Achieving success with AI

Posted on by No Comments ↓

The two most important elements in any AI solution are Intelligence + Trust. I first made this statement in November at our Ignite conference and my conviction is strengthened by every conversation I have with customers. Through my travels, three consistent topics are being raised when considering the adoption of AI solutions: Will AI amplify…

The post Achieving success with AI appeared first on The Official Microsoft Blog.

Continue reading Achieving success with AI

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

Posted on by No Comments ↓

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as “RoguePlanet “. We are working to provide a high quality security update that addresses this vulnerability. We will… Continue reading CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility

Posted on by No Comments ↓

For more than 13 years, Surface has been shaped by the people who use it.

Architects sketch buildings, developers train models, students build startups and field engineers solve problems that rarely make headlines.

We didn’t intend to design for on

The post Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility appeared first on Microsoft Devices Blog.

Continue reading Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility

Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility

Posted on by No Comments ↓

For more than 13 years, Surface has been shaped by the people who use it.

Architects sketch buildings, developers train models, students build startups and field engineers solve problems that rarely make headlines.

We didn’t intend to design for on

The post Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility appeared first on Windows Blog.

Continue reading Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility

CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module’s plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate’s length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.

Posted on by No Comments ↓

Information published. Continue reading CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module’s plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate’s length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.