The second thing to check is the “default db,” which shows whether the new Secure Boot certificates are baked into your PC’s firmware. If they are, even resetting Secure Boot settings to the defaults in your PC’s BIOS will still allow you to boot operating systems that use the new certificates.

To check this, open PowerShell or Terminal again and type ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI dbdefault).bytes) -match 'Windows UEFI CA 2023'). If this command returns “true,” your system is running an updated BIOS with the new Secure Boot certificates built in. Older PCs and systems without a BIOS update installed will return “false” here.

Microsoft’s Costa says that “many newer PCs built since 2024, and almost all the devices shipped in 2025, already include the certificates” and won’t need to be updated at all. And PCs several years older than that may be able to get the certificates via a BIOS update.

In the US, Dell, HP, Lenovo, and Microsoft all have lists of specific systems and firmware versions, while Asus provides more general information about how to get the new certificates via Windows Update, the MyAsus app, or the Asus website. The oldest of the PCs listed generally date back to 2019 or 2020. If your PC shipped with Windows 11 out of the box, there should be a BIOS update with the new certificates available, though that may not be true of every system that meets the requirements for upgrading to Windows 11.

Microsoft encourages home users who can’t install the new certificates to use its customer support services for help. Detailed documentation is also available for IT shops and other large organizations that manage their own updates.

“The Secure Boot certificate update marks a generational refresh of the trust foundation that modern PCs rely on at startup,” writes Costa. “By renewing these certificates, the Windows ecosystem is ensuring that future innovations in hardware, firmware, and operating systems can continue to build on a secure, industry‐aligned boot process.”

https://arstechnica.com/gadgets/2026/02/microsoft-sounds-the-alarm-about-secure-boot-certificates-expiring-later-this-year/

Bad news for Valve in particular?

On the surface, it might seem like every company making gaming hardware would be similarly affected by increasing component costs. In practice, though, analysts suggested that Valve might be in a uniquely bad position to absorb this ongoing market disruption.

Large console makers like Sony and Microsoft “can commit to tens of millions of orders, and have strong negotiating power,” Niko Partners analyst Daniel Ahmad pointed out. The Steam Machine, on the other hand, is “a niche product that cannot benefit in the same way when it comes to procurement,” meaning Valve has to shoulder higher component cost increases.

F-Squared’s Futter echoed that Valve is “not an enormous player in the hardware space, even with the Steam Deck’s success. So they likely don’t have the same kind of priority as a Nintendo, Sony, or Microsoft when it comes to suppliers.”

Sony and Microsoft might have an advantage when negotiating volume discounts with suppliers.

Credit: Sam Machkovech

The size of the Steam Machine price adjustment also might depend on when Valve made its supply chain commitments. “It’s not clear when or if Valve locked in supply contracts for the Steam Machine, or if supply can be diverted from the Steam Deck for the new product,” Tech Insights analyst James Sanders noted. On the other hand, “Sony and Microsoft likely will have locked in more favorable component pricing before the current spike,” Van Dreunen said.

That said, some other aspects of the Steam Machine design could give Valve some greater pricing flexibility. Sanders noted that the Steam Machine’s smaller physical size could mean smaller packaging and reduced shipping costs for Valve. And selling the system primarily through direct sales via the web and Steam itself eliminates the usual retailer markups console makers have to take into account, he added.

“I think Valve was hoping for a much lower price and that the component issue would be short-term,” Cole said. “Obviously it is looking more like a long-term issue.”

https://arstechnica.com/gaming/2026/02/why-a-bump-to-700-could-be-a-death-sentence-for-the-steam-machine/

As Neocities grew, Drake told Ars that much of his focus has been on improving content moderation. He works closely with a full-time dedicated content moderation staffer to quickly take down any problematic sites within 24 hours, he said. That effort includes reviewing reports and proactively screening new sites, with Drake noting that “our name domain provider requires us to take them down within 48 hours.”

Microsoft prohibits things like scraping content that could be considered copyright infringement or automatically generating content using “garbage text” to game the rankings. It also monitors for malicious behavior like phishing, as well as for prompt injection attacks on Bing’s large language model.

It’s unclear what kind of violations Microsoft found ahead of instituting the complete block; however, Drake told Ars that he has yet to identify any content that may have triggered it. He said he would promptly remove any websites flagged by Microsoft, if he could only talk to someone who could share that information.

“Naturally, we still don’t catch 100 percent of the sites with proactive moderation, and occasionally some problematic sites do get missed,” Drake said.

Although Drake is curious to learn more about what triggered the blocks, he told Ars that it’s clear that non-violative sites are still invisible on Bing.

One of the longest-running and most popular Neocities sites, Wired Sound for Wired People, is a perfect example. The bizarre, somewhat creepy anime fanpage is “very popular” and “has a lot of links to it all over the web,” Drake said. Yet if you search for its subdomain, “fauux,” the site no longer appears in Bing search results, as of this writing, while Google reliably spits it out as the top result.

Drake said that he still believes that Bing is blocking content by mistake, but Bing’s automated support tools aren’t making it easy to defend creators who are randomly blocked by one of the world’s biggest search engines.

“We have one of the lowest ratios of crap to legitimate content, human-made content, on the Internet,” Drake said. “And it’s really frustrating to see that all these human beings making really cool sites that people want to go to are just not available on the default Windows search engine.”

https://arstechnica.com/tech-policy/2026/02/neocities-founder-stuck-in-chatbot-hell-after-bing-blocked-1-5m-sites/

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more than half a dozen countries, researchers said Wednesday.

The threat group, tracked under names including APT28, Fancy Bear, Sednit, Forest Blizzard, and Sofacy, pounced on the vulnerability, tracked as CVE-2026-21509, less than 48 hours after Microsoft released an urgent, unscheduled security update late last month, the researchers said. After reverse-engineering the patch, group members wrote an advanced exploit that installed one of two never-before-seen backdoor implants.

Stealth, speed, and precision

The entire campaign was designed to make the compromise undetectable to endpoint protection. Besides being novel, the exploits and payloads were encrypted and ran in memory, making their malice hard to spot. The initial infection vector came from previously compromised government accounts from multiple countries and were likely familiar to the targeted email holders. Command and control channels were hosted in legitimate cloud services that are typically allow-listed inside sensitive networks.

“The use of CVE-2026-21509 demonstrates how quickly state-aligned actors can weaponize new vulnerabilities, shrinking the window for defenders to patch critical systems,” the researchers, with security firm Trellix, wrote. “The campaign’s modular infection chain—from initial phish to in-memory backdoor to secondary implants was carefully designed to leverage trusted channels (HTTPS to cloud services, legitimate email flows) and fileless techniques to hide in plain sight.”

The 72-hour spear phishing campaign began January 28 and delivered at least 29 distinct email lures to organizations in nine countries, primarily in Eastern Europe. Trellix named eight of them: Poland, Slovenia, Turkey, Greece, the UAE, Ukraine, Romania, and Bolivia. Organizations targeted were defense ministries (40 percent), transportation/logistics operators (35 percent), and diplomatic entities (25 percent).

https://arstechnica.com/security/2026/02/russian-state-hackers-exploit-office-vulnerability-to-infect-computers/

Software developers have spent the past two years watching AI coding tools evolve from advanced autocomplete into something that can, in some cases, build entire applications from a text prompt. Tools like Anthropic’s Claude Code and OpenAI’s Codex can now work on software projects for hours at a time, writing code, running tests, and, with human supervision, fixing bugs. OpenAI says it now uses Codex to build Codex itself, and the company recently published technical details about how the tool works under the hood. It has caused many to wonder: Is this just more AI industry hype, or are things actually different this time?

To find out, Ars reached out to several professional developers on Bluesky to ask how they feel about these tools in practice, and the responses revealed a workforce that largely agrees the technology works, but remains divided on whether that’s entirely good news. It’s a small sample size that was self-selected by those who wanted to participate, but their views are still instructive as working professionals in the space.

David Hagerty, a developer who works on point-of-sale systems, told Ars Technica up front that he is skeptical of the marketing. “All of the AI companies are hyping up the capabilities so much,” he said. “Don’t get me wrong—LLMs are revolutionary and will have an immense impact, but don’t expect them to ever write the next great American novel or anything. It’s not how they work.”

Roland Dreier, a software engineer who has contributed extensively to the Linux kernel in the past, told Ars Technica that he acknowledges the presence of hype but has watched the progression of the AI space closely. “It sounds like implausible hype, but state-of-the-art agents are just staggeringly good right now,” he said. Dreier described a “step-change” in the past six months, particularly after Anthropic released Claude Opus 4.5. Where he once used AI for autocomplete and asking the occasional question, he now expects to tell an agent “this test is failing, debug it and fix it for me” and have it work. He estimated a 10x speed improvement for complex tasks like building a Rust backend service with Terraform deployment configuration and a Svelte frontend.

https://arstechnica.com/ai/2026/01/developers-say-ai-coding-tools-work-and-thats-precisely-what-worries-them/

Il peggior risultato dal 2020, crollano le azioni Microsoft

La promessa di una crescita futura non basta più. Wall Street è stata chiara nelle ultime ore. È il momento di dimostrare che l’intelligenza artificiale (AI) può e “deve” generare non solo innovazione, ma anche ritorni economici sostenibili. I conti trimestrali da record di Microsoft sono la prova di questo nuovo corso, in parte già anticipato dai continui allarmi sulla “bolla non bolla” dell’AI.

Il gigante di Redmond ha chiuso i conti al 31 dicembre con un fatturato in crescita del 17% su base annua a 81,3 miliardi di dollari, ma qualcosa non ha convinto gli investitori e le azioni sono crollate del 12%. Il motivo? La mega spesa in data center, di cui l’azienda ha un disperato bisogno per stare al passo della domanda di servizi cloud.

Il risultato finale è stato un drastico taglio della capitalizzazione di mercato di Microsoft, mandando in fumo 357 miliardi di dollari, portandola a 3,22 trilioni di dollari alla fine delle contrattazioni di giovedì.

I dubbi sulla sostenibilità della crescente spesa per i data center e il cloud, trainata dall’AI

A mettere paura è stata la spesa in conto capitale, aumentata di ulteriori 37,5 miliardi di dollari. Parliamo di un +65%. Ssoprattutto, ha spiegato Davide Fumagalli su Mercati Finanziari, parliamo di spese di molto superiori alle aspettative, legate alla necessità di aumentare i propri datacenter e avere capacità computazionale sufficiente a sostenere la domanda di servizi cloud.
Una domanda sulla cui sostenibilità e profittabilità molti investitori iniziano a porsi dei dubbi, portando così a cancellare oltre 350 miliardi di capitalizzazione in un solo giorno.

Un tonfo pesantissimo, il peggiore dai tempi dell’emergenza sanitaria legata alla pandemia da Covid-19, spigato dal fatto che i ricavi di Microsoft nel settore del cloud non hanno impressionato e hanno alimentato i timori che le ingenti spese sostenute per la sua alleanza OpenAI non si traducano in una monetizzazione rapida.

Un giudizio che non sorprende, per chi ha seguito gli allarmi lanciati da più parti negli ultimi mesi, ma che comunque colpisce, perché il gigante tecnologico americano aveva comunque registrato utili in crescita del 26% a 51,5 miliardi di dollari.

La limitata disponibilità di GPU indebolisce Azure, deluse le aspettative degli analisti

La chiave di lettura è nell’analisi delle vendite di Azure, l’unità per il cloud computing, che sono risultate in rialzo del 38% e in linea con le previsioni degli analisti, ma in frenata dal trimestre precedente.

Microsoft ha spiegato che la crescita dellla business cloud unit sarebbe stata più robusta se l’azienda avesse destinato a questa divisione “una quota maggiore della propria flotta di server GPU”, invece di impiegarla per la ricerca e sviluppo interna e per il servizio Microsoft 365 Copilot.

Non è andata così e la crescita di Azure nel trimestre ha deluso le aspettative degli analisti. “Microsoft è un’azienda enorme, con diversi segmenti di dimensioni imponenti, basti pensare che sia Azure, sia M365 Commercial Cloud, superano i 20 miliardi di dollari a trimestre, ma il titolo in borsa si muove principalmente in funzione del dato di Azure”, ha scritto John DiFucci di Guggenheim.

“Se avessi preso le GPU appena entrate in funzione nel primo e nel secondo trimestre e le avessi assegnate tutte ad Azure, il KPI sarebbe stato superiore a 40”, ha affermato Amy Hood, responsabile finanziario di Microsoft.

Paradossalmente, il gigante di Redmond ora non ha altra strada che continuare ad investire sempre di più e allo stesso tempo dimostrare che “questi sono buoni investimenti”, come si legge in un’analisi proposta da UBS.

Leggi le altre notizie sull’home page di Key4biz

https://www.key4biz.it/microsoft-scivola-sulla-buccia-dellai-perche-il-titolo-e-crollato-a-wall-street/563676/

Complaining about Windows 11 is a popular sport among tech enthusiasts on the Internet, whether you’re publicly switching to Linux, publishing guides about the dozens of things you need to do to make the OS less annoying, or getting upset because you were asked to sign in to an app after clicking a sign-in button.

Despite the negativity surrounding the current version of Windows, it remains the most widely used operating system on the world’s desktop and laptop computers, and people usually prefer to stick to what they’re used to. As a result, Windows 11 has just cleared a big milestone—Microsoft CEO Satya Nadella said on the company’s most recent earnings call (via The Verge) that Windows 11 now has over 1 billion users worldwide.

Windows 11 also reached that milestone just a few months quicker than Windows 10 did—1,576 days after its initial public launch on October 5, 2021. Windows 10 took 1,692 days to reach the same milestone, based on its July 29, 2015, general availability date and Microsoft’s announcement on March 16, 2020.

That’s especially notable because Windows 10 was initially offered as a free upgrade to all users of Windows 7 and Windows 8, with no change in system requirements relative to those older versions. Windows 11 was (and still is) a free upgrade to Windows 10, but its relatively high system requirements mean there are plenty of Windows 10 PCs that aren’t eligible to run Windows 11.

Windows 10’s long goodbye

It’s hard to gauge how many PCs are still running Windows 10 because public data on the matter is unreliable. But we can still make educated guesses—and it’s clear that the software is still running on hundreds of millions of PCs, despite hitting its official end-of-support date last October.

Statcounter, one popularly referenced source that collects OS and browser usage stats from web analytics data, reports that between 50 and 55 percent of Windows PCs worldwide are running Windows 11, and between 40 and 45 percent of them run Windows 10. Statcounter also reports that Windows 10 and Windows 7 usage have risen slightly over the last few months, which highlights the noisiness of the data. But as of late 2025, Dell COO Jeffrey Clarke said that there were still roughly 1 billion active Windows 10 PCs in use, around 500 million of which weren’t eligible for an upgrade because of hardware requirements. If Windows 11 just cleared the 1 billion user mark, that suggests Statcounter’s reporting of a nearly evenly split user base isn’t too far from the truth.

https://arstechnica.com/gadgets/2026/01/windows-11-has-hit-1-billion-users-just-a-hair-faster-than-windows-10-did/

OpenAI pronto a ricevere ingenti finanziamenti da Nvidia, Microsoft e Amazon come nuovo investitore

Nvidia, Amazon e Microsoft sono in trattative per investire complessivamente fino a 60 miliardi di dollari in OpenAI. Secondo quanto riportato da The Information, il gigante tecnologico guidato da Jensen Huang, già azionista e fornitore chiave dei chip che alimentano i modelli di intelligenza artificiale di OpenAI, starebbe valutando un investimento fino a 30 miliardi di dollari.

Microsoft, che è partner storico e principale sostenitore industriale della società guidata da Sam Altman, sarebbe pronta a mettere sul tavolo meno di 10 miliardi, mentre Amazon, potenziale nuovo investitore, starebbe discutendo un impegno ben più consistente, superiore ai 10 miliardi e forse vicino ai 20 miliardi.

Segnale che le negoziazioni stanno entrando in una fase avanzata è che OpenAI sarebbe vicina a ricevere le prime term sheet, diciamo le lettere di intenti, quindi documenti preliminari non vincolanti usati nelle negoziazioni di investimento.

La notizia arriva in un momento cruciale per il settore tecnologico e, più in generale, per il ricco e rapidissimo comparto dell’intelligenza artificiale (AI). I costi per addestrare e far funzionare modelli sempre più potenti continuano a crescere rapidamente, mentre la competizione si intensifica, con Google, Anthropic e altri attori che stanno riducendo il divario rispetto al vantaggio iniziale di OpenAI.

In questo contesto, l’ingresso o il rafforzamento di grandi investitori industriali non è solo una questione finanziaria, ma anche strategica: cloud, chip e canali di distribuzione diventano leve decisive quanto gli algoritmi.

Big Tech: investitori pronti a sostenere livelli stellari di spesa in AI, solo se si traducono in crescita solida dei ricavi

Sul fronte dei mercati, la settimana degli utili delle Big Tech ha mandato un messaggio chiaro e, per certi versi, severo. Gli investitori sono disposti a tollerare e premiare livelli record di spesa in intelligenza artificiale solo se questi si traducono in una crescita solida e visibile dei ricavi.
In caso contrario, è spiegato sulla Reuters, la reazione è immediata e punitiva.
È un cambio di paradigma evidente rispetto agli anni precedenti e riflette quanto le aspettative si siano alzate dal lancio di ChatGPT, più di tre anni fa.

Meta è l’esempio più lampante di come, almeno per ora, il mercato stia premiando chi riesce a dimostrare un ritorno tangibile dagli investimenti in AI. I ricavi del gruppo sono cresciuti del 24% nell’ultimo trimestre, grazie anche a un miglioramento dell’efficacia della pubblicità basata sull’intelligenza artificiale, e le previsioni per il trimestre in corso hanno superato le attese. Questo ha dato credibilità a un piano di spesa molto aggressivo sui data center, nonostante l’impennata dei costi.

Diversa, e più delicata, la posizione di Microsoft. Pur restando uno dei leader indiscussi nell’AI per il mondo enterprise, grazie alla profonda integrazione di OpenAI nei suoi prodotti, il rallentamento relativo della crescita di Azure e l’enorme impegno in capitale stanno alimentando dubbi tra gli investitori.
Il fatto che OpenAI rappresenti una quota rilevante del backlog evidenzia il potenziale, ma anche il rischio di concentrazione, in un momento in cui la concorrenza tecnologica si fa più serrata.

AI, la promessa di una crescita futura non basta più a Wall Street

Il quadro che emerge è quello di un settore in piena corsa, ma sotto esame costante. L’intelligenza artificiale è ormai considerata una tecnologia abilitante per il futuro dell’economia digitale e le Big Tech stanno scommettendo cifre senza precedenti per non restare indietro.

Wall Street, però, chiede prove concrete: la promessa di una crescita futura non basta più. L’eventuale maxi-investimento in OpenAI da parte di Nvidia, Amazon e Microsoft si inserisce proprio in questa dinamica, come una scommessa ad altissimo valore strategico, ma anche come un banco di prova per dimostrare che l’era dell’AI può e deve generare non solo innovazione, ma anche ritorni economici sostenibili.

Leggi le altre notizie sull’home page di Key4biz

https://www.key4biz.it/openai-pronti-60-miliardi-di-dollari-da-nvidia-amazon-e-microsoft/563566/

There are reports that a legitimate Microsoft email address—which Microsoft explicitly says customers should add to their allow list—is delivering scam spam.

The emails originate from no-reply-powerbi@microsoft.com, an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various sources that can be integrated into a single dashboard. Microsoft documentation says that the address is used to send subscription emails to mail-enabled security groups. To prevent spam filters from blocking the address, the company advises users to add it to allow lists.

From Microsoft, with malice

According to an Ars reader, the address on Tuesday sent her an email claiming (falsely) that a $399 charge had been made to her. It provided a phone number to call to dispute the transaction. A man who answered a call asking to cancel the sale directed me to download and install a remote access application, presumably so he could then take control of my Mac or Windows machine (Linux wasn’t allowed). The email, captured in the two screenshots below, looked like this:

Online searches returned a dozen or so accounts of other people reporting receiving the same email. Some of the spam was reported on Microsoft’s own website.

Sarah Sabotka, a threat researcher at security firm Proofpoint, said the scammers are abusing a Power Bi function that allows external email addresses to be added as subscribers for the Power Bi reports. The mention of the subscription is buried at the very bottom of the message, where it’s easy to miss. The researcher explained:

https://arstechnica.com/information-technology/2026/01/theres-a-rash-of-scam-spam-coming-from-a-real-microsoft-address/

From the Department of Bizarre Anomalies: Microsoft has suppressed an unexplained anomaly on its network that was routing traffic destined to example.com—a domain reserved for testing purposes—to a maker of electronics cables located in Japan.

Under the RFC2606—an official standard maintained by the Internet Engineering Task Force—example.com isn’t obtainable by any party. Instead it resolves to IP addresses assigned to Internet Assiged Names Authority. The designation is intended to prevent third parties from being bombarded with traffic when developers, penetration testers, and others need a domain for testing or discussing technical issues. Instead of naming an Internet-routable domain, they are to choose example.com or two others, example.net and example.org.

Misconfig gone, but is it fixed?

Output from the terminal command cURL shows that devices inside Azure and other Microsoft networks have been routing some traffic to subdomains of sei.co.jp, a domain belonging to Sumitomo Electric. Most of the resulting text is exactly what’s expected. The exception is the JSON-based response. Here’s the JSON output from Friday:

{"email":"email@example.com","services":[],"protocols":[{"protocol":"imap","hostname":"imapgms.jnet.sei.co.jp","port":993,"encryption":"ssl","username":"email@example.com","validated":false},{"protocol":"smtp","hostname":"smtpgms.jnet.sei.co.jp","port":465,"encryption":"ssl","username":"email@example.com","validated":false}]}

Similarly, results when adding a new account for test@example.com in Outlook looked like this:

In both cases, the results show that Microsoft was routing email traffic to two sei.co.jp subdomains: imapgms.jnet.sei.co.jp and smtpgms.jnet.sei.co.jp. The behavior was the result of Microsoft’s autodiscover service.

“I’m admittedly not an expert in Microsoft’s internal workings, but this appears to be a simple misconfiguration,” Michael Taggart, a senior cybersecurity researcher at UCLA Health, said. “The result is that anyone who tries to set up an Outlook account on an example.com domain might accidentally send test credentials to those sei.co.jp subdomains.”

When asked early Friday afternoon why Microsoft was doing this, a representative had no answer and asked for more time. By Monday morning, the improper routing was no longer occurring, but the representative still had no answer.

https://arstechnica.com/information-technology/2026/01/odd-anomaly-caused-microsofts-network-to-mishandle-example-com-traffic/