Whether you care about Microsoft’s Copilot AI assistant or not, many new PCs introduced this year have included a dedicated Copilot key on the keyboard; this is true whether the PC meets the requirements for Microsoft’s Copilot+ PC program or not. Microsoft’s commitment to putting AI features in all its products runs so deep that the company changed the Windows keyboard for the first time in three decades.
But what happens if you don’t use Copilot regularly, or you’ve disabled or uninstalled it entirely, or if you simply don’t need to have it available at the press of a button? Microsoft is making allowances for you in a new Windows Insider Preview build in the Dev channel, which will allow the Copilot key to be reprogrammed so that it can launch more than just Copilot.
The area in Settings where you can reprogram the Copilot key in the latest Windows Insider Preview build in the Dev channel. Credit: Microsoft
There are restrictions. To appear in the menu of options in the Settings app, Microsoft says an app must be “MSIX packaged and signed, thus indicating the app meets security and privacy requirements to keep customers safe.” Generally an app installed via the Microsoft Store or apps built into Windows will meet those requirements, though apps installed from other sources may not. But you can’t make the Copilot key launch any old executable or batch file, and you can’t customize it to do anything other than launch apps (at least, not without using third-party tools for reconfiguring your keyboard).
Enlarge/ An updated onboarding screen for Recall, with clearly visible buttons for opting in or out; Microsoft says Recall will be opt-in by default and can even be removed from PCs entirely.
Microsoft
Microsoft is having another whack at its controversial Recall feature for Copilot+ Windows PCs, after the original version crashed and burned amid scrutiny from security researchers and testers over the summer. The former version of Recall recorded screenshots and OCR text of all user activity, and stored it unencrypted on disk where it could easily be accessed by another user on the PC or an attacker with remote access.
The feature was announced in late May, without having gone through any of the public Windows Insider testing that most new Windows features get, and was scheduled to ship on new PCs by June 18; by June 13, the company had delayed it indefinitely to rearchitect it and said that it would be tested through the normal channels before it was rolled out to the public.
Today, Microsoft shared more extensive details on exactly how the security of Recall has been re-architected in a post by Microsoft VP of Enterprise and OS Security David Weston.
More secure, also optional
Enlarge/ An abstraction of Recall’s new security architecture, which replaces the old, largely nonexistent security architecture.
Microsoft
The broad strokes of today’s announcement are similar to the changes Microsoft originally announced for Recall over the summer: that the feature would be opt-in and off-by-default instead of opt-out, that users would need to re-authenticate with Windows Hello before accessing any Recall data, and that locally stored Recall data will be protected with additional encryption.
However, some details show how Microsoft is attempting to placate skeptical users. For instance, Recall can now be removed entirely from a system using the “optional features” settings in Windows (when a similar removal mechanism showed up in a Windows preview earlier this month, Microsoft claimed it was a “bug,” but apparently not).
The company is also sharing more about how Windows will protect data locally. All Recall data stored locally, including “snapshots and any associated information in the vector database,” will be encrypted at rest with keys stored in your system’s TPM; according to the blog post, Recall will only function when BitLocker or Device Encryption is fully enabled. Recall will also require Virtualization-Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI) enabled; these are features that people sometimes turn off to improve game performance, but Recall will reportedly refuse to work unless they’re turned on.
This is because the new Recall operates inside of a VBS enclave, which helps to isolate and secure data in memory from the rest of the system.
“This area acts like a locked box that can only be accessed after permission is granted by the user through Windows Hello,” writes Weston. “VBS enclaves offer an isolation boundary from both kernel and administrative users.”
Windows doesn’t allow any code to run within these enclaves that hasn’t been signed by Microsoft, which should lower the risk of exposing Recall data to malware or other rogue applications. Other malware protections new to this version of Recall include “rate-limiting and anti-hammering measures.”
Enlarge/ The Windows App runs on Windows, but also macOS, iOS/iPadOS, web browsers, and Android.
Microsoft
Microsoft announced today that it’s releasing a new app called Windows App as an app for Windows that allows users to run Windows and also Windows apps (it’s also coming to macOS, iOS, web browsers, and is in public preview for Android).
On most of those platforms, Windows App is a replacement for the Microsoft Remote Desktop app, which was used for connecting to a copy of Windows running on a remote computer or server—for some users and IT organizations, a relatively straightforward way to run Windows software on devices that aren’t running Windows or can’t run Windows natively.
The new name, though potentially confusing, attempts to sum up the app’s purpose: It’s a unified way to access your own Windows PCs with Remote Desktop access turned on, cloud-hosted Windows 365 and Microsoft Dev Box systems, and individual remotely hosted apps that have been provisioned by your work or school.
“This unified app serves as your secure gateway to connect to Windows across Windows 365, Azure Virtual Desktop, Remote Desktop, Remote Desktop Services, Microsoft Dev Box, and more,” reads the post from Microsoft’s Windows 365 Senior Product Manager Hilary Braun.
Microsoft says that aside from unifying multiple services into a single app, Windows App’s enhancements include easier account switching, better device management for IT administrators, support for the version of Windows 365 for frontline workers, and support for Microsoft’s “Relayed RDP Shortpath,” which can enable Remote Desktop on networks that normally wouldn’t allow it.
On macOS, iOS, and Android, the Windows App is a complete replacement for the Remote Desktop Connection app—if you have Remote Desktop installed, an update will change it to the Windows App. On Windows, the Remote Desktop Connection remains available, and Windows App is only used for Microsoft’s other services; it also requires some kind of account sign-in on Windows, while it works without a user account on other platforms.
For connections to your own Remote Desktop-equipped PCs, Windows App has most of the same features and requirements as the Remote Desktop Connection app did before, including support for multiple monitors, device redirection for devices like webcams and audio input/output, and dynamic resolution support (so that your Windows desktop resizes as you resize the app window).
But rather than make Ryzen owners wait for the 24H2 update to come out later this fall (or make them install a beta version of a major OS update), AMD and Microsoft have backported the scheduler improvements to Windows 11 23H2. Users of Ryzen 5000, 7000, and 9000 CPUs can install the KB5041587 update by going to Windows Update in Settings, selecting Advanced Options, and then Optional Updates.
“We expect the performance uplift to be very similar between 24H2 and 23H2 with KB5041587 installed,” an AMD representative told Ars.
In current versions of Windows 11 23H2, the CPU scheduler optimizations are only available using Windows’ built-in Administrator account. The update enables them for typical user accounts, too.
Older AMD CPUs benefit, too
AMD’s messaging has focused mainly on how the 24H2 update (and 23H2 with the KB5041587 update installed) improves Ryzen 9000 performance; across a handful of provided benchmarks, the company says speeds can improve by anything between zero and 13 percent over Windows 11 23H2. There are also benefits for users of CPUs that use the older Zen 4 (Ryzen 7000/8000G) and Zen 3 (Ryzen 5000) architectures, but AMD hasn’t been specific about how much either of these older architectures would improve.
The Hardware Unboxed YouTube channel has done some early game testing with the current builds of the 24H2 update, and there’s good news for Ryzen 7000 CPU owners and less good news for AMD. The channel found that, on average, across dozens of games, average frame rates increased by about 10 percent for a Zen 4-based Ryzen 7 7700X. Ryzen 7 9700X improved more, as AMD said it would, but only by 11 percent. At default settings, the 9700X is only 2 or 3 percent faster than the nearly 2-year-old 7700X in these games, whether you’re running the 24H2 update or not.
This early data suggests that both Ryzen 7000 and Ryzen 5000 owners will see at least a marginal benefit from upgrading to Windows 11 24H2, which is a nice thing to get for free with a software update. But there are caveats. Hardware Unboxed tested for CPU performance strictly in games running at 1080p on a high-end Nvidia GeForce RTX 4090—one of the few scenarios in any modern gaming PC where your CPU might limit your performance before your GPU would. If you play at a higher resolution like 1440p or 4K, your GPU will usually go back to being the bottleneck, and CPU performance improvements won’t be as noticeable.
The update is also taking already-high frame rates and making them even higher; one game went from an average frame rate of 142 FPS to 158 FPS on the 7700X, and from 167 to 181 FPS on the 9700X, for example. Even side by side, it’s an increase that will be difficult for most people to see. Other kinds of workloads may benefit, too—AMD said that the Procyon Office benchmark ran about 6 percent faster under Windows 11 24H2—but we don’t have definitive data on real-world workloads yet.
We wouldn’t expect performance to improve much, if at all, in either heavily multi-threaded workloads where all the CPU cores are actively engaged at once or in exclusively single-threaded workloads that run continuously on a single-core. AMD’s numbers for both single- and multi-threaded versions of the Cinebench benchmark, which simulates these kinds of workloads, were exactly the same in Windows 11 23H2 and 24H2 for Ryzen 9000.
Finally, it’s worth noting that the Ryzen 7 9700X was held back quite a bit by its new, lower 65 W TDP in our testing, compared to the 105 W TDP of the Ryzen 7 7700X. Both CPUs performed similarly in games Hardware Unboxed tested, both before and after the 24H2 update. But the 9700X is still the cooler and more efficient chip, and it’s capable of higher speeds if you either set its TDP to 105 W manually or use features like Precision Boost Overdrive to adjust its power limits. How both CPUs perform out of the box is important, but comparing the 9700X to the 7700X at stock settings is a worst-case scenario for Ryzen 9000’s generation-over-generation performance increases.
Windows 11 24H2: Coming soon but available now
Microsoft has disclosed a few details of the underpinnings of the 24H2 update, which looks the same as older Windows 11 releases but includes a new compiler, a new kernel, and a new scheduler under the hood. Microsoft talked about these specifically in the context of improving Arm CPU performance and the speed of translated x86 apps because it was gearing up to push Microsoft Surface devices and other Copilot+ PCs with new Qualcomm Snapdragon chips in them. Still, we’ll hopefully see some subtle benefits for other CPU architectures, too.
The 24H2 update is still technically a preview, available via Microsoft’s Windows Insider Release Preview channel. Users can either download it from Windows Update or as an ISO file if they want to make a USB installer to upgrade multiple systems. But Microsoft and PC OEMs have been shipping the 24H2 update on the Surfaces and other PCs for weeks now, and you shouldn’t have many problems with it in day-to-day use at this point. For those who would rather wait, the update should begin rolling out to the general public this fall.
Here’s the Keyboard control panel from Windows NT 4.0.
Andrew Cunningham
Aside from some updated Windows Vista-era icons, the design of the modern Keyboards panel is identical.
Andrew Cunningham
The Mouse Pointers panel in Windows NT 4.
Andrew Cunningham
Again, Windows 11 hews remarkably close to the old NT-era design.
Andrew Cunningham
The Date & Time control panel from NT 4.
Andrew Cunningham
Dig a couple of menus down, and you’ll find a version of Date & Time that still looks a lot like its NT counterpart.
Andrew Cunningham
With an operating system as old as Windows, what Microsoft decides to remove is often just as (if not more) newsworthy as what it is trying to add. You may or may not care about new AI-themed MS Paint additions or the soon-to-be-reborn Recall feature, but you’ve almost certainly interacted with one of Windows’ Control Panel applets at some point in the last 39 years. And according to a note buried on Microsoft’s support site, those Control Panels’ days may be numbered (emphasis ours):
“The Control Panel is a feature that’s been part of Windows for a long time. It provides a centralized location to view and manipulate system settings and controls,” the support page explains. “Through a series of applets, you can adjust various options ranging from system time and date to hardware settings, network configurations, and more. The Control Panel is in the process of being deprecated in favor of the Settings app, which offers a more modern and streamlined experience.“
This won’t be news to anyone who has followed Windows’ development over the last decade. The Settings app was initially introduced in Windows 8 in 2012 as a touchscreen-friendly alternative for some of the Control Panel applets, but during the Windows 10 era it began picking up more and more Control Panel settings, and by the time Windows 11 rolled around it was full-featured enough to serve as a complete Control Panel replacement most of the time, with a handful of exceptions made for especially obscure changes (and those who simply prefer the Old Ways).
But while individual Control Panel applets have disappeared over the years—the Displays panel, the Add/Remove Programs screen, panels for deprecated features like Homegroups—Microsoft’s note suggests that the rest of the applets may disappear en masse in some future Windows update. That said, for now, there’s nothing that’s changing in Windows. Even the upcoming 24H2 update still has all the old Control Panels in it, and the gap between “deprecated” and “removed” can span years.
What’s incredible about some of the Control Panels at this point is how far back some of their designs go. You’re never more than a double-click away from some piece of UI that has been essentially exactly the same since 1996’s Windows NT 4.0, when Microsoft’s more-stable NT operating system was refreshed with the same user interface as Windows 95 (modern Windows versions descend from NT, and not 95 or 98). The Control Panel idea is even older, dating all the way back to Windows 1.0 in 1985.
Most of the current Control Panel designs and iconography settled down back in Windows Vista and Windows 7 in 2006 and 2009, which explains why so many of the panels still feature the rounded, glassy look that defines those versions of the operating system (check out the way the clock looks in our screenshots above). It’s one of the few areas of the operating system that hasn’t been spruced up for Windows 11, which is otherwise probably Microsoft’s most cohesive Windows design since 95 and NT 4.0; even old apps like Paint and Notepad have gotten facelifts, while other Windows 7-era holdovers like WordPad have been put out to pasture.
Enlarge/ The Recall feature provides a timeline of screenshots and a searchable database of text, thoroughly tracking everything about a person’s PC usage.
Microsoft
Microsoft will begin sending a revised version of its controversial Recall feature to Windows Insider PCs beginning in October, according to an update published today to the company’s original blog post about the Recall controversy. The company didn’t elaborate further on specific changes it’s making to Recall beyond what it already announced in June.
For those unfamiliar, Recall is a Windows service that runs in the background on compatible PCs, continuously taking screenshots of user activity, scanning those screenshots with optical character recognition (OCR), and saving the OCR text and the screenshots to a giant searchable database on your PC. The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past.
The problem was that other users on the same PC, or attackers with physical or remote access to your PC, could easily access, view, and export those screenshots and the OCR database since none of the information was encrypted at rest or protected in any substantive way.
Microsoft had planned to launch Recall as one of the flagship features of its Copilot+ PC launch in July, along with the new Qualcomm Snapdragon-powered Surface devices, but its rollout was bumped back and then paused entirely so that Recall could be reworked and then sent out to Windows Insiders for testing like most other Windows features are.
Among the changes Microsoft has said it will make: The database will be encrypted at rest and will require authentication (and periodic reauthentication) with Windows Hello before users will be allowed to access it. The feature will also be off by default, whereas the original plan was to turn it on by default and make users go into Settings to turn it off.
“Security continues to be our top priority and when Recall is available for Windows Insiders in October we will publish a blog with more details,” reads today’s update to Microsoft Windows and Devices Corporate Vice President Pavan Davuluri’s blog post.
When the preview is released, Windows Insiders who want to test the Recall preview will need to do it on a PC that meets Microsoft’s Copilot+ system requirements. Those include a processor with a neural processing unit (NPU) capable of at least 40 trillion operations per second (TOPS), 16GB of RAM, and 256GB of storage. The x86 builds of Windows for Intel and AMD processors don’t currently support any Copilot+ features regardless of whether the PC meets those requirements, but that should change later this year.
That said, security researchers and reporters who found the holes in the original version of Recall could only find them because it was possible to enable them on unsupported PCs, just as it’s possible to run Windows 11 on PCs that don’t meet the system requirements. It’s possible that users will figure out how to get Recall and other Copilot+ features running on unsupported PCs at some point, too.
Enlarge/ If you’ve formatted a disk in Windows in the last 30 years, you may have come across this dialog box.
Andrew Cunningham
As we wait for this fall’s Windows 11 24H2 update to be released to the general public, work continues on other new features that could be part of other future Windows updates. A new Canary channel Windows Insider build released yesterday fixes a decades-old and arbitrary limitation that restricted new FAT32 partitions to 32GB in size, even though the filesystem itself has a maximum supported size of 2TB (and Windows can read and recognize 2TB FAT32 partitions without an issue).
For now, this limit is only being lifted for the command-line formatting tools in Windows. The disk formatting UI, which looks more or less the same now as it did when it was introduced in Windows NT 4.0 almost 30 years ago, still has the arbitrary 32GB capacity restriction.
The 32GB limit can allegedly be pinned on former Microsoft programmer Dave Plummer, who occasionally shares stories about his time working on Windows in the 1990s and early 2000s. Plummer says that he wrote the file format dialog, intending it as a “temporary” solution, and arbitrarily chose 32GB as a size limit for disks, likely because it seemed big enough at the time (Windows NT 4.0 required a whopping 110MB of disk space).
There aren’t a ton of reasons to actually use a FAT32 disk in 2024, and it’s been replaced by other filesystems for just about everything. As a filesystem for your main OS drive, it was replaced by NTFS decades ago; as a widely compatible filesystem for external drives that can be read from and written to by many operating systems, you’d probably want to use exFAT instead. FAT32 still has a 4GB limit on the size of individual files.
But if you’re formatting a disk to use with an old version of Windows, or with some older device that can only work with FAT32 disks, this tweak could make Windows a tiny bit more useful for you.
Enlarge/ Paint 3D, once the future of the Paint app, is getting the axe in November.
Andrew Cunningham
In October of 2017, Microsoft released a version of Windows 10 called the “Fall Creators Update,” back when the company tried to give brand names to these things rather than just sticking to version numbering. One of the new apps included in that update was called Paint 3D, and while it shared a name with the old two-dimensional MS Paint app, it was entirely new software that supported creating 3D shapes and a whole bunch of other editing and transform options that the old Paint app didn’t have.
But the old Paint app’s renaissance is coming at the expense of Paint 3D, which Microsoft says is formally being deprecated and removed from the Microsoft Store on November 4. Windows Central reports that users of the app will be notified via a banner message, just in case they aren’t regularly checking Microsoft’s documentation page for the list of deprecated and removed Windows features.
Microsoft recommends the Paint and Photos apps for viewing and editing 2D images and the 3D Viewer app for viewing 3D models. Creating and editing 3D images will be left to third-party software.
When it was introduced, Paint 3D was also pitched as a way to create and manipulate three-dimensional objects that could then be dropped into real environments using the Windows Mixed Reality platform. It’s probably not a coincidence that Windows Mixed Reality is being removed in this fall’s Windows 11 24H2 release, right around the same time Paint 3D will be removed from Windows and from the Microsoft Store.
Many Windows 8- and 10-era apps have either been axed or renamed in the Windows 11 era as Microsoft has refocused on built-in Windows apps with decadeslong histories. The Mail and Calendar apps are being replaced with a version of Outlook, and though it isn’t calledOutlook Express there are certainly parallels. The Groove app was renamed “Windows Media Player” and picked up a few legacy Media Player capabilities, like the ability to play and rip audio CDs. Voice Recorder became Sound Recorder. Snip & Sketch had its capabilities rolled back into the Snipping Tool.
Enlarge/ Microsoft’s Arm-powered Surface Laptop 7. We’re still waiting for Arm chips to make their way into cheaper PCs.
Andrew Cunningham
For the first time in the decade-plus that Microsoft has been trying to make Arm-powered Windows PCs happen, we’ve finally got some pretty good ones. The latest Surface Pro and Surface Laptop (and the other Copilot+ PCs) benefit from extensive work done to Windows 11’s x86 translation layer, a wider selection of native apps, and most importantly, Snapdragon X Pro and X Elite chips from Qualcomm that are as good as or better than Intel’s or AMD’s current offerings.
The main problem with these computers is that they’re all on the expensive side. The cheapest Snapdragon X PC right now is probably this $899 developer kit mini-desktop; the cheapest laptops start around the same $1,000 price as the entry-level MacBook Air.
That’s a problem Qualcomm hopes to correct next year. Qualcomm CEO Christiano Amon said on the company’s Q3 earnings call (as recorded by The Verge) that the company was hoping to bring Arm PC prices down to $700 at some point in 2025, noting that these cheaper PCs wouldn’t compromise the performance of the Snapdragon X series’ built-in neural processing unit (NPU).
That Amon singled out the NPU is interesting because it leaves the door open to further reductions in CPU and GPU performance to make cheaper products that can hit those lower prices. The Snapdragon X Plus series keeps the exact same NPU as the X Elite, for example, but comes with fewer CPU and GPU cores that are clocked lower than the Snapdragon X Elite chips.
Qualcomm may want to keep NPU performance the same because Microsoft has a minimum NPU performance requirement of 40 trillion operations per second (TOPS) to qualify for its Copilot+ PC label and associated features in Windows 11. Other requirements include 16GB of memory and 256GB of storage, but Microsoft specifically hasn’t made specific CPU or GPU performance recommendations for the Copilot+ program beyond the basic ones necessary for running Windows 11 in the first place. Copilot+ PCs come with additional AI-powered features that take advantage of local processing power rather than sending requests to the cloud, though as of this writing, there aren’t many of these features, and one of the biggest ones (Recall) has been delayed indefinitely because of privacy and security concerns.
Lofty goals for Arm PCs
Both Arm and Qualcomm have made lofty claims about their goals in the PC market. Arm CEO Rene Haas says Arm chips could account for more than half of all Windows PC shipments in the next five years, and Amon has said that PC OEMs expect as much as 60 percent of their systems to ship with Arm chips in the next three years.
These claims seem overly optimistic; Intel and AMD aren’t going anywhere and aren’t standing still, and despite improvements to Windows-on-Arm, the PC ecosystem still has decades invested in x86 chips. But if either company is ever going to get anywhere close to those numbers, fielding decent systems at more mass-market prices will be key to achieving that kind of volume.
Hopefully, the cheaper Snapdragon systems will be available both as regular laptops and as mini desktops, like Qualcomm’s dev kit desktop. To succeed, the Arm Windows ecosystem will need to mirror what is available in both the x86 PC ecosystem and Apple’s Mac lineup to capture as many buyers as possible.
And the more Arm PCs there are out there, the more incentive developers will have to continue fixing Windows-on-Arm’s last lingering compatibility problems. Third-party drivers for things like printers, mice, audio preamps and mixers, and other accessories are the biggest issue right now since there’s no way to translate the x86 versions. The only way to support this hardware will be with more Arm-native software, and the only way to get more Arm-native software is to make it worth developers’ time to write it.
Enlarge/ A bad update to CrowdStrike’s Falcon security software crashed millions of Windows PCs last week.
CrowdStrike
CrowdStrike CEO George Kurtz said Thursday that 97 percent of all Windows systems running its Falcon sensor software were back online, a week after an update-related outage to the corporate security software delayed flights and took down emergency response systems, among many other disruptions. The update, which caused Windows PCs to throw the dreaded Blue Screen of Death and reboot, affected about 8.5 million systems by Microsoft’s count, leaving roughly 250,000 that still need to be brought back online.
Microsoft VP John Cable said in a blog post that the company has “engaged over 5,000 support engineers working 24×7” to help clean up the mess created by CrowdStrike’s update and hinted at Windows changes that could help—if they don’t run afoul of regulators, anyway.
“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” wrote Cable. “These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem.”
Cable pointed to VBS enclaves and Azure Attestation as examples of products that could keep Windows secure without requiring kernel-level access, as most Windows-based security products (including CrowdStrike’s Falcon sensor) do now. But he stopped short of outlining what specific changes might be made to Windows, saying only that Microsoft would continue to “harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.”
When running in kernel mode rather than user mode, security software has full access to a system’s hardware and software, which makes it more powerful and flexible; this also means that a bad update like CrowdStrike’s can cause a lot more problems.
Recent versions of macOS have deprecated third-party kernel extensions for exactly this reason, one explanation for why Macs weren’t taken down by the CrowdStrike update. But past efforts by Microsoft to lock third-party security companies out of the Windows kernel—most recently in the Windows Vista era—have been met with pushback from European Commission regulators. That level of skepticism is warranted, given Microsoft’s past (and continuing) record of using Windows’ market position to push its own products and services. Any present-day attempt to restrict third-party vendors’ access to the Windows kernel would be likely to draw similar scrutiny.
Microsoft has also had plenty of its own security problems to deal with recently, to the point that it has promised to restructure the company to make security more of a focus.
CrowdStrike’s aftermath
CrowdStrike has made its own promises in the wake of the outage, including more thorough testing of updates and a phased-rollout system that could prevent a bad update file from causing quite as much trouble as the one last week did. The company’s initial incident report pointed to a lapse in its testing procedures as the cause of the problem.
Meanwhile, recovery continues. Some systems could be fixed simply by rebooting, though they had to do it as many as 15 times—this could give systems a chance to grab a new update file before they could crash. For the rest, IT admins were left to either restore them from backups or delete the bad update file manually. Microsoft published a bootable tool that could help automate the process of deleting that file, but it still required laying hands on every single affected Windows install, whether on a virtual machine or a physical system.
And not all of CrowdStrike’s remediation solutions have been well-received. The company sent out $10 UberEats promo codes to cover some of its partners’ “next cup of coffee or late night snack,” which occasioned some eye-rolling on social media sites (the code was also briefly unusable because Uber flagged it as fraudulent, according to a CrowdStrike representative). For context, analytics company Parametrix Insurance estimated the cost of the outage to Fortune 500 companies somewhere in the realm of $5.4 billion.
The detailed post explains exactly what happened: At just after midnight Eastern time, CrowdStrike deployed “a content configuration update” to allow its software to “gather telemetry on possible novel threat techniques.” CrowdStrike says that these Rapid Response Content updates are tested before being deployed, and one of the steps involves checking updates using something called the Content Validator. In this case, “a bug in the Content Validator” failed to detect “problematic content data” in the update responsible for the crashing systems.
CrowdStrike says it is making changes to its testing and deployment processes to prevent something like this from happening again. The company is specifically including “additional validation checks to the Content Validator” and adding more layers of testing to its process.
The biggest change will probably be “a staggered deployment strategy for Rapid Response Content” going forward. In a staggered deployment system, updates are initially released to a small group of PCs, and then availability is slowly expanded once it becomes clear that the update isn’t causing major problems. Microsoft uses a phased rollout for Windows security and feature updates after a couple of major hiccups during the Windows 10 era. To this end, CrowdStrike will “improve monitoring for both sensor and system performance” to help “guide a phased rollout.”
CrowdStrike says it will also give its customers more control over when Rapid Response Content updates are deployed so that updates that take down millions of systems aren’t deployed at (say) midnight when fewer people are around to notice or fix things. Customers will also be able to subscribe to release notes about these updates.
Recovery of affected systems is ongoing. Rebooting systems multiple times (as many as 15, according to Microsoft) can give them enough time to grab a new, non-broken update file before they crash, resolving the issue. Microsoft has also created tools that can boot systems via USB or a network so that the bad update file can be deleted, allowing systems to restart normally.
In addition to this preliminary incident report, CrowdStrike says it will release “the full Root Cause Analysis” once it has finished investigating the issue.
Testing spellcheck in the latest version of Windows Notepad.
Right-clicking and expanding the Spelling menu also presents more options.
Andrew Cunningham
Like other recent Notepad additions, spellcheck and autocorrect can be tweaked or disabled entirely in the settings.
Andrew Cunningham
In March, Microsoft started testing an update to the venerable Notepad app that added spellcheck and autocorrect to the app’s limited but slowly growing set of capabilities. The update that adds these features to Notepad is now rolling out to all Windows 11 users via the Microsoft Store, as reported by The Verge.
The spellcheck feature underlines words in red when they’re misspelled, and users can either left-click the words to see a list of suggestions or right-click words and see suggestions under a separate “spelling” menu item. Autocorrect works automatically to fix minor and obvious misspellings (typing “misspellign” instead of “misspelling,” for example), and changes can be reverted manually or by using the Undo command.
Either feature can be disabled from within Notepad’s settings. The spellchecker can also be switched on and off for a few different individual file extensions in case you want to see spelling suggestions for .txt files but not for .md or .lic files. The Verge also reports that spellchecking is turned off by default for log files or “other file types associated with coding.” Neither feature worked when I opened a batch file in Notepad to edit it, for example.
Microsoft often rolls out new app updates gradually, so you may or may not be seeing the new features yet. I can currently see the spellcheck and autocorrect features in Notepad version 11.2405.13.0 running on a fully updated Windows 11 23H2 PC, but your mileage may vary.
Notepad has received several updates over the course of the Windows 11 era, starting with dark mode support and other theme options. Eventually, it also added a tabbed interface that supported automatically reopening files when relaunching the app. These kinds of additions count as “major” for Notepad, which for years had only received relatively minor under-the-hood updates (when it was being updated at all).
The Notepad improvements come as Microsoft prepares to stop shipping WordPad with Windows 11. WordPad was previously Windows’ preinstalled basic word processor, but it has seen few (if any) significant updates since Windows 7 was released in 2009. WordPad is still available in Windows 11 22H2 and 23H2, but is no longer included in current versions of the upcoming Windows 11 24H2 update. After WordPad is gone, users looking for basic word processing will need to look to the more-capable Notepad, the free-to-use online version of Microsoft Word, or a free alternative like LibreOffice.
