminders. The Manage Skills tab lets you add “skills” to Cortana, such as controlling your home and its appliances, connecting Cortana to music services such as Spotify, tracking your fitness and more.
You get more control over app permissions, such as whether they can access your camera, location and contacts.

What IT needs to know: IT staff should be aware of these features that are new in the Windows 10 April 2018 Update:

Windows 10 Professional now gets the Windows Defender Application Guard, which protects Microsoft Edge. There’s also a new feature in the application guard that lets users download files inside Edge instead of directly to the operating system, as a way to increase security.
There are new policies for Group Policy and Mobile Device Management (MDM) that can better control how Delivery Optimization is used for Windows Update and Windows Store app updates. You can also now monitor Delivery Optimization using Windows Analytics.
Windows AutoPilot also gets a tweak that lets IT make sure policies, settings and apps are provisioned on devices before users begin using them.
Windows gets the Linux curl and tar utilities for downloading files and extracting .tar archives built directly into Windows. Windows also now natively supports Unix sockets (AF_UNIX) with a new afunix.sys kernel driver. That will make it easier to port software to Windows from Linux as well as from other Unix-like operating systems.
There are a host of improvements to the Windows Subsystem for Linux, which lets you run a variety of Linux distributions on Windows 10. Linux applications can run in the background, some launch settings for Linux distributions can be customized, and Linux applications have been given access to serial devices. The new Unix sockets report is available for the Windows Subsystem for Linux as well as Windows itself.
The Windows 10 Pro for Workstations version of Windows 10 gets a new power scheme called Ultimate Performance it’s only for desktop PCs, not those that can be powered by batteries. In addition, Windows 10 Pro for Workstations no longer ships with games like Candy Crush or other similar consumer-focused apps. Instead, it features enterprise- and business-related apps.
Administrators have been given the power to configure an enterprise’s PCs to run custom scripts during feature updates, which will make configuration and deployment easier.

For more details, see the Microsoft blog post “Making IT simpler with a modern workplace.”

Windows 10 Fall Creators Update (version 1709)

Release date: October 17, 2017

Version 1709, called the Windows 10 Fall Creators Update, is the major update to Windows 10 that preceded the April 2018 Update. Here’s a quick summary of what’s new for users in it. (For more details, see our full review.)

OneDrive gets a new feature called Files On-Demand that gives you access to all of your OneDrive files on every device, without having to download them first. You’ll be able to see all the files you have in OneDrive, even if they’re only in the cloud and not on your PC. Icons tell you which are local and which are in the cloud. Just open the file, and if it’s not on your PC, it gets downloaded.
The new My People feature lets you pin three contacts to the Windows taskbar and then communicate with them instantly without having to open a separate app such as Skype or Mail. You can also click to see a list of all communications between them and you at a glance.
You can now send web links from your iOS or Android device to your PC and have them open in Microsoft Edge.
Cortana gets several new features, including displaying results in a scrollable flyout panel, so you don’t have to launch a web browser.
Microsoft Edge gets some minor improvements, including better Favorites handling and the ability to mark up PDFs and e-books.
Security has been beefed up, including the addition of Windows Defender Exploit Guard, which includes intrusion rules and policies to protect against a variety of threats, notably zero-day exploits. A new anti-ransomware feature called Controlled Folder Access has also been added; it lets only approved apps have access to Windows system files and folders.
New privacy features include the ability to review the kinds of devices and services apps from the Microsoft Store want access to before you download them.
The update incorporates Microsoft’s new design system and guidelines, called Fluent Design. Overall, transitions are smoother, and there are subtle changes to the transparency effect.

What IT needs to know: IT staff should be aware of these features that are new in the Windows 10 Fall Creators Update:

The notoriously insecure SMBv1 networking protocol, exploited in recent ransomware attacks including WannaCry and Petya, won’t be included on clean installs of the Windows 10 Fall Creators Update, but SMBv1 components will remain if you do in-place upgrades on PCs that already have the component installed.
Windows Defender Advanced Threat Protection (ATP), a suite of tools introduced in Windows 10 that helps enterprise customers protect their users and networks against threats and respond to attacks, is being beefed up. Among other things, it will run on the Windows Server OS.
ATP is also part of Windows Defender Application Guard for Microsoft Edge, available only for Windows 10 Enterprise Edition. It protects against malware attacks by confining visits to unknown or untrusted websites to a virtual machine, so that attacks can’t spread to a PC or the network.
Windows AutoPilot, which improves self-service deployments of Windows 10 PCs, gets a variety of tweaks, including better mobile device management (MDM) services.
Windows Analytics’ new Device Health tool gathers information on how PCs perform in an enterprise, and based on that, identifies potential issues and outlines steps to resolve them.
Enterprises get more control over what kind of information Windows Analytics gathers for the IT staff. In order to improve users’ privacy, IT staff can limit the information collected by Windows Analytics to only diagnostic data.

For more details about new features for IT, see “What’s new in Windows 10, version 1709 IT Pro content,” “Announcing end-to-end security features in Windows 10” and “Delivering the Modern IT promise with Windows 10” from Microsoft.

Updates to the Creators Update (version 1703)

KB4041676 (OS Build 15063.674)

Release date: October 10, 2017

This non-feature update addresses a wide variety of issues, including ones related to security. It fixes a bug that won’t allow some games from downloading from the MIcrosoft Store. The build also fixes an issue in which some Universal Windows Platform (UWP) apps and Centennial apps (.NET and Win32-based Windows applications that have been packaged to be published to the Microsoft Store) have a gray icon and display the error message “This app can’t open” on launch.

In addition, security updates are included for many parts of Windows, including Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Edge, Windows Authentication, Windows TPM, Device Guard, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft Scripting Engine, Windows Server, Windows Subsystem for Linux, Microsoft JET Database Engine, and the Windows SMB Server.

(Get more info about KB4041767.)

KB4040724 (OS Build 15063.632)

Release date: September 25, 2017

This non-feature update addresses two very minor issues: Cellular connectivity and reliability have been improved, and performance problems with Microsoft Edge that were introduced in KB40387888 have been resolved.

(Get more info about KB4040724.)

KB4038788 (OS Build 15063.608)

Release date: Sept. 12, 2017

This non-feature update addresses a wide variety of miscellaneous minor issues, including one where some machines fail to load wireless WAN devices when they resume from Sleep, and another where spoolsv.exe stops working. Also addressed is a problem in which the option to join Azure AAD is sometimes unavailable during the out-of-box experience, and another in which clicking the buttons on Windows Action Center notifications results in no action being taken.

What IT needs to know

This release includes security updates to Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Microsoft Uniscribe, Microsoft Edge, Device Guard, Windows TPM, Internet Explorer, Microsoft Scripting Engine, Windows Hyper-V, Windows kernel and Windows Virtualization. Because it’s a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB4038788.)

KB4034674 (OS Build 15063.540)

Release date: Aug. 8, 2017

This non-feature update addresses a variety of minor issues, primarily aimed at IT. Two fixes are for mobile devices: One in which the policies provisioned using Mobile Device Management (MDM) don’t take precedence over policies set by provisioning packages, but should, and another in which an access violation in the Mobile Device Manager Enterprise feature causes stop errors. Also addressed is an issue in which the Site to Zone Assignment List group policy (GPO) was not set on machines when it was enabled.

There are also security updates for many Windows features and services, including Microsoft Edge, Microsoft Windows Search Component, Microsoft Scripting Engine, Microsoft Windows PDF Library, Windows Hyper-V, Windows Server, Windows kernel-mode drivers, Windows Subsystem for Linux, Windows shell, Common Log File System Driver, Internet Explorer, and the Microsoft JET Database Engine.

(Get more info about KB4034674.)

KB4032188 (OS Build 15063.502)

Release date: July 31, 2017

This non-feature update addresses a variety of minor issues and bugs, including one in which Win32 applications have problems working with various Bluetooth LE devices including head tracking devices, a reliability issue with launching the Settings app while an application is using the camera, and a bug in which video playback artifacts appear during transitions from portrait to landscape on mobile devices.

What IT needs to know: Several minor issues addressed in this update affect IT, including the Mobile Device Manager Enterprise feature not allowing headsets to work correctly, and a bug that can cause a service using a Managed Service Account (MSA) to fail to connect to a domain after an automatic password update.

(Get more info about KB4032188.)

KB4025342 (OS Build 15063.483)

Release date: July 11, 2017

This security update (a Patch Tuesday release) fixes 54 vulnerabilities in Windows 10, Microsoft Edge, Internet Explorer, Microsoft Office and Microsoft Exchange. Nineteen of the vulnerabilities were rated as critical, 32 as important and three as moderate.

The critical bugs include six remote code execution ones, including one for Microsoft’s HoloLens mixed reality head-mounted display that is currently available only to developers. It allowed the device to be hacked “by merely receiving WiFi packets, apparently without any form of authentication at all,” in Microsoft’s words.

Microsoft Edge received patches for thirteen critical scripting engine memory corruption vulnerabilities, including one in which an attacker could gain the same user rights as the current user.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update. In addition to the patches for Windows 10 Creators Update are security patches for Windows Server 2016 / Windows 10 Anniversary Update.

(Get more info about KB4025342.)

KB4022716 (OS Build 15063.447)

Release date: June 27, 2017

This non-security update kills more than three dozen minor bugs. Among them are one that causes the Camera app to use a lot of memory on mobile platforms, which reduces battery life. The update also improves Bluetooth connectivity with wearable devices.

What IT needs to know: Some of the bugs affect networks, including one in which network printers may fail when using the printer vendor’s setup software on machines with less than 4GB of RAM. Installing the printers using the Settings app or from Devices and Printers in Control Panel will ensure they’re installed properly. In addition, the update fixes an issue which prevented users from connecting to the Terminal Services Gateway (TSG) running on Windows Server 2008 SP2 after it has been upgraded to the Creators Update, with the result that users were not able to access Remote Desktop Services or remote apps.

(Get more info about KB4022716.)

KB4022725 (OS Builds 15063.413 and 15063.414)

Release date: June 13, 2017

This security update closes dozens of security holes, including two remote code execution vulnerabilities (CVE-2017-8464, which is similar to Stuxnet, and CVE-2017-8543, which is a wormlike attack).

It also fixes a variety of bugs, including one in which a user may have to press the space bar to dismiss the lock screen to log in, even after the log on is authenticated using a companion device.

What IT needs to know: Because this is a security update, it should be applied immediately, especially because several of the security holes are being actively used by attackers. (Get more info about KB4022725.)

KB4020102 (OS Build 15063.332)

Release date: May 25, 2017

This non-security update fixes a wide variety of bugs but offers no new features. Among other issues, it fixes a problem when network printers may fail to install using the printer vendor’s setup software on PCs with less than 4GB of RAM. It also fixes several problems with Internet Explorer, including one where non-administrator users can’t install ActiveX controls. (Get more info about KB4020102.)

KB4016871 (OS Builds 15063.296 and 15063.297)

Release date: May 9, 2017

This is a security update that also includes minor bug fixes, but no new features. The security updates are for Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, the Windows kernel, Windows Server, and the .NET Framework. Among the bugs fixed are one in which autochk.exe can randomly skip drive checks and not fix data corruptions, which could lead to data loss.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update. (Get more info about KB4016871.)

KB4016240 (OS Build 15063.250)

Release date: April 25, 2017

This non-security update squashes a wide variety of bugs but includes no new features. It fixes a bug that caused intermittent logout from web applications and another that made systems unresponsive in certain situations after running Direct3D apps in full-screen exclusive mode. Previous to this patch, Windows Forms configuration issues caused antivirus applications to stop working at startup; they now work.

What IT needs to know: Two of the bugs fixed with this release are one in which some VMs experienced network connectivity loss while provisioning IP addresses and another that prevented Group Policy settings from disabling the lock screen. (Get more info about KB4016240.)

KB4015583 (OS Build 15063.138)

Release date: April 11, 2017

This security update includes only a few minor bug fixes and no new features. It updates security for Scripting Engine, libjpeg image-processing library, Hyper-V, Windows kernel-mode drivers, Adobe Type Manager Font Driver, Internet Explorer, Graphics Component, Active Directory Federation Services, .NET Framework, Lightweight Directory Access Protocol, Microsoft Edge and Windows OLE. In addition, it fixes a problem with updating time zone information.

KB4016251 (OS Build 15063.13)

Release date: April 5, 2017

This non-security update fixes a few very minor bugs and has no new features. It repairs a problem that caused the Surface USB: Bluetooth radio to sometimes fail during hibernate/resume, and fixes an issue in which a virus protection product driver installation would trigger a system crash on Windows build 15060 configured with DeviceGuard. (Get more info about KB4016251.)

Windows 10 Creators Update (version 1703)

Release date: April 5, 2017

Version 1703, dubbed the Creators Update, is the major update to Windows 10 that preceded the Fall Creators Update. Here’s a quick summary of what’s new for users in the Creators Update. (For more details, see our full review.)

It helps you better organize the Start menu by letting you put multiple tiles for apps into a single folder — for example, you can group all social media apps into one folder.
Users are given a bit more control over the update process: They can delay an update for three days and keep delaying it in three-day increments, or choose specific times for updates to install.
The Edge browser has gotten some improvements, including having Flash disabled by default for security reasons and supporting the ePub and PDF formats for reading books and other content.
Microsoft added some 3D and virtual reality features, including running HoloLens virtual reality and mixed reality apps for the first time, and introducing a Paint 3D app for creating 3D objects.
System settings that previously were in multiple locations have been consolidated into the Settings app.
There’s a new all-in-one security dashboard called Windows Defender Security Center that consolidates many security and computer health settings and information.
New gaming features include streaming gaming sessions over the internet; a Game Mode to improve gaming performance; and a Game bar to let you record your gameplay, take screenshots and perform games-related tasks.
The Cortana personal assistant gets a few modest additions, including scheduling monthly reminders and helping you set up devices.

What IT needs to know: IT staff should be aware of these features that are new in the Windows 10 Creators Update:

Security has been improved in a number of ways, including adding new features and insights into Windows Defender Advanced Threat Protection (ATP) to better investigate and respond to network threats. Among the new features are sensors in memory, better intelligence and improved remediation capabilities.
Several new configuration service providers (CSPs) available in the Creators Update let administrators manage Windows 10 devices through Mobile Device Management (MDM) or provisioning packages. The DynamicManagement CSP, for instance, can enable or disable certain device features depending on location, network presence or time.
New mobile application management capabilities can protect data on personal mobile devices without requiring each device to be part of the corporate MDM.
The Windows Configuration Designer (previously called Windows Imaging and Configuration Designer) includes new wizards to make it easier to create provisioning packages, including for desktop devices, Windows mobile devices, Surface Hub devices, HoloLens devices and kiosk devices.
Enterprise security administrators get a more comprehensive documentation library for Windows Defender Antivirus.
If an enterprise-wide update policy hasn’t been configured, users with Windows Pro, Windows Enterprise or Windows Education editions have much more control over how Windows updates. With the Creators Update, users can now automatically delay cumulative monthly updates for up to 30 days, and can delay feature updates by up to 365 days.

For more details about new features for IT, see the Microsoft blog posts “Windows 10 Creators Update advances security and best-in-class modern IT tools” and “What’s new in Windows 10, version 1703 IT pro content.”

Take 2: Google AI again lets users generate images of people

August 29, 2024 / Security – Computerworld

Google’s Gemini AI model can once again be used to generate images that represent people, according to Ars Technica. The company had shut down the feature in February after it was criticized for creating historically inaccurate images often related to the subject’s skin color.

The now-updated Gemini 1.5 model should be able to avoid the earlier problems; Google says it also cannot generate images of photo-realistically identifiable individuals, such as famous people.

Google in a blog post Wednesday said it has also focused on improving both AI security and responsibility to ensure the technology is used in an ethical way.

Apple gives IT the power to switch off Apple Intelligence

August 29, 2024 / Security – Computerworld

Apple has introduced new tools mobile device management (MDM) vendors can use to give IT the power to restrict Apple Intelligence across their fleets.

Understanding the significance of the on-going AI with everything war, Apple device management vendor Addigy was fast out the gate to announce its support for the tools, which other MDM providers are likely to support, too. The new tools basically consist of a set of restrictions that can be deployed against managed devices to prevent the use of Apple Intelligence features.

What Apple Intelligence features can be controlled?

The AI features Apple has announced so far include Genmoji, Image Playground, Image Wand, iPhone Mirroring, and Writing Tools. The new controls allow MDM systems to offer admins console-based management tools to enable or disable their use on a managed device. The tools I’ve found include:

allowGenmoji.
allowImagePlayground.
allowImageWand.
allowiPhoneMirroring.
allowPersonalizedHandwritingResults.
allowVideoConferencingRemoteControl.
allowWritingTools.

It is worth noting that only the Writing Tools within Apple Intelligence have been made available in beta so far, and Apple has always said some of its AI functions won’t be available until next year. The idea is that IT will be able to disable the features if they’re concerned about use of company data with AI.

Addigy acts fast

In announcing its support for the new restrictions, Addigy CEO Jason Dettbarn said: “While Apple Intelligence is an exciting development, many organizations are rightly concerned about potential impacts. Some don’t allow AI on devices. Others want to fully understand its implications before deciding when, or even whether, to enable it — and they don’t want to risk waiting until AI ships to try managing it.”

Of course, as Apple Intelligence remains beta software, Addigy MDM is only available to organizations that are part of Apple’s Apple Seed for IT scheme, which lets users test upcoming Apple releases in unique work environments.

I expect other MDM vendors intend to include support for Apple’s restrictions in their own systems. (Some have begun such deployment in beta.)

Why does this matter?

The decision to enable MDM services to prevent the use of Apple Intelligence will be welcomed by enterprise users concerned their employees might inadvertently leak confidential or protected information while using the new AI service.

The release is also true to form. Apple’s commitment to privacy and security across all of its devices is more than skin deep; its extensive white paper explaining the Private Cloud Compute service is proof positive.

But data privacy is a journey, and the best way to protect anyone’s data is not to have any of it in the first place — that’s Apple’s constant aim in everything it does, including AI. The company’s decision to use as little information as it can to make services work is a very smart one, as it minimizes the potential attack surface. Giving MDM the power to forbid any such use also protects devices and their data.

Save the world

We know the company is working to build AI models that run on device, rather than in the cloud. That’s a good thing, as it protects privacy. But the move to ensure small models run at relatively low power could also help reduce the overall energy consumption we’re seeing from the growing use of generative AI (genAI). That seems particularly important now that some estimates indicate ChatGPT is consuming as much energy to generate its responses as would be needed to power 21,602 US homes for a year. Apple’s environmental commitments mean it will take energy consumption generated by Apple Intelligence into account in its environmental reporting.

(I do note that the new tools don’t seem to constrain the use of ChatGPT from Apple Intelligence on a managed device, but I imagine there will be some protection in place by the time integrated access ships.)

It’s time for Apple in business

One final note: Apple has introduced MDM code to prevent the installation of apps downloaded from websites on managed devices. That’s good, as it means European firms won’t be forced to expose their data to the risk of accidental malware installation via apps found outside of legitimate app stores.

Finally, of course, Apple’s painstaking preparation for the mass market introduction of AI on its platforms should be seen as proof positive, as if it were required, that its ecosystem is secure by design and quite ready for business.

More from Jonny Evans

Please follow me on LinkedIn, Mastodon, or join me in the AppleHolic’s bar & grill group on MeWe.

California’s contentious AI safety bill gets closer to becoming a law

August 29, 2024 / Security – Computerworld

California State Assembly last week passed the “hotly debated” AI safety bill that could establish the nation’s most stringent regulations on AI, with the California Senate later approving the Assembly’s amendments, setting the stage for a contentious decision by Governor Gavin Newsom.

The legislation, known as the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act (SB 1047), proposes rigorous testing and accountability measures for AI developers, particularly those creating large and complex models. The bill, if enacted into law, would require AI companies to test their systems for safety before releasing them to the public.

The State Senate, which has already passed the legislation, later approved the Assembly’s amendments and sent the bill for “engrossing and enrolling” — the processes of verifying that all amendments are correctly incorporated and proofreading the printed version. Once that is complete, Newsom will have until September 30 to sign or veto the bill.

“With this vote, the Assembly has taken the truly historic step of working proactively to ensure an exciting new technology protects the public interest as it advances,” Senator and co-author of the bill Scott Wiener said in a statement.

Key Provisions of the bill

Authored by Democratic State Senator Scott Wiener, the bill mandates that companies developing advanced AI models — specifically those costing over $100 million to create or those using substantial computing power — must undergo pre-sale testing for significant risks. This includes preventing the misuse of AI for tasks such as launching cyberattacks or developing biological weapons.

The bill also requires developers to implement a “kill switch” to deactivate models that pose a threat and to undergo third-party audits to verify their safety practices.

If AI technologies are found to be used in harmful ways and companies have not conducted the required testing, the bill empowers the state attorney general to file lawsuits. The legislation aims to protect the public from potential AI-related hazards but also seeks to balance innovation with safety.

Though the bill, also known as SB 1047, aims to impose rigorous safety standards on AI developers, it has also drawn sharp criticism and sparked a broader controversy about the future of AI regulation in the state.

While proponents argue that the legislation is necessary to protect the public and prevent the dangerous misuse of AI, critics claim that the AI bill goes too far and could stifle innovation. They warn that the stringent requirements might drive AI developers out of California, making the state less competitive in the fast-evolving tech landscape.

Tech industry pushback

The tech industry has reacted strongly against SB 1047. More than 74% of all companies that shared their views over the bill have opposed it. Major players including Google and Meta have voiced their opposition, fearing that the bill could create an unfriendly regulatory environment and hinder AI advancements.

OpenAI, known for its popular ChatGPT platform, has argued that AI regulation “should be handled at the federal level” to ensure a uniform approach across states, rather than through state-specific laws that could lead to a patchwork of regulations. In an open letter to Senator Weiner, OpenAI chief strategy officer Jason Kwon said the AI bill would “stifle innovation,” and companies would “leave California.”

Weiner, however, responding to the letter, said this argument “makes no sense.”

“This tired argument — which the tech industry also made when California passed its data privacy law, with that fear never materializing — makes no sense given that SB 1047 is not limited to companies headquartered in California. Rather, the bill applies to companies doing business in California. As a result, locating outside of California does not avoid compliance with the bill,” Weiner wrote in the letter.

SB 1047 has also drawn criticism from key industry figures, including Dr. Fei-Fei Li, the co-director of the Stanford Institute for Human-Centered Artificial Intelligence and often referred to as the “godmother of AI.”

In an article published in Fortune earlier this month, Li expressed concerns that the bill’s penalties and restrictions could have unintended consequences that stifle innovation.

She argued that SB 1047 “will harm our emerging AI ecosystem,” particularly affecting sectors that are already at a disadvantage compared to major tech companies, such as the public sector, academia, and smaller tech firms.

Even some AI researchers and developers who support the idea of regulation have criticized the bill. Andrew Ng, a prominent AI entrepreneur and former head of AI at Google, has called the bill “anti-open source” and “anti-innovation” in an X post arguing that it targets the broad development of AI technology rather than focusing on specific harmful applications.

Not only the tech leaders, but even Democrat lawmakers have also opposed the bill vehemently. House Speaker Nancy Pelosi, representing San Francisco, has been particularly vocal in her opposition, labeling the bill as “well-intentioned but ill-informed.” She and Representatives Ro Khanna and Zoe Lofgren argue that the bill could harm California’s tech industry by imposing burdensome regulations that may deter AI development.

In an open letter, the group of lawmakers expressed concerns that the bill could jeopardize open-source AI models, which rely on publicly available code and are considered vital for advancing AI technologies. They argue that such regulations could discourage innovation and put California at a disadvantage compared to other states and countries that are more welcoming to AI development.

Besides, industry groups have also launched a major campaign against the bill, including creating a website that generates letters for people to send to California lawmakers, urging them to vote against the legislation.

Despite the significant pushback, SB 1047 has found supporters both in the legislature and within the tech community. The bill passed the California Assembly with a 41-9 vote and is expected to clear the Senate again before reaching Governor Newsom’s desk.

Supporters like Tesla CEO Elon Musk and AI startup Anthropic have praised the bill for taking a proactive stance on AI safety, emphasizing the need for guardrails to prevent potential misuse of powerful AI technologies.

However, Senator Wiener has defended the legislation, arguing that it does not stifle innovation but aims to ensure that AI development proceeds responsibly. “Innovation and safety are not mutually exclusive,” Wiener said in the statement, stressing that the bill is designed to increase public trust in AI technologies by holding companies accountable to safety standards they have already adopted.

What’s next for the California AI bill?

As the bill moves closer to becoming law, Governor Newsom faces a pivotal decision that could have wide-ranging implications for the tech industry and AI regulation nationwide.

With Congress showing little progress on federal AI legislation, California’s actions could set a precedent for other states considering how to manage the rapid development of AI technologies.

California’s contentious AI safety bill gets closer to becoming a law

August 29, 2024 / Security – Computerworld

California State Assembly has passed the “hotly debated” AI safety bill that could establish the nation’s most stringent regulations on AI, setting the stage for a contentious decision by Governor Gavin Newsom.

The State Senate, which has already passed the legislation, will vote again with the new amendments on August 31, before the bill goes to Newsom who will have time until September 30 to sign or veto it.

Key Provisions of the bill

The bill also requires developers to implement a “kill switch” to deactivate models that pose a threat and to undergo third-party audits to verify their safety practices.

Tech industry pushback

Weiner, however, responding to the letter, said this argument “makes no sense.”

In an article published in Fortune earlier this month, Li expressed concerns that the bill’s penalties and restrictions could have unintended consequences that stifle innovation.

What’s next for the California AI bill?

As the bill moves closer to becoming law, Governor Newsom faces a pivotal decision that could have wide-ranging implications for the tech industry and AI regulation nationwide.

With Congress showing little progress on federal AI legislation, California’s actions could set a precedent for other states considering how to manage the rapid development of AI technologies.

Upgrade cycles to boost global sales of AI-enabled PCs: Lenovo

August 29, 2024 / Security – Computerworld

Lenovo expects increased demand for AI-powered PCs as enterprises aim to enhance productivity with new technology while upgrading outdated hardware and software, according to Amar Babu, the company’s Asia-Pacific president.

“The technology itself is a key driver,” Babu said, noting that AI enables a personalized user experience that, once adopted, will lead to significant productivity gains and foster greater innovation and creativity.

Babu further highlighted the upcoming end of support for Windows 10, which will necessitate a migration to Windows 11 for enterprises and commercial users, further driving demand for new PCs.

Additionally, the anticipated PC refresh cycle, driven by the surge in purchases during the COVID-19 pandemic, is expected to create a significant replacement demand over the next two to three years.

Lenovo believes that a combination of these factors, along with the availability of advanced technology at competitive prices, will fuel market growth, potentially leading to over 50% of PCs sold globally being AI-enabled by 2027.

An IDC report released earlier this year supports this view, predicting that AI-enabled PCs could capture nearly 60% of the global PC market by 2027, indicating a major shift in the industry. Gartner predicts that by the end of 2026, 100% of enterprise PC purchases will be AI PCs, which are computers that include a neural processing unit (NPU) enabling on-computer AI operations.

However, as the industry increasingly adopts AI and seeks to diversify user experiences, brands are under pressure to collaborate and offer unique value propositions, particularly in the enterprise segment.

Lenovo’s efforts to differentiate

Lenovo has aimed to strengthen its position in the AI-powered computing market through partnerships focused on enhancing the capabilities of its AI PCs, next-generation AI PCs, and AI-ready workstations.

In collaboration with Intel, Lenovo was among the first to launch AI-enabled PCs featuring Intel Core Ultra processors, which made their debut at CES earlier this year, the company said.

At Computex 2024, Lenovo expanded its AI portfolio with laptops powered by AMD’s 3rd Gen Ryzen AI processors, targeting a broad spectrum of users, from consumers to small and medium-sized businesses.

Lenovo also partnered with Qualcomm and Microsoft to introduce the first Copilot+ PCs powered by Snapdragon X Elite processors. The Lenovo Yoga Slim 7x and ThinkPad T14s Gen 6, available since last quarter, offer enhanced personalization and AI-driven computing power, featuring Windows 11 and Copilot+ functionality.

Lenovo’s approach, as outlined by Babu, centers on enhancing the user experience by enabling its PCs to learn, adapt, and leverage data stored on the device. The strategy also emphasizes the importance of a hybrid AI model that operates both in the cloud and on the device.

“How can we provide a tech solution that allows for a comprehensive solution, enhances user experience by optimizing AI agents driven by different software partners, and provides the right platform, including the creation of our own foundational models as we develop throughout the product lifecycle?” Babu said. “That’s how we are approaching this whole AI PC game.”

The role of AI agents

The use of third-party AI solutions has become commonplace in the industry. Lenovo plans to follow this trend by developing its own AI agents, either through integration with platforms like Microsoft Copilot or through proprietary solutions tailored to specific industry needs.

In China, Lenovo has developed an LLM-powered personal AI agent in collaboration with a local cloud provider. For the global market, the company plans to integrate Copilot with its own AI agent to deliver tailored experiences and added value.

“We are working on a tool for creators that will allow them to leverage AI much more effectively,” Babu said. He added that the company is also developing platforms and stacks for developers to further enhance AI capabilities.

Lenovo believes this approach will set its user experience apart, ensuring that even with similar hardware specifications, the overall experience will be “very, very different” and comprehensive, thanks to its collaborations with multiple partners.

Babu believes that this strategy of combining in-house AI solutions with partnerships positions Lenovo to offer enterprises a more integrated and customized AI-powered PC experience, potentially giving it an advantage over competitors that rely solely on third-party integrations.

Leveraging the inevitability of AI

As AI technology continues to gain momentum, enterprises may increasingly require AI-enabled PCs to remain competitive.

“If your competitor is adopting this technology and you’re not, it could pose a challenge,” Babu said. “To stay competitive, integrating some of these AI capabilities may become necessary.”

Lenovo added it aims to help its enterprise clients maintain their competitive edge by providing a distinctive AI-powered PC experience backed by a comprehensive AI technology stack.

Upgrade cycles to boost global sales of AI-enabled PCs: Lenovo

August 29, 2024 / Security – Computerworld

Babu further highlighted the upcoming end of support for Windows 10, which will necessitate a migration to Windows 11 for enterprises and commercial users, further driving demand for new PCs.

Additionally, the anticipated PC refresh cycle, driven by the surge in purchases during the COVID-19 pandemic, is expected to create a significant replacement demand over the next two to three years.

Lenovo’s efforts to differentiate

In collaboration with Intel, Lenovo was among the first to launch AI-enabled PCs featuring Intel Core Ultra processors, which made their debut at CES earlier this year, the company said.

The role of AI agents

Leveraging the inevitability of AI

As AI technology continues to gain momentum, enterprises may increasingly require AI-enabled PCs to remain competitive.

“If your competitor is adopting this technology and you’re not, it could pose a challenge,” Babu said. “To stay competitive, integrating some of these AI capabilities may become necessary.”

Lenovo added it aims to help its enterprise clients maintain their competitive edge by providing a distinctive AI-powered PC experience backed by a comprehensive AI technology stack.

Google’s Gemini gets new Gems assistants, Imagen 3

August 29, 2024 / Security – Computerworld

Google has updated its Gemini large language model (LLM) with a new feature, dubbed Gems, that allows users to train Gemini on any topic of their choice and use it as a customized AI assistant for various use cases.

Gems, previewed at Google I/O this year, is currently available for Gemini Advanced, Business, and Enterprise users.

Google’s Gemini gets new Gems assistants, Imagen 3

August 29, 2024 / Security – Computerworld

Gems, previewed at Google I/O this year, is currently available for Gemini Advanced, Business, and Enterprise users.

Yelp sues Google, stoking fears of more antitrust battles

August 29, 2024 / Security – Computerworld

The online review site Yelp has filed a lawsuit against Google in a San Francisco federal court, accusing the search giant of illegally monopolizing the local search market.

In a blog post announcing this, Yelp co-founder and CEO Jeremy Stoppelman criticized Google for prioritizing its own services over fair competition with companies like Yelp, resulting in many searches that lead to zero clicks and keep users on Google’s search results page.

“Google has illegally leveraged its monopoly in general search to dominate the local search and local search advertising markets, engaging in anticompetitive practices that have lowered the quality of search results and sidelined competitors to expand its market power,” Stoppelman said in the post.

Significantly, this move comes shortly after a US District Court ruled that Google is a monopoly, having used its dominance in the online search market to stifle competition and prevent rival search engines from gaining market share.

After a lengthy trial, the court had found that Google spent tens of billions of dollars on exclusive contracts to secure and maintain its position as the default search engine on web browsers and mobile devices.

A potential precursor to more action

Yelp has consistently advocated for improvements to Google’s local search features, according to Stoppelman. However, the timing of this lawsuit has raised concerns about the potential for more legal actions against Google.

In his blog post, Stoppelman cited the District Court’s ruling and highlighted others, including the European Commission’s $2.6 billion fine on Google in 2017 for favoring its own shopping services and a recent investigation launched in March under the Digital Markets Act into Google’s self-preferencing in search results.

Prabhu Ram, VP of industry research at Cybermedia, pointed out that Yelp’s antitrust lawsuit against Google, following closely after the recent adverse ruling against the tech giant, might signal the beginning of a series of comparable legal challenges.

“If Yelp prevails, it may potentially compel Google to change how it presents local search results, potentially giving more visibility to competitors,” Ram said. “This shift could, in turn, compel businesses to re-evaluate their online presence and advertising strategies on Google.”

The major point of contention

Analysts point out that the main issue lies in the clashing business models, as both Google and Yelp depend on advertising revenue.

Additionally, there is significant concern over how user traffic is funneled to Specialized Vertical Providers (SVPs) like Yelp, Zillow, OpenTable, and Glassdoor.

“The discovery aspect is the primary area of conflict, given that Google has the ability to control and direct the majority of search traffic, whether to sponsored listings, its own properties, or these SVPs, as most user searches for a Point of Interest (POI) begin on Google,” said Neil Shah, partner and co-founder at Counterpoint Research. “For SVPs like Yelp, the expectation is that Google will fairly display results rather than directing traffic to its preferred destinations, which could harm their businesses. Transparency and fairness in this process are what Yelp and other SVPs are seeking.”

However, this argument may not be entirely persuasive, as both Google and Yelp operate on display advertising models.

Shah noted that Yelp applies similar tactics to Points of Interest (POIs) on its platform, effectively mirroring the treatment it claims to receive from Google.

“In Google’s defense, Yelp could ramp up its SEO practices or pay Google the ‘advertising fee’ to get promoted on the Google platform,” Shah added. “So, this lawsuit is a double-edged sword and can cut both ways for Yelp.”