Tag: computing

Posted on

The elephants in the room at Computex

This year’s Computex, the first since Taiwan eased pandemic-related travel restrictions, was a celebration of the world’s computing and chip industries. But amid the exhibitions, speeches and product announcements, like Jensen Huang’s packed Nvidia keynote (just a day before the company hit a trillion dollar valuation), several topics were barely hinted at, at least publicly. The fact of the matter is, that amid issues like geopolitical tensions and AI-induced chip shortages, the semiconductor industry is in a lot of turmoil. Here are some of the things left mostly unsaid at Computex.

1. Geopolitics making life more complicated for chipmakers

As relationships between the U.S. and Chinese governments continue to get frostier, things are getting messy in the semiconductor industry. The two countries’ ongoing war over the chip industry will have an increasing impact on how semiconductor supply chains are managed, especially for superchips required in generative AI and other high-powered computing tasks.

Last October, the U.S. passed new exports laws requiring U.S. chip makers to get a license from the Commerce Department before exporting advanced chips, including ones used in AI, and chip-making equipment to China. The U.S., Japan and the Netherlands also reached an agreement to stop exports of chip manufacturing tools to China. Companies caught up in the new restrictions included Nvidia, which was restricted from selling A100 and H100 GPUs to China, costing it up to $400 million. Both chips are used for training large language models like OpenAI’s GPT-4. In response, Nvidia made a slower chip for sale to China.

In its turn, China opened a probe into American memory chip maker Micron over cybersecurity concerns before banning sales of some chips. The ban could have benefited Micron competitors in China like Samsung Electronics and SK Hynix, but the U.S. reportedly asked South Korea not to fill China’s market gap if Micron got banned. That’s all happened over the past half year, and it’s not over-the-top to expect the U.S.-China tit-for-tat will have a dramatic, worldwide impact on the semiconductor industry in the coming months.

The world’s biggest chipmaker with 59% global market share, TSMC, is based in Taiwan and while it might not have to contend with the same sanctions that American companies do, many of its biggest customers are in China. As a result, TSMC has reportedly been hedging its bets. According to a Bloomberg report published shortly after the U.S. issued its sanctions, TSMC suspended production of advanced chips for Chinese startup Biren to make sure it complies with U.S. regulations.

TSMC, like all other Taiwanese semiconductor companies, are also dealing with Taiwan-China relations. TSMC has built foundries in the U.S. and Japan, but most of its production is still in Taiwan, which leaves open questions about what will happen to its chips, which much of the world’s tech companies rely on, if Taiwan-China relations continue to escalate.

2. How TSMC’s work culture will translate

TSMC plans to spend $40 billion on its two Arizona fabs, which make advanced chips. TSMC founder Morris Chang has stated that Taiwan’s work culture is one of the reasons it boosts the world’s top semiconductor companies. As an example, he said TSMC’s around-the-clock on-call practices mean if a piece of equipment breaks down at 1AM, it will be fixed within an hour, as opposed to 9AM in the U.S. But the intensity of TSMC’s labor practices have come under examination, including in a report earlier this month by the New York Times that found it and other companies with a similar work culture face high turnover, despite the prestige of working for them.

With the opening of TSMC’s first foundry in Arizona, it may also be finding its way into a cultural clash. The EE Times interviewed a principal engineer in the U.S. who said, “more or less, the culture needs to changed, but the overall work environment and requirements have been established in Taiwan for a long time. So this will be transplanted to TSMC Arizona. Some small modifications should make it more acceptable, but the American engineers will need to adapt to the work environment and this kind of culture.”

3. Talent shortages

Employee attrition and lack of talent in general has the potential to be a big headache for semiconductor companies around the world as the industry’s growth is expected to outstrip the increase in skilled workers. In a recent report, Deloitte estimated that more than one million additional workers will be needed globally by 2030, or more than 100,000 annually. In the U.S., there are less than 100,000 graduate students enrolled in electrical engineering and computer science, and the U.S. semiconductor industry could face a shortage of about 70,000 to 90,000 workers soon. Unless something changes, this means the CHIPS Act’s attempt to turn the U.S. into a semiconductor powerhouse might simply lack the necessary manpower.

4. AI chip shortages

Human talent isn’t the only thing in short supply. Generative AI computing runs on chips, mostly GPUs made by Nvidia, but those are getting increasingly scarce. Microsoft is reportedly facing an internal shortage of the server hardware it needs to run its AI, and according to the WSJ, OpenAI CEO Sam Altman said during a May 16 Congressional hearing that it would be better if less people used ChatGPT because of the processor bottleneck. Some servers manufacturers and direct customers told the WSJ that they are waiting more than 6 months to get Nvidia’s latest GPUs. DigiTimes reported earlier this month that Nvidia has placed more orders for chips that need TSMC’s chip on wafer on substrate (CoWoS) packaging in a bid to ease the bottleneck. The chip shortage may be causing huge amounts of stress for generative AI companies and startups, but it’s one of the reasons Nvidia stock has soared to a trillion dollar valuation.

Meanwhile, startups and large companies like Intel and NTT are working on alternatives like photonic chips. As my colleague Kyle Wiggers reports, photonic chips use light to send signals instead of electricity like conventional processors. In theory, this means higher training performance because light produces less heat than electricity, can travel faster and is less susceptible to changes in temperature and electromagnetic fields. But there are several catches. For one thing, photonic chips are larger and difficult to mass produce, and their architectures still rely on electronic control bottlenecks, which can create bottlenecks. Secondly, they require a lot of power to convert data into a format the chips can work with. And finally, signal regeneration, or the process of regenerating optical signals degraded during transmission through photonic chips, means signals can become distorted over time. As a result, it maybe years before photonic tech becomes mainstream (even with photonic AI startups like Lightmatter getting big chunks of funding), and in the meantime, generative AI companies will continue to hustle for GPUs.

It’s important to note, however, that there is talk that the AI bubble may burst at some point, especially if regulators become more cautious and start to take action. The chip industry over-produced during the pandemic in response to shortages, and as a result there is now a surplus of memory chips.

5. The Taiwan drought’s impact on chip supplies

With the rainy weather in Taipei this past week, it might be hard for Computex visitors from out of town to believe, but Taiwan is undergoing yet another drought. The previous one in 2021 had a negative impact on the country’s semiconductor manufacturing because producing chips takes a huge amount of water. TSMC, for example, uses more than 150,000 tons per day. During the last drought, it relied on truckloads of water to continue making chips.

This time around, TSMC is prepared, not only with rented water tanks but also new wells. It told Nikkei Asia that it “has contingency plans for different water restriction stages and works with the government and private organizations to save water and develop water resources.” It has also enacted water conservation measures at its facilities in the Southern Taiwan Science Park, including reducing water consumption and recycling wastewater.

The elephants in the room at Computex by Catherine Shu originally published on TechCrunch

Posted on

NebulaGraph reaps from China’s growing appetite for graph databases

Graph databases, which store information in nodes and relationships instead of tables like Excel sheets, have grown in popularity amid an explosion of data across industries. While TigerGraph and Neo4j have dominated the Western market, China is seeing its own homegrown pioneers in the space.

NebulaGraph is one of China’s fastest-growing startups offering graph databases with open-source and enterprise subscription options. Two years after we covered its $8 million funding round, the company announced this week that it has closed a Series A round led by Jeneration Capital. The company did not specify how much it has raised, only saying it’s in the “low tens of millions” of dollars.

Other investors in the round include Matrix Partner China, Redpoint China Ventures, and Source Code Capital.

NebulaGraph has recorded some encouraging growth over the last two years, during which its user number soared to over 900 from just 60, including freemium and paid ones. The types of users have also broadened. Two years ago, customers were mainly using NebulaGraph to explore data relationships on social media, e-commerce, and fintech platforms. Since then, the startup has attracted companies from the manufacturing sector, the most surprising ones being electric vehicle and airplane makers.

The EV supply chain is highly sophisticated and each car sale can generate reams of data from the design stage to after it ships, said founder and CEO Sherman Yu, who previously worked at Ant Group and Meta. Even a small defect in a nail could have a big ripple effect on the vehicle, so manufacturers keep a mountain of information detailing the conditions of various parts, such as which supplier and even worker is responsible for them.

That’s not the end of data collection. In today’s hyper customization, internet-connected vehicles are also learning driver and passenger behavior. That means auto companies need more robust tools to process the ocean of data they own, which is where graph databases come into play.

“You could still find relationships in data before, but relational databases become very slow as the data set grows,” explained Yu. Much of what NebulaGraph does for its customers is real-time, like shopping recommendations, so speed is critical.

Other emerging user cases for NebulaGraph include AI-based drug discovery and chip design, Yu added.

Some 90% of the company’s users are in China, but like many maturing open source SaaS firms, NebulaGraph has a vision of venturing into the West and building a global developer community. The company’s plan to open an office in the U.S. was “stalled” by the COVID-19 pandemic, Yu said, but it’s retooling resources to bring back global expansion in 2023.

While many of China’s consumer-oriented startups are going global as regulatory uncertainties rise at home, NebulaGraph wants a piece of the Western SaaS market because it’s “more mature,” said Yu.

With the world’s largest internet population, China clearly has an abundance of data to mine. The problem is that from scrappy startups to deep-pocketed corporations, the willingness to pay for SaaS remains low. That’s in part due to China’s long history of software piracy and its relatively low labor costs, which make workplace automation less urgent than in the West.

There’s also a legacy accounting issue, Yu explained. Till today, China still hasn’t formally classified computer software — whether it should be categorized as assets or costs, making it tricky for companies to do their books.

Neo4j raises Neo$325M as graph-based data analysis takes hold in enterprise

NebulaGraph reaps from China’s growing appetite for graph databases by Rita Liao originally published on TechCrunch

Posted on

Singapore’s KNN3 wants to enable social discovery for decentralized apps

There’s no shortage of startups trying to make sense of the explosive growth of data generated from blockchain applications. Nansen has the support from a16z to provide on-chain data analysis for crypto investors. The Graph offers an API for developers to query blockchain data. The latest to get VC recognition is KNN3, a Singapore-based startup working to help developers make sense of relational data across blockchains.

When we get on a social network, the first thing that surfaced is normally suggestions for following. This information is based on analyses of our digital footprint history. KNN3 wants to do the same in web3 by building graph databases that analyze users’ relationships, status, memberships, and other on-chain actions.

The blockchain data space is already quite crowded, co-founder Thomas Yu admitted, but there’s still room for more specialized services. Nansen and web3 development platform Alchemy come in the form of centralized SaaS products. The Graph is “programmable”, but the data structure it supports is quite “limited”, Yu argued.

That’s why Yu, along with his former BTC China colleague Errance Liu, set out to build KNN3, a permissionless (hence decentralized) tool for developers to draw insight from cross-blockchain user data.

KNN3 is starting out by targeting consumer-facing dApps in Asia. While much of web3’s infrastructure building is happening in the West, Asia is generally regarded as the innovation hub of consumer applications, highlighted by the popularity of GameFi platforms like Axie Infinity and StepN. One of KNN3’s better-known customers is Mask Network, which enables users to send cryptocurrencies on web2 services and is now building a decentralized identity system using KNN3’s tech.

In the U.S., in contrast, KNN3 plans to go after enterprise-facing organizations like Chainlink, which feeds real-life data called “oracles” into smart contracts and where Yu used to work. KNN3 is weighing a new product that would provide cloud services built on top of Chainlink’s oracles, which, eventually, will allow developers to build and run decentralized apps and smart contracts without worrying about the “fundamental data layer.”

“What that means is that a developer can use a web2 tool like Google Cloud but actually is building a web3 tool, rather than writing a smart contract and making it work across chains. KNN3 has built the trustless infrastructure using oracles and developers can simply run a container within it,” explained Yu.

KNN3 said it has raised $2.4 million in a seed funding round led by the crypto-focused venture capital firm HashGlobal and Liang Xinjun, former vice chair and CEO of Chinese conglomerate Fosun International. The round closed in April but was only announced it this month.

The seed investment also had a long string of participating investors — a seemingly popular strategy for blockchain startups to form allies early on. They include Mask Network, MetaWeb Venture, Eniac Venture, Tess Venture, Stratified Capital, Fundamental lab, Incuba Alpha, Zeuth Venture, Cogitent Venture, Atlas Capital; Impossible Finance, RSS3, ShowMe, and ETHsign’s co-founders Yan Xin and Potter Li.

KNN3 currently employs a team of 24 across Singapore, China, Europe, and the U.S. With the funding, it looks to attract more tech talent from Silicon Valley. “It’s a good time to hire in the bear market because a lot of rivals are downsizing,” Yu said.

With maiden $42M fund, Bonfire Union wants to invest in web3 like Tencent does in Web 2.0

Singapore’s KNN3 wants to enable social discovery for decentralized apps by Rita Liao originally published on TechCrunch

Posted on

Private equity’s gatekeepers get serious about tokens

Welcome to Chain Reaction, where we unpack and explain the latest in crypto news, drama and trends, breaking things down block by block for the crypto curious.

For our Thursday episode this week, we dug into the institutional embrace of blockchain by stodgy financial powerhouses including mega PE firm KKR which announced this week that they were tokenizing one of their latest funds to provide access to slightly less rich wealthy investors. While it’s far from pervasive financial democratization, the move attracted a lot of attention, which we dissected.

We also covered:

  • A Supergroup of financial institutions including Fidelity, Schwab and Citadel are teaming up to build a new digital asset exchange called the EDXM. Is this a signal of institutional fervor or just more groupthink?
  • The White House’s Office of Science and Tech Policy released a sweeping report on the energy usage of the cryptocurrency industry; The report signals future pressures on Bitcoin miners to reduce greenhouse gas emissions or else.

Chain Reaction comes out every Tuesday and Thursday at 12:00 p.m. PT, so be sure to subscribe to us on Apple Podcasts, Overcast and Spotify to keep up with the action.

Private equity’s gatekeepers get serious about tokens by Lucas Matney originally published on TechCrunch

Posted on

Miners flee to Ethereum Classic as ‘the Merge’ arrives

The Merge, the long-awaited software upgrade that promises to make Ethereum transactions a lot greener, is expected to put miners out of jobs. But miners are not quitting outright. With big bucks invested in computing hardware, many of them are seeking refuge in an alternative branch of Ethereum.

Ethereum Classic, a hard fork of the Ethereum network, saw its hash rate soar to a record high on Thursday morning shortly after the Merge was completed. Hash rate is the computational power used to approve transactions on a blockchain, a mechanism called proof-of-work. Following the Merge, Ethereum is switching to a consensus method called proof-of-stake. Instead of competing with powerful computers and essentially chips, node operators stake their cryptocurrencies to win the chance to validate transactions.

Ethereum Classic, which trades as ETC, grew out of an ideological rift within the Ethereum community. In 2016, the Ethereum Foundation underwent a hard fork to reverse a significant hack that involved $150 million of investor funds. The other version of the fork, which became Ethereum Classic, kept the hack in order to preserve the immutability proposed by blockchain technology.

Aside from keeping the network’s ledgers pristine, Ethereum Classic also continues to practice the PoW method, attracting miners made redundant by the mainstream Ethereum (ETH). But the classic blockchain is far less popular than Ethereum today. ETC is currently the 17th largest cryptocurrency with a market cap of just around $5.3 billion, while ETH is hovering around $195 billion.

Nonetheless, miners are piling into ETC, which might undermine some of the environmental benefits of the Merge. As James, who has been mining since 2017, said: “ETH is an abandoned project by the ETH foundation and we are the abandoned miners. Rigs are invested and facilities are set up with nowhere to go. The only viable option at the moment is Ethereum classic.”

“Miners did not stop mining, they just shift to other options to mine. Energy consumption continued,” he added.

Mining was a hugely lucrative business for those who got in early. Bitmain, the world’s largest crypto equipment maker, was racking up a net profit of nearly $1 billion in the first half of 2018 as demand soared. The gold rush has unintended consequences, too, as its reliance on computational power exacerbated the global chip shortage over the past few years.

The U.S. is the world’s largest source of hash rate today with China coming in second, according to research from the University of Cambridge. China was for a long time the world’s top mining hub before Bejing imposed a blanket ban on the industry it deemed polluting and obsolete. Its share of Bitcoin hash rate accounted for up to 90% of the world’s total in September 2020 before crashing to zero following the crackdown in July 2021, but the number has since rebounded as many miners are believed to have resumed work in a more discreet manner.

‘The Merge’ could be good news for China’s Ethereum enthusiasts

Miners flee to Ethereum Classic as ‘the Merge’ arrives by Rita Liao originally published on TechCrunch

Posted on

Lido, Coinbase, Kraken and Binance stake majority of ETH. Does that matter?

The Ethereum network is nearing its final hours before the Merge, which will move one of the most important global blockchains from a proof-of-work (PoW) system of achieving consensus to proof-of-stake (PoS).

The upgrade to the blockchain has raised concerns in the crypto community that Ethereum could become less decentralized — more centralized — by moving to PoS from PoW, the latter of which powers the Bitcoin blockchain, for example.

Concerns regarding an increase in centralization due to PoS on the Ethereum blockchain post-Merge may have some merit. The current Ethereum staking market — staking is how Ethereum token (ETH) holders could contribute to the Merge before its execution and how consensus and new tokens will be distributed afterward — isn’t as decentralized as some may think.

Lido, Coinbase, Kraken and Binance stake majority of ETH. Does that matter? by Jacquelyn Melinek originally published on TechCrunch

Posted on

Arpeggi Labs banks a16z funding to build web3 music software

The quest to define what exactly a web3 use case looks like hasn’t always been easy, but has allowed plenty of founders to get creative in building out products designed to tap the ethos of decentralization and the business opportunities of the creator economy.

Arpeggi Labs, a new crypto startup focused on using blockchains to make music creation more collaborative, has scored $5.1 million in seed funding from Andreessen Horowitz’s crypto arm alongside a host of artists including names like Steve Aoki, 3LAU and Wyclef Jean.

The team’s goal is to tap the blockchain to build a music creation suite that bakes in an open source ethos, allowing producers to sample a wide variety of songs and sounds while the platform ensures that credit always flows back to original creators appropriately.

Founders Evan Dhillon, Kyle Dhillon and James Pastan believe that this setup will encourage a new type of “remix culture” to permeate through the music industry, allowing TikTok-like creative repurposing of IP that will lift all of the creators that contributed to a viral hit. This is a functionality that may not innately require the blockchain, but Arpeggi’s founders say the technology simply makes it easier.

“In music, we’ve seen people immediately resist anything in web3 because they see it as a scam,” co-founder Pastan tells TechCrunch. “We’ve abstracted as much of the crypto as we can… and we’ve always leaned away from the speculative element.”

To make this dream happen, Arpeggi is aiming to go beyond developing a protocol and build an entire in-browser digital audio workstation that allows producers to mix blockchain-minted beats while integrating with the wider arena of web2 and web3 music platforms.

The free platform not only serves as a hub for creation but consumption, an opportunity that may align blockchain incentives but could also present a daunting challenge for finding a cohesive audience.

While the company hasn’t landed on whether they’re looking to issue a token for the platform down the road, the founders say they are mainly focused on enticing music professionals who haven’t already aligned themselves with the web3 mantra, but are excited about the idea of the industry doubling down on open source.

Any sounds that you hear are sounds that you should create with,” co-founder Kyle Dhillon tells TechCrunch.

Web3 artist Latashá on educating creators about crypto’s ebbs and flows

Arpeggi Labs banks a16z funding to build web3 music software by Lucas Matney originally published on TechCrunch

Posted on

Google Photos redesigns its Memories feature with vertical swiping, more video, and other creative tools

As consumer social apps shift their focus to video for social expression and adopt more creative tools, like those for collage-making, Google Photos’ often more utilitarian app will now do the same. The company today announced an upgrade to Google Photos and its app for mobile devices that will better highlight users’ videos, create visual effects with photos set to music, introduce its own collage editor, and more.

The additions are a part of a larger upgrade to Google Photos’ Memories feature, first introduced in 2019.

A combination of something like Stories and Facebook’s Memories, Google Photos Memories similarly helps users look back at their older photos, organized into collections at the top of the app’s main screen — where Stories are often found in social apps. Last year, Google Photos upgraded Memories using machine learning technology to identify patterns across your photos, and added other types of Memories, like those that highlighted things like events and holidays.

Now, Google is rolling out another redesign to Memories, which introduces more video into the experience.

The service will automatically select and trim the best snippets from your longer videos using machine learning as part of this enhancement, Google says.

The changes come at a time when tech companies are seeing increased use of video among users. Meta earlier this year said Reels was making up 20% of time users spent on Instagram and video overall makes up 50% of the time users spent on Facebook, for example. Google Photos is seeing a similar trend. The company tells TechCrunch video uploads grew 4 times faster than photo uploads over the past two years, which is why it’s chosen to invest in more video tools.

The updated version of Google Photos will also do more with music, including by adding music to more Memories and setting multiple still photos to music in its “Cinematic Photos” visual effect feature. Launched in 2020, Cinematic Photos leverages machine learning to create 3D versions of your photos by predicting the image’s depth, then animating a smooth panning effect. It later expanded this effect to include stitched-together photos it called Cinematic Moments, which also give an illusion of a more 3D-like image.

Another new set of features in today’s update is focused on enhancing creativity and social sharing.

This includes a new feature called Styles, which automatically adds graphic art to your Memories by placing them on colorful backgrounds, for instance. Artists Shantell Martin and Lisa Congdon contributed to this feature at launch.

And as demand for Pinterest’s new collage maker Shuffles heats up, Google Photos is jumping on this trend with its own collage editor that will let users select a design, pick out and edit photos, then rearrange their layout using drag-and-drop controls.

Image Credits: Google

Photo Memories can also now be shared with friends and family, starting on Android with iOS and web to come.

A smaller, but interesting addition — and one not noted by Google’s official announcement — involves how you navigate through Memories following the update.

While you can still tap left or right to move between the photos within a given Memory — as you would with most Stories — when you move through Memories, you’ll now swipe up and down.

This user interface design choice, of course, is a nod to TikTok, whose vertical video feed has infiltrated so many top consumer apps.

And with Memories becoming more video-heavy with this update, it’s possible that some users’ retrospectives will now feel more like personal, private TikToks rather than static Stories going forward.

The updates are rolling out today to Google Photos and its mobile app.

Google Photos redesigns its Memories feature with vertical swiping, more video, and other creative tools by Sarah Perez originally published on TechCrunch

Posted on

Meltem Demirors on why society isn’t ready for a crypto-driven revolution yet

Meltem Demirors hasn’t just been working in crypto for seven years — she’s been shaping its trajectory. Demirors, chief strategy officer at publicly traded European digital asset manager CoinShares, got her start in the space when she went to MIT for business school and became immersed in the world of fintech startups, back when Bitcoin was the only major cryptocurrency in mainstream discourse. Soon after, she met Barry Silbert and Ryan Selkis, founders of crypto investment firm Digital Currency Group, and got involved as one of the company’s earliest employees.

The rest is history, as Demirors told us on this Tuesday’s episode of Chain Reaction. But even though Demirors first got into this field because of Bitcoin, and still “loves” the cryptocurrency, she’s over the infighting in the crypto community, a tension that is particularly heated between Bitcoin proponents, known as “Bitcoin maxis,” and staunch supporters of other blockchains. You can listen to the full interview with Demirors below.

“I think it has become highly polarizing. People in the industry more broadly self-identify as Bitcoin maximalists, people self-identify as crypto maximalists, there are all of these labels we sort of apply. But the truth is probably much more nuanced,” Demirors said.

As with many other early adopters of crypto, Demirors’ passion for its underlying technology stemmed in some ways from the ideology that shaped Bitcoin’s inception, a largely skeptical political point of view that is critical of governments and institutions and seeks to use crypto as a means to reclaim financial power for everyday individuals.

“Everyone I interact with [in Bitcoin] is intellectually really engaged. There was a political element, which I found interesting because I’ve never really thought of myself as a political person,” Demirors said. Being exposed to that element got Demirors thinking about the role of money in society and our political system, which helped her make the leap from her previous corporate finance jobs into the role at Digital Currency Group after graduate school.

Demirors admits the ideological fervor behind crypto has shifted as the asset class has gained popularity.

“We’ve recognized that in order for Bitcoin and cryptocurrencies to achieve adoption, we do need to collaborate with institutions,” Demirors said. “I also think there’s growing recognition that the regulatory environment necessitates certain types of behavior, as we saw in Tornado Cash recently. And so I think where we’re at now is that it doesn’t necessarily feel like revolution; it feels more like evolution.”

She added that while she believes experimentation on the fringes of cryptocurrency still feels very revolutionary from a capability perspective, systemic change will take much more than just new technology.

“It involves policy, it involves institutions and involves education and a lot of other complex cultural and societal factors. I think we still haven’t hit that major inflection point. And I think it will probably take some time to materialize,” Demirors said.

Crypto’s biggest powerhouse flexes on its competition

Meltem Demirors on why society isn’t ready for a crypto-driven revolution yet by Anita Ramaswamy originally published on TechCrunch

Posted on

Microsoft patches a new zero-day affecting all versions of Windows

Microsoft has released security fixes for a zero-day vulnerability affecting all supported versions of Windows that has been exploited in real-world attacks.

The zero-day bug, tracked as CVE-2022-37969, is described as an elevation of privilege flaw in the Windows Common Log File System Driver, a subsystem used for data and event logging. The bug allows an attacker to obtain the highest level of access, known as system privileges, to a vulnerable device.

Microsoft says users running Windows 11 and earlier, and Windows Server 2008 and Windows Server 2012, are affected. Windows 7 will also receive security patches, despite falling out of support in 2020

Microsoft said the flaw requires that an attacker already has access to a compromised device, or the ability to run code on the target system.

“Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link,” said Dustin Childs, head of threat intelligence at the Zero Day Initiative (ZDI). “Once they do, additional code executes with elevated privileges to take over a system.”

Microsoft credited four different sets of researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the flaw, which may be an indication of widespread exploitation in the wild.

Dhanesh Kizhakkinan, senior principal vulnerability engineer at Mandiant, told TechCrunch that the company discovered the bug “during a proactive Offensive Task Force exploit hunting mission,” adding that the exploit appears to be standalone and is not part of an attack chain.

Microsoft did not share details about the attacks exploiting this vulnerability and did not respond to our request for comment.

The fixes arrived as part of Microsoft’s regularly scheduled monthly release of security fixes, dubbed Patch Tuesday, which includes a total of 63 vulnerabilities in various Microsoft products, including Microsoft Edge, Office, and Windows Defender.

Microsoft also released patches for a second zero-day flaw, tracked as CVE-2022-23960, which it describes as a cache speculation vulnerability known as “Spectre-BHB” affecting Windows 11 for ARM-based systems. Spectre-BHB is a variant of the Spectre v2 vulnerability, which can allow attackers to steal data from memory.

Earlier this week, Apple moved to patch a zero-day under active attack in iOS and macOS.

Apple releases iOS and macOS fixes to patch a new zero-day under attack

Microsoft patches a new zero-day affecting all versions of Windows by Carly Page originally published on TechCrunch