Subscribe to:

Subscribe to :: TheGuruReview.net ::

Microsoft Confirms Windows 10 Will Support 8K Resolution

March 27, 2015 by Michael  
Filed under Computing

Software King of the World Microsoft’s Windows 10 operating system will support screen resolutions that will not be available on commercial displays for years.

At the WinHEC conference Microsoft revealed that Windows 10 will support 8K (7680*4320) resolution for monitors, which is unlikely show up on the market this year or next.

It also showed off minimum and maximum resolutions supported by its upcoming Windows 10. It looks like the new operating system will support 6″+ phone and tablet screens with up to 4K (3840*2160) resolution, 8″+ PC displays with up to 4K resolution and 27″+ monitors with 8K (7680*4320) resolution.

To put this in some perspective, the boffins at the NHK (Nippon H?s? Ky?kai, Japan Broadcasting Corp.) think that 8K ultra-high-definition television format will be the last 2D format as the 7680*4320 resolution (and similar resolution) is the highest 2D resolution that the human eye can process.

This means that 8K and similar resolutions will stay around for a long time and it makes sense to add their support to hardware and software.

NHK is already testing broadcasting in 8K ultra-high-definition resolutions, VESA has ratified DisplayPort and embedded DisplayPort standards to connect monitors with up to 8K resolution to graphics adapters and a number of upcoming games will be equipped for textures for 8K UHD displays.

However monitors that support 8K will not be around for some time because display makers will have to produce new types of panels for them.

Redmond will be ready for the advanced UHD monitors well before they hit the market. Many have criticized Microsoft for poor support of 4K UHD resolutions in Windows 8.

Courtesy-Fud

 

Azul Goes Java Embedded

March 26, 2015 by Michael  
Filed under Computing

Azul Systems, the company behind the wildly popular Zing and Zulu runtimes for Java, has been discussing its latest product, Zulu Embedded.

Azul specializes in bespoke open source Java runtimes and has announced that it is expanding into embedded product lines.

Scott Sellers, CEO and co-founder, and Howard Green, VP of marketing, were keen to extol the virtues of an embedded system.

“If you go with an Oracle system, not only do you have to pay a license fee but you are restricted to off-the-peg solutions,” explains Sellers.

“Because we are an open source solution we can create exactly what the customer needs, then feed that expertise back into the community where it will eventually end up in the official builds of Java.”

Oracle now bases its products around the open source community before releasing its own stable, closed source editions, so Zulu Embedded will often contain cutting edge functionality which is not available to standard (and paying) Java users.

“Our products are built out of a customer need. It’s not just about cost, but about finding new ways to use the Java runtime, which is still the most popular programming language in the world, and creating ways of getting it to do new things,” says Green.

The arrival of Zulu Embedded will open a whole host of opportunities for Internet of Things (IoT) building, but Sellers is keen for the product to be seen as more than just an IoT platform.

“Of course, by creating customized solutions we are able to strip out the libraries that are unnecessary and make a more nimble runtime with a smaller footprint, which makes it ideal for the IoT, but there is far more to it than that – everything from routers, to set-top boxes to ATMs,” explains Green.

The product officially launches today, but has been subject to a significant amount of testing in the field with selected customers.

“In actual fact, it has been available on a limited basis since last September and there are already over two million units running Zulu Embedded in the field,” says Green.

The product will be monetized by offering enterprise-grade support options to customers, while the product itself is freely available.

“We see the end-of-life schedule of Java SE as a major selling point for our own product,” says Green.

Oracle’s support for Java SE 7 has already expired, and it’s another two years before version 8 also reaches end-of-life. Azul, meanwhile, remains committed to its open source products indefinitely.

“Compared to all the alternatives which are either limited in lifespan or have large upfront licensing costs, we’re sure that, combined with our ongoing support, we’re the right choice for anyone wanting flexible deployment of Java,” says Sellers.

Zulu Embedded works across a huge number of platforms, including Mac, Windows and Linux, on Intel and AMD x64 architectures with ARM compatibility to follow.

It is also compatible with physical servers such as Windows Server, hypervisors including VMware and Hyper-V and cloud solutions like Microsoft Azure, Red Hat, Suse and Docker.

For Java as a language, however, Zulu Embedded is something of a return to its roots.

“Sun Microsystems [the original owners of Java] were very successful in the embedded market and paved the way for the vast number of applications that already have a Java runtime. With the end of support for Java 7, many people will be looking at where to go next,” explains Sellars.

Consumer users of Java have repeatedly lashed out at Oracle for its use of bundleware in Java installations, which recently spread to Mac users.

Zulu is available immediately from the Azul website, along with details on working with the Embedded version.

We’ve come a long way in the past nine years, when Sun and Azul were counter-suing over patents. Today, open source is the beating heart of Java, though many won’t realize it.

Courtesy-TheInq

Google Updates Android Smart Lock With On-body Detection

March 24, 2015 by mphillips  
Filed under Mobile

Google is adding a feature to Android’s smart lock that could significantly reduce the number of times users need to key in a passcode to unlock their phones.

On-body detection uses the accelerometer in the phone to detect when it’s being held or carried. If enabled, the feature requires a passcode the first time the phone is accessed but then keeps the device unlocked until it is placed down.

That means, for example, that users walking down the street won’t have to unlock the phone every time they take their phones out of their pockets.

The feature wasn’t widely announced by Google, but it began operating in some phones on Friday.

Like the other elements of smart lock, it should be used with caution as it can’t detect who is carrying the phone.

“If you unlock your device and hand it to someone else, your device also stays unlocked as long as the other person continues to hold or carry it,” reads a message displayed on phones with the new feature.

The smart lock feature was introduced with Android 5.0 KitKat and allows users to set zones around trusted places, such as a home or office, and Wi-Fi or Bluetooth devices, such as a computer or car radio. When the phone is in those zones it will remain unlocked once it’s been unlocked the first time.

It can also recognize faces and remain unlocked when it sees a trusted face.

 

 

 

 

Pwn2Own Researchers Able To Hack All Four Browsers

March 23, 2015 by mphillips  
Filed under Computing

Security researchers who participated in the Pwn2Own hacking contest have demonstrated remote code execution exploits against the top four browsers, and also hacked the widely used Adobe Reader and Flash Player plug-ins.

South Korean security researcher and serial browser hacker Jung Hoon Lee, known online as lokihardt, single-handedly popped Internet Explorer 11 and Google Chrome on Microsoft Windows, as well as Apple Safari on Mac OS X.

He walked away with US$225,000 in prize money, not including the value of the brand new laptops on which the exploits are demonstrated and which the winners get to take home.

The Pwn2Own contest takes place every year at the CanSecWest security conference in Vancouver, Canada, and is sponsored by Hewlett-Packard’s Zero Day Initiative program. The contest pits researchers against the latest 64-bit versions of the top four browsers in order to demonstrate Web-based attacks that can execute rogue code on underlying systems.

Lee’s attack against Google Chrome earned him the largest payout for a single exploit in the history of the competition: $75,000 for the Chrome bug, an extra $25,000 for a privilege escalation to SYSTEM and another $10,000 for also hitting the browser’s beta version — for a total of $110,000.

The IE11 exploit earned him an additional $65,000 and the Safari hack $50,000.

Lee’s accomplishment is particularly impressive because he competed alone, unlike other researchers who teamed up, HP’s security research team said in a blog post.

Also on Thursday, a researcher who uses the hacker handle ilxu1a popped Mozilla Firefox on Windows for a $15,000 prize. He also attempted a Chrome exploit, but ran out of time before he managed to get his attack code working.

Mozilla Firefox was also hacked, during the first day of the competition, by a researcher named Mariusz Mlynski. His exploit also leveraged a Windows flaw to gain SYSTEM privileges, earning him a $25,000 bonus on top of the standard $30,000 payout for the Firefox hack.

Most of the attacks demonstrated at Pwn2Own this year required chaining of several vulnerabilities together in order to bypass all defense mechanisms put in place in operating systems and browsers to prevent remote code execution.

The final count for vulnerabilities exploited this year stands as follows: five flaws in the Windows OS, four in Internet Explorer 11, three each in Mozilla Firefox, Adobe Reader, and Flash Player, two in Apple Safari and one in Google Chrome.

 

 

Microsoft Looking To Replace IE Browser Name

March 19, 2015 by mphillips  
Filed under Around The Net

Microsoft has confirmed that the new default browser in Windows 10 will not be named “Internet Explorer,” essentially marking the end of a 20-year reign by the once omnipresent product.

A new name was not disclosed, however.

“We’re right now researching what the new brand, or the new name, for our browser should be in Windows 10,” said Chris Capossela, Microsoft’s chief marketing officer, during a discussion of branding Monday at the firm’s Convergence conference. “We’ll continue to have Internet Explorer, but we’ll also have a new browser called Project Spartan, which is codenamed Project Spartan. And we have to name the thing.”

Microsoft has talked about Spartan before: In January, when the company touted Windows 10′s consumer-oriented features, it officially announced the new browser, dubbing it with the code name. Spartan, executives said then, would be the default Web browser for the new OS, although Internet Explorer will also be bundled with Windows 10, primarily for enterprise legacy requirements.

The clear implication was that Spartan would be tagged with a name different than “Internet Explorer,” or its shorthand, “IE.”

Capossela made that plain Monday when he talked about working up a new moniker.

According to people familiar with Microsoft’s plans, it will not reveal Spartan’s name until May, most likely at Ignite, the conference slated to run May 4-8 in Chicago. Ignite will roll up TechEd with several older, often-smaller meetings, including those that specialized in Exchange and SharePoint.

 

 

HSA Foundation Post New Standards For GPUs

March 19, 2015 by Michael  
Filed under Computing

The HSA Foundation has issued a new standard which can match up graphics chips, processors and other hardware to boost things like video search.

The downside is that Intel and Nvidia to not appear to have been involved in the creation of the version 1.0 of its Heterogeneous System Architecture specification.

What the standard would mean is that compute, graphics and digital-signal processors will be able to directly address the same physical RAM in a more cache-coherent manner. It will mean the end of external buses and loosely linked interconnects, and allow data to be processed at the same time.

A GPU and CPU can work on the same bits of memory in an application in a multi-threaded way. The spec refers to GPUs and DSPs as “kernel agents” which sounds a bit like corporate spies for KFC.

The blueprints support 64-bit and 32-bit, and map out virtual memory, memory coherency, and message passing, programming models, and hardware requirements.

While the standard is backed by AMD, ARM, Imagination Technologies, MediaTek, Qualcomm, and Samsung, Intel and Nvidia are giving it a miss. The thought is that with these names onboard there should be a enough of a critical mass of developers who will build HSA-compliant games and tools.

Courtesy-Fud

 

Facebook Adding Send Money Feature To Its Messaging App

March 19, 2015 by mphillips  
Filed under Around The Net

Facebook Inc announced that it will be adding a new feature to its messaging app that will allow friends to send and receive money through it.

Users can tap or click a dollar icon in a new chat window to send money to their friends, after they link a Visa or MasterCard debit card issued by a U.S. bank to their accounts.

The free feature will roll out over the next few months for users in the United States who access Facebook Messenger through desktop computers or Google Inc’s Android and Apple Inc’s iOS operating systems on mobile devices.

Users can create a PIN or enable Touch ID if they have an iPhone to add a level of security to the payments.

Snapchat had launched a similar service last November, called Snapcash.

The mobile messaging company partnered with online payments company Square to allow Snapchat users to link their debit cards to their account and quickly send money to a contact by starting a chat on a smartphone.

 

Will TSMC Win Apple’s A9 Business?

March 18, 2015 by Michael  
Filed under Computing

TSMC is reportedly getting the majority of Apple A9 orders, which would be a big coup for the company.

An Asian brokerage firm released a research note, claiming that disputes over the number of Apple A9 orders from TSMC and Samsung are “coming to an end.”

The unnamed brokerage firm said TSMC will gain more orders due to its superior yield-ramp and “manufacturing excellence in mass-production.”

This is not all, as the firm also claims TSMC managed to land orders for all Apple A9X chipsets, which will power next generation iPads. With the A9X, TSMC is expected to supply about 70 percent of all Apple A9-series chips, reports Focus Taiwan.

While Samsung managed to beat other mobile chipmakers (and TSMC), and roll out the first SoC manufactured on a FinFET node, TSMC is still in the game. The company is already churning out 16nm Kirin 930 processors for Huawei, and it’s about to get a sizable chunk of Apple’s business.

TSMC should have no trouble securing more customers for its 16FF process, which will be supplemented by the superior 16FF+ process soon. In addition, TSMC is almost certain to get a lot of business from Nvidia and AMD once their FinFET GPUs are ready.

Courtesy-Fud

Intel Shows Off The Xeon SoC

March 16, 2015 by Michael  
Filed under Computing

Intel has announced details of its first Xeon system on chip (SoC) which will become the new the Xeon D 1500 processor family.

Although it is being touted as a server, storage and compute applications chip at the “network edge”, word on the street is that it could be under the bonnet of robots during the next apocalypse.

The Xeon D SoCs use the more useful bits of the E3 and Atom SoCs along with 14nm Broadwell core architecture. The Xeon D chip is expected to bring 3.4x better performance per watt than previous Xeon chips.

Lisa Spelman, Intel’s general manager for the Data Centre Products Group, lifted the kimono on the eight-core 2GHz Xeon D 1540 and the four-core 2.2GHz Xeon D 1520, both running at 45W. It also features integrated I/O and networking to slot into microservers and appliances for networking and storage, the firm said.

The chips are also being touted for industrial automation and may see life powering robots on factory floors. Since simple robots can run on basic, low-power processors, there’s no reason why faster chips can’t be plugged into advanced robots for more complex tasks, according to Intel.

Courtesy-Fud

Can Linux Ever Succeed On The Desktop?

March 16, 2015 by Michael  
Filed under Computing

Every three years I install Linux and see if it is ready for prime time yet, and every three years I am disappointed. What is so disappointing is not so much that the operating system is bad, it has never been, it is just that who ever designs it refuses to think of the user.

To be clear I will lay out the same rider I have for my other three reviews. I am a Windows user, but that is not out of choice. One of the reasons I keep checking out Linux is the hope that it will have fixed the basic problems in the intervening years. Fortunately for Microsoft it never has.

This time my main computer had a serious outage caused by a dodgy Corsair (which is now a c word) power supply and I have been out of action for the last two weeks. In the mean time I had to run everything on a clapped out Fujitsu notebook which took 20 minutes to download a webpage.

One Ubuntu Linux install later it was behaving like a normal computer. This is where Linux has always been far better than Windows – making rubbish computers behave. I could settle down to work right? Well not really.

This is where Linux has consistently disqualified itself from prime-time every time I have used it. Going back through my reviews, I have been saying the same sort of stuff for years.

Coming from Windows 7, where a user with no learning curve can install and start work it is impossible. Ubuntu can’t. There is a ton of stuff you have to upload before you can get anything that passes for an ordinary service. This uploading is far too tricky for anyone who is used to Windows.

It is not helped by the Ubuntu Software Centre which is supposed to make like easier for you. Say that you need to download a flash player. Adobe has a flash player you can download for Ubuntu. Click on it and Ubuntu asks you if you want to open this file with the Ubuntu Software Center to install it. You would think you would want this right? Thing is is that pressing yes opens the software center but does not download Adobe flash player. The center then says it can’t find the software on your machine.

Here is the problem which I wrote about nearly nine years ago – you can’t download Flash or anything proprietary because that would mean contaminating your machine with something that is not Open Sauce.

Sure Ubuntu will download all those proprietary drivers, but you have to know to ask – an issue which has been around now for so long it is silly. The issue of proprietary drives is only a problem for those who are hard core open saucers and there are not enough numbers of them to keep an operating system in the dark ages for a decade. However, they have managed it.

I downloaded LibreOffice and all those other things needed to get a basic “windows experience” and discovered that all those typefaces you know and love are unavailable. They should have been in the proprietary pack but Ubuntu has a problem installing them. This means that I can’t share documents in any meaningful way with Windows users, because all my formatting is screwed.

LibreOffice is not bad, but it really is not Microsoft Word and anyone who tries to tell you otherwise is lying.

I download and configure Thunderbird for mail and for a few good days it actually worked. However yesterday it disappeared from the side bar and I can’t find it anywhere. I am restricted to webmail and I am really hating Microsoft’s outlook experience.

The only thing that is different between this review and the one I wrote three years ago is that there are now games which actually work thanks to Steam. I have not tried this out yet because I am too stressed with the work backlog caused by having to work on Linux without regular software, but there is an element feeling that Linux is at last moving to a point where it can be a little bit useful.

So what are the main problems that Linux refuses to address? Usability, interface and compatibility.

I know Ubuntu is famous for its shit interface, and Gnome is supposed to be better, but both look and feel dated. I also hate Windows 8′s interface which requires you to use all your computing power to navigate through a touch screen tablet screen when you have neither. It should have been an opportunity for Open saucers to trump Windows with a nice interface – it wasn’t.

You would think that all the brains in the Linux community could come up with a simple easy to use interface which lets you have access to all the files you need without much trouble. The problem here is that Linux fans like to tinker they don’t want usability and they don’t have problems with command screens. Ordinary users, particularly more recent generations will not go near a command screen.

Compatibly issues for games has been pretty much resolved, but other key software is missing and Linux operators do not seem keen to get them on board.

I do a lot of layout and graphics work. When you complain about not being able to use Photoshop, Linux fanboys proudly point to GIMP and say that does the same things. You want to grab them down the throat and stuff their heads down the loo and flush. GIMP does less than a tenth of what Photoshop can do and it does it very badly. There is nothing that can do what CS or any real desktop publishers can do available on Linux.

Proprietary software designed for real people using a desktop tends to trump anything open saucy, even if it is producing a technology marvel.

So in all these years, Linux has not attempted to fix any of the problems which have effectively crippled it as a desktop product.

I will look forward to next week when the new PC arrives and I will not need another Ubuntu desktop experience. Who knows maybe they will have sorted it in three years time again.

Courtesy-Fud

 

Microsoft’s Cortana Headed To Android, Apple Devices

March 16, 2015 by mphillips  
Filed under Mobile

Microsoft is developing a modified version of its competitor to Apple’s Siri, using research from an artificial intelligence project called “Einstein.”

Microsoft has been running its “personal assistant” Cortana on its Windows phones for a year, and will put the new version on the desktop with the arrival of Windows 10 this autumn. Later, Cortana will be available as a standalone app, usable on phones and tablets powered by Apple Inc’s iOS and Google Inc’s  Android, people familiar with the project said.

“This kind of technology, which can read and understand email, will play a central role in the next roll out of Cortana, which we are working on now for the fall time frame,” said Eric Horvitz, managing director of Microsoft Research and a part of the Einstein project, in an interview at the company’s Redmond, Washington, headquarters. Horvitz and Microsoft declined comment on any plan to take Cortana beyond Windows.

The plan to put Cortana on machines running software from rivals such as Apple andGoogle, as well as the Einstein project, have not been reported. Cortana is the name of an artificial intelligence character in the video game series “Halo.”

They represent a new front in CEO Satya Nadella’s battle to sell Microsoft software on any device or platform, rather than trying to force customers to use Windows. Success on rivals’ platforms could create new markets and greater relevance for the company best known for its decades-old operating system.

The concept of ‘artificial intelligence’ is broad, and mobile phones and computers already show dexterity with spoken language and sifting through emails for data, for instance.

Still, Microsoft believes its work on speech recognition, search and machine learning will let it transform its digital assistant into the first intelligent ‘agent’ which anticipates users needs. By comparison, Siri is advertised mostly as responding to requests. Google’s mobile app, which doesn’t have a name like Siri or Cortana, already offers some limited predictive information ‘cards’ based on what it thinks the user wants to know.

 

Google Opens First Retail Store In London

March 13, 2015 by mphillips  
Filed under Around The Net

Opening its first store-in-a-store in London this week, Google is looking to raise its global profile.

That’s the word from industry analysts after Google announced that it’s opening what is going to be called the Google Shop in Currys PC World, a well-known electronics store in London.

“This is about marketing, not selling,” said Ezra Gottheil, an analyst with Technology Business Research. “While Apple’s stores are real stores with huge volumes, this is about building the brand and exposing people to Google who don’t know about all the Google offerings.”

The Google shop is set up to offer customers the chance to see and try out Google’s range of Android phones and tablets, Chromebook laptops and Chromecast streaming-media devices, as well as learn about how they work together, according to the company.

Store visitors also will be able to try out Google’s software tools and apps, using a series of immersive features, like a Chromecast Pod that allows users to play movies and YouTube videos, as well as an immersive surround-screen installation called Portal, designed to let users seemingly fly through any part of the planet using Google Earth.

“It’s more an amusement park than a shop, which is what, I think, Google intends,” said Gottheil. “Google is doing a very good job with its brand, but it can always be better. You can’t be too rich, too thin or have good enough marketing.”

Dan Olds, an analyst with The Gabriel Consulting Group, noted that as popular as Google’s products, like Android, and services, like Google Maps and Google Earth, are, there’s always room for improvement.

“I think that Google sees the need to make their products even more accessible and sees the store as one method to explore,” he added. “However, they have to realize that these are going to be loss leaders. It will be difficult, if not impossible, to measure the actual value of the stores to Google’s bottom line… If I were them, I’d look at store traffic as the major metric. If they’re getting people into the store, then it’s a win.”

 

 

 

SUSE Goes OpenStack Cloud 5

March 13, 2015 by Michael  
Filed under Computing

SUSE has released OpenStack Cloud 5, the latest version of the its infrastructure-as-a-service private cloud distro.

Version 5 adds the OpenStack brand front and centre, and its credentials are based on the latest Juno build of the OpenStack open source platform.

This version includes enhanced networking flexibility, with additional plug-ins available and the addition of distributed virtual routing. This enables individual computer nodes to handle routing tasks together, or if needs be, clustering together.

Increased operational efficiency comes in the form of a new seamless integration with existing servers running outside the cloud. In addition, log collection is centralized into a single view.

As you would expect, SUSE OpenStack 5 is designed to fit perfectly alongside the company’s other products, including the recently launched Suse Enterprise Storage and Suse Linux Enterprise Server 12 as well as nodes from earlier versions.

Deployment has also been simplified as part of a move to standardise “as-a-service” models.

Also included is the company’s new Sahara data processing project designed to run Hadoop and Spark on top of OpenStack without degradation. MapR has released support for its own service by way of a co-branded plug-in.

“Furthering the growth of OpenStack enterprise deployments, Suse OpenStack Cloud makes it easier for customers to realise the benefits of a private cloud, saving them money and time they can use to better serve their own customers and business,” said Brian Green, managing director, UK and Ireland, at Suse.

“Automation and high availability features translate to simplicity and efficiency in enterprise data centers.”

Suse OpenStack Cloud 5 becomes generally available from today.

Courtesy-TheInq

 

Apple Watch Seen Challenging For App Developers

March 12, 2015 by mphillips  
Filed under Consumer Electronics

Many software developers agree that it’s a challenge to come up with a “killer app” for Apple Inc’s Watch – few have seen the product and the software is still in test mode.

While app makers are passionate about developing for the Apple Watch, some are skeptical about the prospects of coming up with a big idea for the little computer on a wrist that hits stores on April 24, said Markiyan Matsekh, product manager at software engineering firm Eleks.

A killer app that grabs consumers’ attention will be key to the success of the Apple Watch and could spawn new companies, as the iPhone did. The photo-sharing app Instagram grew into a $1 billion business bought by Facebook Inc, and Snapchat has gone from a mobile messaging app to a company valued at $19 billion.

Apple has blocked some features, such as the gyroscope and accelerometer, on the development kit, and the watch simulator cannot test all functions, developers said. Apple declined to comment on why developers cannot access certain features.

“The limitations are discouraging,” said Matsekh, who helped develop a Watch app to control a Tesla Model S without involvement from the electric carmaker.

App designer Mark Rabo believes Apple is spurring creativity though restraint.

The challenge he believes is “not trying to take a phone app and cram it into a Watch.”

Rabo is developing an app called “Revere,” that ties notes to calendars. The Watch will recognize the wearer is walking into a meeting and pull up previously dictated notes about the attendees, for instance.

Apple listed about 40 apps on its website as it unveiled its smartwatch on Monday with “thousands” more in the works, it said.

 

 

Did Microsoft’s Stuxnet Patch Work?

March 12, 2015 by Michael  
Filed under Computing

Microsoft’s Stuxnet patch did not work properly and has left users open to the vulnerability for five years.

Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010.

The .LNK vulnerability was targeted by Stuxnet as it tried to take apart Iran’s nuclear program. German researcher Michael Heerklotz in January reported the new findings to HP’s Zero Day Initiative.

LNK files define shortcuts to files or directories; Windows allows them to use custom icons from control panel files (.CPL). In Windows, ZDI said, those icons are loaded from modules, either executables or DLLs; CPLs are DLLs. An attacker is able to then define which executable module would be loaded, and use the .LNK file to execute arbitrary code inside of the Windows shell.

Oddly the vulnerability does not seem to have been exploited in the wild, although the a Metasploit module has been available since 2010 and has been used in countless tests.

 

Courtesy-Fud