תוכן מסופק על ידי Kevin Kaminski. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Kevin Kaminski או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Player FM - אפליקציית פודקאסט התחל במצב לא מקוון עם האפליקציה Player FM !
Episode Notes [03:47] Seth's Early Understanding of Questions [04:33] The Power of Questions [05:25] Building Relationships Through Questions [06:41] This is Strategy: Focus on Questions [10:21] Gamifying Questions [11:34] Conversations as Infinite Games [15:32] Creating Tension with Questions [20:46] Effective Questioning Techniques [23:21] Empathy and Engagement [34:33] Strategy and Culture [35:22] Microsoft's Transformation [36:00] Global Perspectives on Questions [39:39] Caring in a Challenging World Resources Mentioned The Dip by Seth Godin Linchpin by Seth Godin Purple Cow by Seth Godin Tribes by Seth Godin This Is Marketing by Seth Godin The Carbon Almanac This is Strategy by Seth Godin Seth's Blog What Does it Sound Like When You Change Your Mind? by Seth Godin Value Creation Masterclass by Seth Godin on Udemy The Strategy Deck by Seth Godin Taylor Swift Jimmy Smith Jimmy Smith Curated Questions Episode Supercuts Priya Parker Techstars Satya Nadella Microsoft Steve Ballmer Acumen Jerry Colonna Unleashing the Idea Virus by Seth Godin Tim Ferriss podcast with Seth Godin Seth Godin website Beauty Pill Producer Ben Ford Questions Asked When did you first understand the power of questions? What do you do to get under the layer to really get down to those lower levels? Is it just follow-up questions, mindset, worldview, and how that works for you? How'd you get this job anyway? What are things like around here? What did your boss do before they were your boss? Wow did you end up with this job? Why are questions such a big part of This is Strategy? If you had to charge ten times as much as you charge now, what would you do differently? If it had to be free, what would you do differently? Who's it for, and what's it for? What is the change we seek to make? How did you choose the questions for The Strategy Deck? How big is our circle of us? How many people do I care about? Is the change we're making contagious? Are there other ways to gamify the use of questions? Any other thoughts on how questions might be gamified? How do we play games with other people where we're aware of what it would be for them to win and for us to win? What is it that you're challenged by? What is it that you want to share? What is it that you're afraid of? If there isn't a change, then why are we wasting our time? Can you define tension? What kind of haircut do you want? How long has it been since your last haircut? How might one think about intentionally creating that question? What factors should someone think about as they use questions to create tension? How was school today? What is the kind of interaction I'm hoping for over time? How do I ask a different sort of question that over time will be answered with how was school today? Were there any easy questions on your math homework? Did anything good happen at school today? What tension am I here to create? What wrong questions continue to be asked? What temperature is it outside? When the person you could have been meets the person you are becoming, is it going to be a cause for celebration or heartbreak? What are the questions we're going to ask each other? What was life like at the dinner table when you were growing up? What are we really trying to accomplish? How do you have this cogent two sentence explanation of what you do? How many clicks can we get per visit? What would happen if there was a webpage that was designed to get you to leave? What were the questions that were being asked by people in authority at Yahoo in 1999? How did the stock do today? Is anything broken? What can you do today that will make the stock go up tomorrow? What are risks worth taking? What are we doing that might not work but that supports our mission? What was the last thing you did that didn't work, and what did we learn from it? What have we done to so delight our core customers that they're telling other people? How has your international circle informed your life of questions? What do I believe that other people don't believe? What do I see that other people don't see? What do I take for granted that other people don't take for granted? What would blank do? What would Bob do? What would Jill do? What would Susan do? What happened to them? What system are they in that made them decide that that was the right thing to do? And then how do we change the system? How given the state of the world, do you manage to continue to care as much as you do? Do you walk to school or take your lunch? If you all can only care if things are going well, then what does that mean about caring? Should I have spent the last 50 years curled up in a ball? How do we go to the foundation and create community action?…
תוכן מסופק על ידי Kevin Kaminski. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Kevin Kaminski או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
🎙️ Welcome to the Weekly Security Report 🎙️ — your essential stop for the latest in Windows and Edge security! This podcast is designed to be a time-saving powerhouse, distilling the most critical updates, new features, and emerging vulnerabilities from multiple trusted sources into one convenient, ready-to-reference report. Each week, we dig deep into the data to give you a concise, actionable rundown on the security landscape, helping you stay one step ahead. So whether you’re managing enterprise security, overseeing IT operations, or just a tech enthusiast, our mission is to make it easy to stay informed, protected, and prepared. Plug in, and let’s get into this week’s highlights!
תוכן מסופק על ידי Kevin Kaminski. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Kevin Kaminski או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
🎙️ Welcome to the Weekly Security Report 🎙️ — your essential stop for the latest in Windows and Edge security! This podcast is designed to be a time-saving powerhouse, distilling the most critical updates, new features, and emerging vulnerabilities from multiple trusted sources into one convenient, ready-to-reference report. Each week, we dig deep into the data to give you a concise, actionable rundown on the security landscape, helping you stay one step ahead. So whether you’re managing enterprise security, overseeing IT operations, or just a tech enthusiast, our mission is to make it easy to stay informed, protected, and prepared. Plug in, and let’s get into this week’s highlights!
In this episode, we dive into the fascinating evolution of software management—tracing the journey from the pioneering Linux package managers to Microsoft's modern Windows Winget. Join us as we explore how tools like APT, YUM, and Pacman revolutionized software installation and dependency management on Linux, and how those innovations paved the way for a more streamlined, secure, and automated experience on Windows. We'll discuss: The Origins: How Linux package managers emerged to solve real-world challenges in managing complex software ecosystems. Key Benefits: The security, efficiency, and ease of updates that made package managers indispensable. Cross-Platform Influence: How the success of Linux solutions inspired native package management tools on other operating systems, culminating in the arrival of Windows Winget. The Future: Predictions and insights into how package management might evolve further with cross-platform integration, containerization, and enhanced user interfaces. Whether you’re a Linux aficionado, a Windows enthusiast, or just curious about how these systems work behind the scenes, this episode offers insights and engaging discussions about the past, present, and future of software distribution. Tune in to understand how a command-line revolution is reshaping the way we install and maintain our software—and what that means for the future of computing. Subscribe now on YouTube and join the conversation! From Linux Package Managers to Windows Winget: The Evolution of Software Distribution | CheckYourLogs.Net…
In this episode, we dive into a blog article written by one of our founders Kevin Kaminski, The Evolving Windows Application Deployment Landscape: Embracing the MSIX Era , and explore how MSIX is transforming Windows application management. Join us as we review the key insights from the article—from how MSIX simplifies installations and updates, to its robust security features and seamless integration with modern management tools like Microsoft Endpoint Manager. We also discuss the flexibility it offers for both legacy Win32 applications and modern software, including its role in Windows S Mode environments. Tune in as we break down: The benefits of a modular, efficient deployment process. The impact of differential updates and enhanced security. Real-world implications for IT professionals and developers. Whether you're a seasoned IT pro or just curious about the future of Windows deployment, this episode offers valuable insights to help you navigate the evolving landscape of application packaging. The Evolving Windows Application Deployment Landscape: Embracing the MSIX Era | CheckYourLogs.Net…
Check it out, a special episode from Checkyourlogs.net where we unravel the complexities of upgrading to Windows 11 with a proactive roadmap designed to ensure a seamless transition. In this episode, we sit down with seasoned experts—including insights inspired by our heritage at PortalFuse Inc.—to explore key strategies, best practices, and actionable steps that empower IT teams to embrace the new operating system with confidence. Whether you're just beginning your upgrade journey or already deep in transition, this discussion offers the clarity and direction you need to navigate today’s dynamic digital landscape. Tune in to learn how to mitigate risks, anticipate challenges, and leverage Windows 11's enhanced security and performance for a future-ready IT infrastructure. Upgrading to Windows 11: A Proactive Roadmap for a Smooth Transition | CheckYourLogs.Net…
Podcast Title: PortalFuse Security Update – Chromium Vulnerability, Windows 11 Enhancements & Windows 10 Upgrade Fix In this week’s PortalFuse Security Update podcast, we dive into the critical security developments that every IT administrator and cybersecurity professional needs to know. We start with an in-depth look at the newly patched Chromium use-after-free vulnerability (CVE-2025-0762) in Microsoft Edge’s DevTools—a flaw that could have allowed attackers to execute arbitrary code if left unpatched. Learn how updating to Edge version 132.0.2957.140 can protect your enterprise systems from potential exploits. Next, we explore the latest Windows 11 update (KB5050092) released on January 29, 2025. Discover the key enhancements that improve your desktop experience—from refined taskbar previews and smoother animations to better file sharing and virtual memory management. We also cover the performance boosts in Task Manager, Remote Desktop, and USB device compatibility, alongside fixes that enhance the reliability of NFC readers and printers. Finally, we address a common hurdle faced by Windows 10 users: the Upgrade Assistant getting stuck at 99%. Our episode provides a clear, step-by-step workaround to get your upgrade back on track, ensuring that your system continues to receive the latest updates without disruption. Tune in for essential security insights, actionable troubleshooting tips, and a comprehensive overview of the latest system enhancements to keep your IT environment secure and efficient. Stay informed, stay secure, and join us for a deep dive into modern IT management best practices. Listen now on your favorite podcast platform and stay ahead of the curve with PortalFuse Security Update!…
PortalFuse Weekly Security Report Podcast – January 2025 Updates In this week's episode, we break down the most critical security updates for Microsoft Edge, Windows 10, and Windows 11. Key highlights include: 🔹 Microsoft Edge Vulnerabilities: Urgent updates required for CVE-2025-21262, CVE-2025-0612, and CVE-2025-0611, which could allow UI spoofing and arbitrary code execution. 🔹 Windows 10 & 11 Fixes: Latest KB5050081 and KB5050758 updates bring improvements, including Snipping Tool crash fixes, USB device compatibility updates, and Windows Kernel security enhancements to block vulnerable drivers. 🔹 Known Issues & Workarounds: Troubleshooting OpenSSH service failures, Windows Event Viewer errors, and Citrix update conflicts to help IT teams mitigate disruptions. 🔹 Final Security Recommendations: The latest patching insights and best practices to keep your systems secure and reduce the risk of exploitation. Stay ahead of the latest cybersecurity threats—tune in now!…
In this week’s PortalFuse Weekly Security Report, we delve into two high-severity vulnerabilities shaking up the cybersecurity landscape. First, we examine CVE-2025-21325, a critical flaw in Windows Secure Kernel Mode that allows an attacker to escalate privileges by manipulating page table data. We’ll unpack how this vulnerability leads to complete loss of confidentiality, integrity, and availability, and why immediate patching on Windows 10, Windows 11, and Windows Server 2025 systems is essential. Next, we explore recent security holes in Microsoft Edge stemming from its reliance on the Chromium engine. Notably, CVE-2025-21185 can grant unauthorized access to sensitive information via crafted URLs. We’ll also break down the technical details of related Chromium vulnerabilities, from out-of-bounds memory access in the V8 engine to insufficient data validation in Extensions. Join us as we provide expert guidance on mitigating these threats, including the latest Microsoft KB updates and Edge version 132.0.2957.115. We’ll share best practices for patch management, browser security policies, and proactive monitoring to keep your organization safe in an evolving threat environment. Tune in and stay informed with PortalFuse Weekly Security Report!…
The January 2025 security updates address several critical vulnerabilities, categorized as follows: Elevation of Privilege Vulnerabilities: CVE-2025-21378 (Windows CSC Service): Heap-based buffer overflow granting SYSTEM privileges. CVE-2025-21335 (Windows Hyper-V NT Kernel): Use-after-free condition affecting Hyper-V integration, compromising guest and host environments. CVE-2025-21265 & CVE-2025-21310 (Windows Digital Media): Vulnerabilities triggered by physical access and malicious USB drives, escalating privileges. CVE-2025-21275 (Windows App Package Installer): Allows bypassing restrictions to gain elevated privileges. Other vulnerabilities include issues in the Microsoft Brokering File System and Windows Virtualization-Based Security. Remote Code Execution (RCE) Vulnerabilities: CVE-2025-21298 (Windows OLE): Exploitable through crafted emails or documents to run arbitrary code. CVE-2025-21296 (BranchCache): Malicious code execution in local network setups. CVE-2025-21291 (Windows Direct Show): Exploits malformed media files to trigger RCE. CVE-2025-21289 (Windows Shell): Allows code execution through malicious scripts. Additional RCE vulnerabilities could lead to significant damage if left unpatched. Information Disclosure Vulnerabilities: CVE-2025-21319 (Windows Kernel Memory): Exposes sensitive memory details in logs. CVE-2025-21288 (Windows COM Server): Uninitialized COM resources leak heap memory. CVE-2025-21210 & CVE-2025-21214 (Windows BitLocker): Risk of exposing encryption keys through physical access or side-channel attacks. Security Feature Bypass Vulnerabilities: CVE-2025-21299 (Windows Kerberos): Bypasses Windows Defender Credential Guard, gaining access to Kerberos tickets. CVE-2025-21340 (Windows Virtualization-Based Security): Bypasses hypervisor isolation. CVE-2025-21215 & CVE-2024-7344 (Secure Boot): Exploits in the boot process allowing attackers to tamper with security checks. Denial of Service (DoS) Vulnerabilities: CVE-2025-21284 & CVE-2025-21280 (Windows Virtual TPM): Causes system crashes by exploiting the Virtual TPM. CVE-2025-21274 (Windows Event Tracing): Crashes logging services, allowing undetected attacks. CVE-2025-21207 (Windows Connected Devices Platform Service): Disables network-based device management, causing downtime. Join us as we discuss the latest CVEs, how they affect you and how to stay protected!…
As the holiday season approaches we managed to break the reports after adding some additional functionality to our AI model. A week late we bring you the final PortalFuse Weekly Security Update of 2024 as no CVEs were detected for this week. This week’s report focuses on critical vulnerabilities affecting Microsoft Edge, derived from the Chromium Open Source Software (OSS). Let us dive into the details and ensure your systems are secure during this festive period. Overview of This Week’s CVEs CVE-2024-12695: Out of Bounds Write in V8 Impact: This critical vulnerability in the V8 JavaScript engine affects Microsoft Edge (Chromium-based). Details: The vulnerability allows an out-of-bounds write, potentially enabling attackers to execute arbitrary code in the context of the current user. The root cause lies in Chromium’s memory handling. Fix: Addressed in Microsoft Edge version 131.0.2903.112, released on December 19, 2024. Recommendation: System administrators should update to this version immediately to mitigate the risk. Additional Information: Refer to Google Chrome Releases for more details. CVE-2024-12694: Use After Free in Compositing Impact: A critical vulnerability in the Compositing feature of Microsoft Edge (Chromium-based). Details: This vulnerability could be exploited by attackers to execute arbitrary code, potentially leading to unauthorized access or data manipulation. Fix: Addressed in Microsoft Edge version 131.0.2903.112. Recommendation: Update your Microsoft Edge installations promptly. Additional Information: Refer to Google Chrome Releases . CVE-2024-12693: Out of Bounds Memory Access in V8 Impact: A critical vulnerability due to out-of-bounds memory access in the V8 engine. Details: This issue could allow attackers to execute arbitrary code. It originates from Chromium’s codebase utilized by Microsoft Edge. Fix: Resolved in Microsoft Edge version 131.0.2903.112. Recommendation: Ensure your systems are updated to the latest version. Additional Information: See Google Chrome Releases . CVE-2024-12692: Type Confusion in V8 Impact: A critical vulnerability in the V8 JavaScript engine, stemming from type confusion issues. Details: Exploitation could allow arbitrary code execution, with significant security implications. Fix: Fixed in Microsoft Edge version 131.0.2903.112. Recommendation: Apply the update immediately to secure your environment. Additional Information: Consult Google Chrome Releases . This week’s report highlights four critical vulnerabilities affecting Microsoft Edge, all stemming from Chromium’s codebase. The vulnerabilities include memory handling issues such as out-of-bounds writes, use-after-free conditions, and type confusion, all of which could lead to arbitrary code execution. These issues were promptly addressed with updates to Microsoft Edge version 131.0.2903.112. While serious, they are standard for high-impact CVEs and demonstrate the ongoing need for vigilance in software maintenance. For more information, you can access the full report or listen to our audio podcast summarizing this week’s updates. Conclusion This week’s vulnerabilities emphasize the critical need for prompt action in applying updates and addressing software flaws to maintain a robust security posture. Microsoft Edge version 131.0.2903.112 addresses all the listed CVEs, making it essential to update immediately. Thank you for following our weekly updates throughout 2024. As we close the year, we wish you a Merry Christmas for your friends and family! Stay secure and enjoy the festivities.…
A quiet week so far for the holidays. Two critical security vulnerabilities affecting Microsoft Edge, stemming from the Chromium project, were addressed this week. Two critical security vulnerabilities affecting Microsoft Edge, stemming from the Chromium project, were addressed this week. These vulnerabilities underscore the importance of timely updates to ensure system security and user safety. With these fixes in place, users can mitigate significant risks posed by these flaws. CVE-2024-12382 Use After Free in Translate Vulnerability Description: This flaw affects the Translate feature in Microsoft Edge, which is built on Chromium OSS. An attacker exploiting this vulnerability could execute arbitrary code within the context of the current user. The issue arises from improper memory management. Resolution: Microsoft has addressed this vulnerability in Edge version 131.0.2903.99, released on December 12, 2024. The update aligns with Chromium’s fixes, ensuring system integrity. Action Required: System administrators should prioritize updating to this version of Microsoft Edge immediately. For further details, refer to the Microsoft Edge Security Release Notes . CVE-2024-12381 Type Confusion in V8 Vulnerability Description: This type confusion vulnerability in Chromium’s V8 JavaScript engine could enable an attacker to execute arbitrary code. As with CVE-2024-12382, this issue impacts Microsoft Edge due to its dependency on Chromium OSS. Resolution: The fix was incorporated in the same Edge release (version 131.0.2903.99) on December 12, 2024. Action Required: Ensure all systems using Microsoft Edge are updated to version 131.0.2903.99 to mitigate risks. Both vulnerabilities illustrate the interconnected nature of software ecosystems like Chromium-based browsers. Proactive updates are critical in minimizing exposure to such risks. We then turn to another significant development—the resolution of issues with WPF applications using IMEs. We also cover open issues with dual boot Linux systems and the WinApp SDK. Give us a few minutes of your time to get the latest updates for Edge.…
Welcome to "Addressing Critical CVEs: Enhancing System Security," your go-to podcast for the latest system vulnerabilities and security patch updates. In this episode, we delve into Microsoft's December 2024 updates, which tackle a range of critical vulnerabilities, from remote code execution to elevation of privilege and denial of service. Remote Code Execution: This week, we explore several Remote Code Execution (RCE) vulnerabilities that highlight the increasing sophistication of exploits targeting core system services. Notable patches include: CVE-2024-49132: A Windows Remote Desktop Services RCE vulnerability caused by a race condition, allowing attackers to execute arbitrary code remotely without user interaction. CVE-2024-49127: An LDAP RCE vulnerability that lets attackers execute code within SYSTEM context. CVE-2024-49122: An MSMQ RCE vulnerability enabling remote code execution via crafted MSMQ packets. Elevation of Privilege: We also discuss Elevation of Privilege (EoP) vulnerabilities, which are increasingly targeting local privilege escalation pathways. Key patches include: CVE-2024-49114: A Cloud Files Mini Filter Driver vulnerability allowing SYSTEM level privilege escalation. CVE-2024-49111: A WwanSvc vulnerability exploitable for sensitive resource access. CVE-2024-49088: A Windows Common Log File System Driver vulnerability enabling privilege escalation through buffer over-read flaws. Denial of Service: Closing out 2024, we address Denial of Service (DoS) vulnerabilities, particularly those exploiting directory-related services like LDAP. Critical patches include: CVE-2024-49121: An LDAP DoS vulnerability interrupting directory lookups and authentication. CVE-2024-49113: An out-of-bounds read vulnerability in LDAP causing resource exhaustion. CVE-2024-49126: A Windows Defender DoS vulnerability leading to resource exhaustion and system crashes. Key KB Articles: We transition to the Knowledge Base (KB) articles that provide crucial context for applying these fixes. Highlights include: KB5048703: Enhances security within the Windows 10 ecosystem. KB5048652: Focuses on improving stability for Windows 10 Version 22H2. KB5048794: Enhances performance and stability for Windows 11 enterprise environments. KB5048685: Applies to Windows 11 Enterprise and Education versions, addressing vulnerabilities in the OpenSSH subsystem and improving GPU-intensive task performance. Wrapping Up: As we transition into 2025, prioritizing regular patch management, vulnerability assessments, and staying informed about emerging threats will be crucial for ensuring robust IT infrastructure resilience. Thank you for tuning in to this Patch Tuesday report. Your dedication to securing systems is appreciated. Wishing you a secure and Merry Christmas from everyone at PortalFuse to you and your family!…
This week’s updates balance critical fixes with quality-of-life improvements. By staying informed and proactively addressing vulnerabilities, you’re not only securing your systems but also laying a foundation for smoother operations as the year ends. Let us know if this breakdown resonates with you or if you’d like deeper dives into specific topics. Stay secure and see you next week!…
This week’s report includes nine new CVEs related to Microsoft Edge, all of which have been addressed in the latest version (131.0.2903.48) released on November 19, 2024. The vulnerabilities range from inappropriate implementation issues to insufficient policy enforcement and arbitrary code execution. Additionally, several key known issues impacting Windows 10 and 11 are currently under investigation. Be sure to review the details below to understand their impact on your environment.…
Welcome to the PortalFuse Patch Tuesday blog post for November 2024! As always, this report brings the latest and most critical security updates from Microsoft to help system administrators and security professionals keep their environments secure. The updates this month cover a wide range of vulnerabilities, impacting various Microsoft products and services, including Windows, Microsoft Edge, and Windows Server. Below, we'll break down the key vulnerabilities by impact and exploitation complexity, so you can quickly grasp which areas need your immediate attention. You can read the full report here .…
Welcome to this week’s PortalFuse Weekly Security Update Report. This briefing provides an overview of the latest patch and security developments for Microsoft Windows and Edge. It has been a relatively quiet week for Windows and Edge, but some rumors swirled around issues affecting Microsoft Server with an upgrade being classified as an update. No rest for the weary! Our goal and scope here is Windows and Edge to ensure you have the essential information needed to keep your systems secure and running smoothly. https://portalfuse.io/blog/portalfuse-weekly-security-update-report-windows-and-edge-edition-november-5-2024…
This weekly briefing highlights the key vulnerabilities addressed in Microsoft Edge during October 16-22, 2024. System administrators are encouraged to review this summary, which categorizes the vulnerabilities by type and severity, and to take appropriate action to ensure their systems are up to date.…
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.