Microsoft Teams no longer works on Internet Explorer


Rene Millman

30 Nov, 2020

Millions of Internet Explorer users will be locked out of Microsoft Teams unless they upgrade to Microsoft’s Edge browser instead.

Starting today, the web conferencing service will no longer be available on the legacy browser. The move was announced earlier in the year as part of a push by Microsoft to get people to upgrade to its Chromium-based Edge browser before IE reaches end of life in 2021

Microsoft warns that if users try and access Teams on the unsupported browser, it will display a message explaining the issue and the session limitations. The message also encourages the user to download and use the Teams desktop client or to upgrade to Microsoft Edge, which has been designed to offer “faster and more responsive web access to greater sets of features in everyday toolsets like Outlook, Teams, SharePoint, and more”.

In addition to losing Teams, Internet Explorer is also set to lose access to Microsoft 365. Support for the service on IE11 draws to a close on 17 August 2021, while the legacy version of Microsoft Edge will also reach end of support on 9 March next year.

These changes were announced in a blog post earlier this year. «We’re announcing that Microsoft 365 apps and services will no longer support Internet Explorer 11 (IE 11) by this time next year,» the company said. «Beginning November 30 2020, the Microsoft Teams web app will no longer support IE 11. Beginning August 17 2021, the remaining Microsoft 365 apps and services will no longer support IE 11,” the firm said.

«This means that after the above dates, customers will have a degraded experience or will be unable to connect to Microsoft 365 apps and services on IE 11. For degraded experiences, new Microsoft 365 features will not be available or certain features may cease to work when accessing the app or service via IE 11.

«While we know this change will be difficult for some customers, we believe that customers will get the most out of Microsoft 365 when using the new Microsoft Edge. We are committed to helping make this transition as smooth as possible,” the company added.

The move comes as Microsoft attempts to standardise its online offering around Chromium-based browsers such as Edge and Google Chrome.

Windows 10 might soon be able to run Android apps


Rene Millman

30 Nov, 2020

Windows 10 might soon be able to run Android thanks to a new piece of software that Microsoft is reportedly developing.

Called Project Latte, the software could enable Android apps to run on Microsoft’s operating system with little or no code changes. These apps could be packaged as an MSIX package, a Windows app format that is used to install applications on the OS. 

According to Windows Central, Project Latte is similar to WSL 2 (Windows Subsystem for Linux), which brought Linux applications to the Windows 10 operating system. It claims the tech could appear as soon as late 2021, and that Android apps could be offered through the Microsoft Store for quick deployment.

The project would go beyond previous efforts by Microsoft to bring Android apps to the platform. It already has Your Phone, which streams apps from Samsung phones to Windows 10. However, that requires a phone to be tethered to a Windows PC; Project Latte would no longer require such actions.

The report noted that such apps would not be able to use Google Play Services support as Google restricts this to native Android and Chrome OS devices. This means that Android apps would have to be changed to remove these bits of code before being able to run on Windows 10.

This is not the first time that Microsoft has attempted to bring Android apps to Windows. In 2016, the company pulled the plug on Project Astoria, a tool to allow app developers to port their existing iOS or Android app with minimal or even no code changes.

Basecamp 3 review: More molehill than mountain


K.G. Orphanides

30 Nov, 2020

Basic project management and collaboration tools wrapped into a tidy web and mobile interface

Price 
$99

Basecamp is a web-based business collaboration, project management, and communication platform that allows you to create dedicated workspaces for your business’s teams and projects. Unlike many online collaboration tools, the subscription includes an unlimited number of users.

It also does a lot of hand-holding when you create your account, prompting you to create projects and add colleagues, before presenting its core layout in a video and giving you some sample teams and projects to play with.

You’re also guided through creating welcome messages and check-in questions for your colleagues, with pre-drafted introductions to the system that come in handy if your creativity is running low.

Basecamp is keen to introduce you to its systems through the medium of video and interaction, but there’s also an extensive manual and guide series for the latest Basecamp 3 system, making it easy to distinguish current documentation from that for previous incarnations of the platform.

It’s a fundamentally simple system. There are three categories that you can add colleagues to. HQ is for company-wide announcements and comms. Teams provides a home base for individual departments, such as your finance, marketing or customer support divisions. Finally, Projects allow you to create spaces where people in different roles and departments can communicate and share resources about a specific project they’re collaborating on.

Basecamp 3 review: Features

Each HQ, Team or Project has various tools available to it. A message board, to-do lists and scheduling all work much as you’d expect. Document and file sharing includes support for Google Drive, Dropbox, Box and OneDrive, but not WebDAV. Some document formats, such as PDFs and images, display previews, but spreadsheets and word processor documents have to be downloaded or accessed via their home cloud service if you want to look at them. 

Campfire is a simple chat system with support for emoji and file attachments, including animated gifs, and the ability to tag specific people if you need their attention. It’s not very sophisticated compared to Slack or even Microsoft Teams, without threading, hashtags, multiple channels within a team or an in-chat search. 

However, you can quickly view all posted files and enable or disable notifications when people post, depending on whether you can be disturbed or not, and it’s fine for quick communication with whoever happens to be online.

Automatic Check-ins regularly ask team members a question and collect their answers, with suggested questions asking people what they worked on today, what they’ll be working on this week, what inspires them and whether they’ve read any good books.

The feature seems to primarily be oriented towards team-building and exchanging tips, but could also be used to collate friction points on a given project or, for that matter, photos of your team’s pets. However, it feels intrusive compared to the more natural flow of chat and forum communication.

Finally, and disabled by default, Email Forwards allow you and your team to forward emails – for example from clients or collaborators – to Basecamp. The first time you forward a mail, you’ll get a reply via email asking you to select which team or project area to save it under. Basecamp will at this point generate an email address for that project, and any email you forward to that address in future will be automatically sent there, including any attachments.

Once imported into Basecamp, the Email Forwards interface in the relevant project area will allow you and your colleagues to discuss and reply directly to the message. The interface here, again, isn’t particularly sophisticated – there’s no keyword tagging, for example. But it does the basics well, includes an archive for anything that’s been actioned and finished with, and provides change tracking and sharing options.

Basecamp 3 review: User experience

Each of these tools can be enabled or disabled for individual team and project workspaces, so if your team doesn’t need a given feature it doesn’t have to clutter up their interface. 

On top of that, each user has access to the Pings private chat system; an inbox called Hey (not to be confused with Basecamp’s Hey email service spin-off) which flags up anything awaiting your attention; personal and company-wide activity summaries; quick access to your bookmarks, schedule, assignments and files, and a powerful search feature.

Because Basecamp doesn’t limit the number of users you can have, admins can add as many colleagues as they like, and give them access to whichever sections of Basecamp they need; that means even external contractors can be included without needing to provision and pay for an extra seat. 

You can also invite clients to access projects they’re involved in – your teams get to set each item as viewable by the client or not, and client-accessible content is clearly marked.

Basecamp has a generally clean, pleasant UI to work with, and its web interface resizes tidily across a wide range of resolutions and window sizes. Unlike many SaaS web apps, Basecamp lets you use your browser’s back button freely and without breaking anything.

 The only element that slightly interfered with our workflow was navigating back to previous pages, which is a little non-standard. When you click from, for example, your HQ or Project’s main page to its To-do lists, you get what looks like it might be a pop-up over the previous page. 

In fact, this is an entirely new page with a dedicated URL, and if you go looking for an X or similar to close it, you won’t find one. Instead, the name of the previous Basecamp area can be found at the top of the page, and you click on that to return to it.

Basecamp 3 review: Apps & integrations

Mobile apps are available on the Google Play Store and Apple App Store and provide access to all the same features as the web interface. When you click into any of the company HQ, team or project areas, you’re presented with a list of all the currently enabled tools. 

From there, you can access message boards, Campfire chats, project schedules and so on just as you would via the web interface. Most helpfully, you get all your Basecamp notifications on your phone.

In its vanilla state, Basecamp is better suited to communication and knowledge sharing than formal project management. However, a wealth of integrations are available to provide tools such as Gantt charts, customer support integration, time tracking and automatic cross-communication between Basecamp and widely used services such as G SuiteOutlook and Slack.

Unfortunately, many of these integrations require you to subscribe to a third-party service, which adds to the total cost of your project management toolkit. Even with integrations, some features are entirely missing, conspicuously the ability to create polls, surveys and proposals.

Basecamp 3 review: Pricing

The service’s pricing is refreshingly simple: Basecamp Business costs $99 a month. That’s regardless of how many user seats, teams, projects or external clients you have. If you have more than a few staff, that quickly starts looking very competitive compared to rivals such as Microsoft Project, which starts at $10 per seat or Facebook Workplace Advanced, which costs $4 per user.

Bear in mind, though, that Basecamp is a communications and collaboration solution as much as it is for project management, and some features that are standard in Microsoft Project, such as Gantt charts, have to be bolted on to Basecamp as extensions.

If you’re a freelancer, micro-business or other very small enterprise, then all the Basecamp Business features may feel like overkill. If so, Basecamp Personal is free, giving you three projects, 20 users and a gigabyte of shared storage. You don’t get teams, customer relations features or company-wide announcements, but it also costs zero pounds and can be upgraded later if needed.

If you’re not sure whether the service does everything you’ll need, the 30-day free trial of Basecamp Business doesn’t require a credit card. If you don’t keep the subscription, Basecamp Business downgrades itself to Basecamp Personal. 

Basecamp 3 review: Verdict

Basecamp provides an excellent way of allowing colleagues to communicate both among themselves and with clients, and the fact that it’s a flat-rate service is incredibly appealing, particularly for businesses that work with a lot of external clients or contractors.

Although heavy-duty project management will still call for extra features such as time tracking and charts, Basecamp covers the basics well. Unfortunately, there are a few small quality-of-life refinements that are conspicuous by their absence, such as the ability to look at your project spreadsheets in situ or create a poll to work out the best time for a meeting.

The service is best suited to businesses with multiple small, fast-moving teams and projects whose members need to keep in touch and keep track of core documents and project milestones. It’s definitely a comfortable environment to work in, just not a particularly powerful one.

Basecamp 3 review: More molehill than mountain


K.G. Orphanides

30 Nov, 2020

Basic project management and collaboration tools wrapped into a tidy web and mobile interface

Price 
$99

Basecamp is a web-based business collaboration, project management, and communication platform that allows you to create dedicated workspaces for your business’s teams and projects. Unlike many online collaboration tools, the subscription includes an unlimited number of users.

It also does a lot of hand-holding when you create your account, prompting you to create projects and add colleagues, before presenting its core layout in a video and giving you some sample teams and projects to play with.

You’re also guided through creating welcome messages and check-in questions for your colleagues, with pre-drafted introductions to the system that come in handy if your creativity is running low.

Basecamp is keen to introduce you to its systems through the medium of video and interaction, but there’s also an extensive manual and guide series for the latest Basecamp 3 system, making it easy to distinguish current documentation from that for previous incarnations of the platform.

It’s a fundamentally simple system. There are three categories that you can add colleagues to. HQ is for company-wide announcements and comms. Teams provides a home base for individual departments, such as your finance, marketing or customer support divisions. Finally, Projects allow you to create spaces where people in different roles and departments can communicate and share resources about a specific project they’re collaborating on.

Basecamp 3 review: Features

Each HQ, Team or Project has various tools available to it. A message board, to-do lists and scheduling all work much as you’d expect. Document and file sharing includes support for Google Drive, Dropbox, Box and OneDrive, but not WebDAV. Some document formats, such as PDFs and images, display previews, but spreadsheets and word processor documents have to be downloaded or accessed via their home cloud service if you want to look at them. 

Campfire is a simple chat system with support for emoji and file attachments, including animated gifs, and the ability to tag specific people if you need their attention. It’s not very sophisticated compared to Slack or even Microsoft Teams, without threading, hashtags, multiple channels within a team or an in-chat search. 

However, you can quickly view all posted files and enable or disable notifications when people post, depending on whether you can be disturbed or not, and it’s fine for quick communication with whoever happens to be online.

Automatic Check-ins regularly ask team members a question and collect their answers, with suggested questions asking people what they worked on today, what they’ll be working on this week, what inspires them and whether they’ve read any good books.

The feature seems to primarily be oriented towards team-building and exchanging tips, but could also be used to collate friction points on a given project or, for that matter, photos of your team’s pets. However, it feels intrusive compared to the more natural flow of chat and forum communication.

Finally, and disabled by default, Email Forwards allow you and your team to forward emails – for example from clients or collaborators – to Basecamp. The first time you forward a mail, you’ll get a reply via email asking you to select which team or project area to save it under. Basecamp will at this point generate an email address for that project, and any email you forward to that address in future will be automatically sent there, including any attachments.

Once imported into Basecamp, the Email Forwards interface in the relevant project area will allow you and your colleagues to discuss and reply directly to the message. The interface here, again, isn’t particularly sophisticated – there’s no keyword tagging, for example. But it does the basics well, includes an archive for anything that’s been actioned and finished with, and provides change tracking and sharing options.

Basecamp 3 review: User experience

Each of these tools can be enabled or disabled for individual team and project workspaces, so if your team doesn’t need a given feature it doesn’t have to clutter up their interface. 

On top of that, each user has access to the Pings private chat system; an inbox called Hey (not to be confused with Basecamp’s Hey email service spin-off) which flags up anything awaiting your attention; personal and company-wide activity summaries; quick access to your bookmarks, schedule, assignments and files, and a powerful search feature.

Because Basecamp doesn’t limit the number of users you can have, admins can add as many colleagues as they like, and give them access to whichever sections of Basecamp they need; that means even external contractors can be included without needing to provision and pay for an extra seat. 

You can also invite clients to access projects they’re involved in – your teams get to set each item as viewable by the client or not, and client-accessible content is clearly marked.

Basecamp has a generally clean, pleasant UI to work with, and its web interface resizes tidily across a wide range of resolutions and window sizes. Unlike many SaaS web apps, Basecamp lets you use your browser’s back button freely and without breaking anything.

 The only element that slightly interfered with our workflow was navigating back to previous pages, which is a little non-standard. When you click from, for example, your HQ or Project’s main page to its To-do lists, you get what looks like it might be a pop-up over the previous page. 

In fact, this is an entirely new page with a dedicated URL, and if you go looking for an X or similar to close it, you won’t find one. Instead, the name of the previous Basecamp area can be found at the top of the page, and you click on that to return to it.

Basecamp 3 review: Apps & integrations

Mobile apps are available on the Google Play Store and Apple App Store and provide access to all the same features as the web interface. When you click into any of the company HQ, team or project areas, you’re presented with a list of all the currently enabled tools. 

From there, you can access message boards, Campfire chats, project schedules and so on just as you would via the web interface. Most helpfully, you get all your Basecamp notifications on your phone.

In its vanilla state, Basecamp is better suited to communication and knowledge sharing than formal project management. However, a wealth of integrations are available to provide tools such as Gantt charts, customer support integration, time tracking and automatic cross-communication between Basecamp and widely used services such as G SuiteOutlook and Slack.

Unfortunately, many of these integrations require you to subscribe to a third-party service, which adds to the total cost of your project management toolkit. Even with integrations, some features are entirely missing, conspicuously the ability to create polls, surveys and proposals.

Basecamp 3 review: Pricing

The service’s pricing is refreshingly simple: Basecamp Business costs $99 a month. That’s regardless of how many user seats, teams, projects or external clients you have. If you have more than a few staff, that quickly starts looking very competitive compared to rivals such as Microsoft Project, which starts at $10 per seat or Facebook Workplace Advanced, which costs $4 per user.

Bear in mind, though, that Basecamp is a communications and collaboration solution as much as it is for project management, and some features that are standard in Microsoft Project, such as Gantt charts, have to be bolted on to Basecamp as extensions.

If you’re a freelancer, micro-business or other very small enterprise, then all the Basecamp Business features may feel like overkill. If so, Basecamp Personal is free, giving you three projects, 20 users and a gigabyte of shared storage. You don’t get teams, customer relations features or company-wide announcements, but it also costs zero pounds and can be upgraded later if needed.

If you’re not sure whether the service does everything you’ll need, the 30-day free trial of Basecamp Business doesn’t require a credit card. If you don’t keep the subscription, Basecamp Business downgrades itself to Basecamp Personal. 

Basecamp 3 review: Verdict

Basecamp provides an excellent way of allowing colleagues to communicate both among themselves and with clients, and the fact that it’s a flat-rate service is incredibly appealing, particularly for businesses that work with a lot of external clients or contractors.

Although heavy-duty project management will still call for extra features such as time tracking and charts, Basecamp covers the basics well. Unfortunately, there are a few small quality-of-life refinements that are conspicuous by their absence, such as the ability to look at your project spreadsheets in situ or create a poll to work out the best time for a meeting.

The service is best suited to businesses with multiple small, fast-moving teams and projects whose members need to keep in touch and keep track of core documents and project milestones. It’s definitely a comfortable environment to work in, just not a particularly powerful one.

Black Friday’s best antivirus deals


Bobby Hellard

27 Nov, 2020

Due to the UK’s second lockdown, Black Friday is very much an online affair this year, with deals to be had on pretty much anything. This includes cyber security products for you and your business.

If 2020 has taught us anything, it’s that online and cloud security needs to be tight. This often means paying out for the biggest and best antivirus software, which doesn’t come cheap. Today, however, there are deals to be had. Here are some of the best on offer right now…

Kaspersky Total Security

Kaspersky is offering 50% off all its antivirus software range. Its Total Security package is now just £19.99 to secure a single device for a year (normally £39.99), or £54.99 for up to five devices for 2-years. This is a great option for SMBs.

As well as payment protection, privacy tools and all you need to fend off malware and so on it also comes with premium features, such as a VPN with up to 300 MB of traffic per day and a password management system.

Available on the company’s website

Read our review here

Malwarebytes for Teams

Businesses can get 25% off Malwarebytes for teams, securing up to ten devices for just £28 (normally £38). This protects against each computer, smartphone or tablet from a range of threats, such as malware or ransomware. It offers a comprehensive package with priority support services and a centralised management system.

Available on the company’s website

Eset Smart Security Premium

Eset Smart Security Premium is usually £59.99, but is now just £35.99. Users can surf the web safely with banking and payment protection, a ransomware shield, anti-phishing technology that spots fraudulent websites and malicious email attachments, and also a feature that helps to locate and lock any lost or stolen devices.

Available on the company’s website

Read our review here

Avast Ultimate Security

There is a 50% saving to be made on Avast’s Ultimate security package, now just £59.99 for the year. This covers up to ten devices, with the company’s premium security tools, VPN access, and also a cleanup service that prevents devices from freezing or crashing to maintain smooth performance.

Available on the company’s website

Read our review here

McAfee Total Protection

McAfee Total Protection is on offer with a £75 discount per year. That’s a two-year subscription for £54.99 to cover up to ten devices. This includes online security, VPN, password management, payment protection and 24-hour support from McAfee experts.

Available on the company’s website

Read our review here

Analysts: Salesforce could use Slack Connect to expand networking ambition


Bobby Hellard

26 Nov, 2020

Salesforce‘s interest in acquiring Slack could be the answer to its long search for a customer collaboration service.

The deal, which is reportedly being discussed by the two companies, could potentially see a B2B collaboration network built within Slack Connect, according to analysts.

Salesforce has added a variety of companies to its portfolio in recent years, using its expanding market cap to branch out into new sectors. MuleSoft was acquired in 2018 for $6.5 billion, and a further $15.3 billion was spent on data visualisation company Tableau in 2019.

However, a deal to acquire Slack would represent one of the biggest ever acquisitions in tech. The comms platform is currently valued at around $20bn, but it’s thought that the full cost of the acquisition could be on par with Microsoft’s $27 billion purchase of LinkedIn in 2016, or even IBM’s $34 billion deal to take over Red Hat in 2019.

A deal for the comms platform would play well with Salesforce’s strategy, according to CCS Insight principal analyst Angela Ashenden, particularly with the potential of a B2B collaboration network based on Slack Connect – the company’s fledgeling external messaging service.

Salesforce has been in the market for an employee collaboration opportunity for some time, according to Ashden. In 2010, the cloud giant tried to launch its own service, ‘Chatter’, and later ‘Community Cloud’, but neither provided an extended reach outside of sales.

«In order to maintain the high rate of growth that it has achieved for the last few years, Salesforce has been investing in initiatives that will enable it to expand its footprint in customer organisations,» Ashenden told us. «However, the majority of its current applications portfolio doesn’t allow it significant reach beyond the sales and marketing organisation.»

Sophos warns customers of potential data leak


Bobby Hellard

26 Nov, 2020

UK cyber security firm Sophos has notified customers that data has potentially been leaked online due to a misconfigured database.

The company said it was alerted to the misconfiguration by a security researcher, and that it fixed the issue immediately.

However, a «small subset» of the company’s customers were affected, with first and last names, email addresses and phone numbers thought to have been accessed. Earlier this week Sophos began emailing those customers thought to have been affected.

«On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,» an email to customers read, as seen by ZDNet.

It added that additional safeguards had now been implemented to ensure access permission settings can’t be exploited in the future.

This is the second major security incident in 2020 for Sophos after cyber criminals exploited a zero-day vulnerability in the firms XG firewall in April. Attackers used this to deploy ransomware but were eventually foiled by the security firm.

«At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,» the company said. «Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.»

While the breach may cause some embarrassment for Sophos, the incident will unlikely lead to any major consequences for its customers or regulatory action for the company itself, according to Ilia Kolochenko, founder & CEO of web security company ImmuniWeb.

«No highly sensitive information, such as banking, health or credit card data, was reportedly exposed,» Kolochenko told IT Pro. «Moreover, many users that approach support, commonly use central phone numbers or even fake emails that are of not much value to hackers. Sophos’s open reaction to the incident seems to be swift and professional, taking accountability for the incident with adequate mitigation.

«Compared to the countless data breaches with disastrous consequences in 2020, this minor incident will unlikely to attract the attention of law enforcement agencies or regulatory authorities.»

IBM to axe 10,000 staff in Europe ahead of legacy IT spin off


Carly Page

25 Nov, 2020

IBM is planning to cut around 10,000 jobs in Europe as it prepares to spin off its legacy IT unit. 

Bloomberg reports that the losses will affect about 20% of IBM staff in the region. The majority of the cuts will be made in the UK and Germany, people familiar with the matter told the publication, with IBM also planning cuts in Poland, Slovakia, Italy and Belgium.

IBM’s legacy IT services business, which handles infrastructure operations such as managing client data centres and operating equipment, will be the hardest hit, according to the report.

The company announced in October that it planned to spin off this business into a separate public company in order to focus on AI capabilities and hybrid cloud, which IBM CEO Arvind Krishna described as a $1 trillion opportunity. The company hopes that separating its two businesses will help return it to revenue growth. 

This latest round of job cuts, which comes after IBM in May announced plans to reduce its headcount, was reportedly announced earlier this month during a meeting with European labour representatives, according to a union officer briefed on proceedings.

The jobs cuts are expected to be completed by the first half of 2021, while the tax-free spin-off of its legacy IT unit will be completed by the end of next year.

Two thirds of UK organisations facing digital skills gap


Sabina Weston

24 Nov, 2020

Over two thirds (69%) of surveyed UK leaders believe that their organisation is currently facing a digital skills gap, according to a new report conducted by Microsoft and Goldsmiths, University of London.

Additionally, 44% of the 600 leaders surveyed indicated that they fear the current lack of digital skills in their organisation will have a negative impact on their organisation’s success.

This feeling is shared across other tiers of the organisation, with 63% out of the 2,000 surveyed employees saying that they believe they do not have the appropriate digital skills to fulfil new and emerging roles in their industry.

The report found that the most significant barriers faced by organisations when addressing the skills gap were cost (37%), a lack of skills investment strategy (28%), and a lack of knowledge on which skills initiatives to focus on (23%).

Microsoft’s chief learning officer Simon Lambert described digital skills as “the currency of digital transformation”.

“For individuals, organisations and the UK as a whole, they will play a vital role in unlocking the way forward,” he added.

“At a time when digital innovation is accelerating, we see it as our responsibility to help people acquire the right skills to succeed – be that for their own benefit, to boost the performance for the organisations they work for or to future-proof the UK’s competitiveness on the global stage,” said Lambert.

Investment in digital skills will be important to the country’s economic recovery following COVID-19, according to 80% of UK leaders, while 78% said that a large pool of digital talent will be essential to driving UK competitiveness.

The findings, which were revealed during Microsoft’s Digital Skills Week, come weeks after the tech giant launched a new campaign that aims to help 1.5 million UK citizens build careers in technology over the next five years.

Get On 2021, which is supported by KPMG, Unilever, and the Department of Work and Pensions (DWP), aims to address the widening digital skills gap in the UK tech sector as well as accelerate technology adoption, drive productivity, and enhance competitiveness.

VMware sounds alarm over zero-day flaws in multiple products


Keumars Afifi-Sabet

24 Nov, 2020

VMware has warned its customers about a critical vulnerability present across several of its products, including Workspace One Access and Identity Manager, that could allow cyber criminals to take control of vulnerable machines.

The command injection flaw, tracked as CVE-2020-4006 and rated 9.1 on the CVSS threat severity scale, can be exploited in a host of VMware products, the company has warned. There’s currently no patch available, although the firm has issued a workaround that can be applied in some instances. There’s also no mention as to whether the flaw is being actively exploited in the wild or not.

Hackers armed with network access to the administrative configurator on port 8443 and a valid password to the admin account can exploit the flaw to execute commands with unrestricted privileges on the underlying operating system (OS)

The affected services include VMware Workspace One Access, Workspace One Access Connector, Identity Manager, Identity Manager Connector, Cloud Foundation and vRealize Suite Lifecycle Manager. 

The vulnerability can be exploited in some products hosted on Linux but not on Windows, and either operating system for other products. The full details on which software and OS configurations are affected are outlined on VMware’s security advisory.

Until a patch is released, VMware has outlined a workaround that can be applied to some product lines but not all. Customers using Workspace One Access, VMware Identity Manager, and VMware Identity Manager Connector can follow the detailed steps outlined here, relevant to the configurator hosted on port 8443. This involves running a set of commands for all affected products.  

The workaround isn’t compatible with other products beyond those three that may be affected, and customers will have to keep their eyes peeled for any news of a patch as and when one is released. 

News of this command injection vulnerability has arrived only days after VMware confirmed two critical flaws in its ESXi, Workstation, Fusion and Cloud Foundation products.