Enlarge (credit: Aurich Lawson / Ars Technica )

Earlier this week, Microsoft released a patch to fix a Secure Boot bypass bug used by the BlackLotus bootkit we reported on in March. The original vulnerability, CVE-2022-21894 , was patched in January, but the new patch for CVE-2023-24932 addresses another actively exploited workaround for systems running Windows 10 and 11 and Windows Server versions going back to Windows Server 2008.

The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others. PCs running Windows 11 must have it enabled to meet the software's system requirements.

Microsoft says that the vulnerability can be exploited by an attacker with either physical access to a system or administrator rights on a system. It can affect physical PCs and virtual machines with Secure Boot enabled.

Enlarge / With the advent of the Asus ROG Ally, you can take Windows gaming anywhere! Should you? That is a good question. (credit: Kevin Purdy)

Geralt of Rivia looked good, moved smoothly, and responded swiftly to commands. There was just one problem: He was constantly sucker-punching the villagers of White Orchard. Over and over again, he raised his fists against tavern keepers, kids running in the street, and detachments of Nilfgaardian soldiers. That last one begat a brutal death. Sometimes, right after taking an unprovoked swing, the camera would furiously spin around my white-haired avatar, making me feel like I, too, had caught one in the head.

I played the latest version of The Witcher 3: Wild Hunt on Asus' new ROG Ally handheld gaming PC ($700, available June 13, preorders start today) as a personal benchmark. Having completed the game three times previously (Xbox/PC/Switch, Yennefer/Triss/neither), I was looking to spot differences on this emerging platform. Asus' new device can run The Witcher 3 —and Assassin's Creed: Odyssey , Forza Horizon 5 , and Hitman 3 —more powerfully than the Steam Deck or almost any other "portable" device around, minus questionably portable gaming laptops. The device runs Windows, so it has fewer game compatibility issues than Valve's Steam Deck (however admirably far that system has advanced). What would make The Witcher or any other playthrough different on the Ally, a Switch-sized device that boasts 7–13 times the power of that platform ? "Random violence" wasn't the answer I expected, so I dug in.

My first thought was that the thumb sticks could be the problem, as they seem to have bigger dead zones and feel less sturdy than the ones on the Steam Deck. Or maybe it was pre-release video hardware reacting to a game known for uneven performance . I updated everything I could, recalibrated the sticks, and double-checked my in-game settings. I played the same build of the game on a Steam Deck with Windows loaded, in the same location, but couldn't recreate the problem.

Enlarge (credit: Microsoft)

Microsoft has spent a lot of time and energy over the last few months adding generative AI features to all its products, particularly its long-standing, long-struggling Bing search engine. And now the company is working on fusing this fast-moving, sometimes unsettling new technology with some old headaches: ads.

In a blog post earlier this week , Microsoft VP Yusuf Mehdi said the company was "exploring placing ads in the chat experience," one of several things the company is doing "to share the ad revenue with partners whose content contributed to the chat response." The company is also looking into ways to let Bing Chat show sources for its work, sort of like the ways Google, Bing, and other search engines display a source link below snippets of information they think might answer the question you asked.

One of Microsoft's experimental formats for highlighting information sources in Bing Chat. (credit: Microsoft)

Sharing ad revenue with partners is an attempt to address a looming supply-and-demand problem for AI chatbots that dig through the Internet to find answers to user queries—someone needs to be making the content that Bing Chat uses to formulate its answers. If AI chatbots make content creation less lucrative, there's less information out there for AI chatbots to sift through, making it even harder for them to do what they're trying to do.

Enlarge / Windows 10 and 11 have their own version of the Acropalypse screenshot editing bug. (credit: acropalypse.app/Andrew Cunningham)

Earlier this week, programmer and "accidental security researcher" Simon Aarons disclosed a bug in Google's Markup screenshot editing tool for its Pixel phones. Dubbed "acropalypse," the bug allows content you've cropped out of your Android screenshot to be partially recovered, which can be a problem if you've cropped out sensitive information.

Today, Aarons' collaborator, David Buchanan, revealed that a similar bug affects the Snipping Tool app in Windows 11. As detailed by Bleeping Computer , which was able to verify the existence of the bug, PNG files all have an "IEND" data chunk that tells software where the image file ends. A screenshot cropped with Snipping Tool and then saved over the original (the default behavior) adds a new IEND chunk to the PNG image but leaves a bunch of the original screenshot's data after the IEND chunk.

Buchanan says that a version of the acropalypse script "with minor changes" can be used to read and recover that data, partially restoring the part of the image you cropped out of your original screenshot. Buchanan is " holding off on publishing " Windows-compatible versions of those scripts since Microsoft (unlike Google) hasn't had time to patch the vulnerability.

Enlarge (credit: Aurich Lawson / Ars Technica )

One of the enduring legacies of the '90s browser wars has been an outsize attention to how Microsoft handles default app settings in Windows, especially browser settings. The company plans to make it more straightforward to change your app defaults in future versions of Windows 11, according to a new blog post that outlines a "principled approach to app pinning and app defaults in Windows."

The company's principled approach is a combination of broad, vague platitudes ("we will ensure people who use Windows are in control of changes to their pins and their defaults") and new developer features. A future version of Windows 11 will offer a consistent "deep link URI" for apps so they can send users to the right place in the Settings app for changing app defaults. Microsoft will also add a pop-up notification that should be used when newly installed apps want to pin themselves to your Taskbar, rather than either pinning themselves by default or getting lost somewhere in your Start menu.

The new Settings URI is designed to replace default app workflows like this one from Adobe Reader, which opens an old-school Windows 95-style Properties window instead of the Settings app. (credit: Andrew Cunningham)

These new features will be added to Windows "in the coming months," starting in the Dev channel Windows Insider Preview builds .

Enlarge / A PC running Windows 11. (credit: Microsoft )

Microsoft started its Windows Insider program in 2014 to get public feedback on Windows 10 as it was being developed. Ever since then, the company has continued to provide regularly updated prerelease builds of Windows 10 and Windows 11 to preview and test new features.

Like many public beta programs, Microsoft has maintained different channels for different users, with periodic tweaks to each channel's name and stated purpose. Today, Microsoft is renaming one channel and introducing another one . The one formerly known as the "Dev" channel will now be called the "Canary" channel, and it will be where Microsoft tests its least-stable and most-experimental features (including "major changes to the Windows kernel, new APIs, etc.").

"The builds that will be flighted to the Canary Channel will be “hot off the presses,” flighting very soon after they are built, which means very little validation and documentation will be done before they are offered to Insiders," writes Windows Insider Program Lead Amanda Langowski.

Enlarge / You name it, we've tried installing Windows 11 on it. (credit: Andrew Cunningham)

We originally published this install guide for Windows 11 shortly after the OS was released in October 2021. To keep it current and as useful as possible, we updated it in August 2022 to cover tweaks that Microsoft has made to the Windows installer for version 22H2, and some new workarounds for unsupported systems.

Windows 11 has been out for nearly a year, and its first major update will be released at some point in the next few weeks. Even if our original review didn't convince you to upgrade, you might be thinking about it now that it's more established and some of the biggest early bugs have been fixed.

We've pulled together all kinds of resources to create a comprehensive install guide to upgrading to Windows 11. This includes advice and some step-by-step instructions for turning on officially required features like your TPM and Secure Boot, as well as official and unofficial ways to skirt the system-requirement checks on "unsupported" PCs, because Microsoft is not your parent and therefore cannot tell you what to do.

Enlarge (credit: Microsoft)

As part of its Windows 11 design push, Microsoft also published fun redesigns for all of its emoji characters that added more character and texture than the older Windows 8- and 10-era versions. Today, the company is going one step further, open-sourcing the vast majority of these new "Fluent" emoji designs and publishing them to Github for anyone to modify and use.

Each open-sourced emoji has three iterations: the fully 3D version, complete with texture and color gradients; a flat "color" version that retains the basic color but removes textures and gradients (these are the ones you'll see if you open Windows 11's emoji menu); and a monochromatic "high contrast" version. All files are being made available as .svg vector graphics files so that they can be resized and otherwise manipulated without any loss of quality.

There are just a couple of Microsoft's designs that it hasn't open-sourced, including the paperclip that looks like Clippy (the character is apparently copyrighted). A couple of other emoji were excluded because Microsoft's versions exclude the Windows logo. There is no generic version of the paperclip emoji listed among the emoji Microsoft has published .

Enlarge / A marketing splash image for Parallels Desktop 18, from the company's YouTube video about the release. (credit: Parallels )

Mac-based virtualization software Parallels launched a new version today. As with most updates to the suite, Parallels Desktop 18 adds support for new Apple hardware features, improves Windows virtualization, and expands compatibility.

The two headlining features of Parallels Desktop 18 are ProMotion support and several new features and optimizations for playing Windows games on Macs.

The first feature is pretty straightforward: Parallels now fully supports automatic refresh rate changes up to 120 Hz, matching the ProMotion feature in the M1-based 14-inch and 16-inch MacBook Pro .