Microsoft has launched a new app called “Emoji8” that allows users to compare their own facial expressions to emojis and get evaluated with scores.
“‘Emoji8’ uses ‘Windows Machine Learning (ML)’ to evaluate your facial expressions while you imitate a random selection of emojis. You can play on the app even when you don’t have an Internet connection,” Killian McCoy, Program Manager, Microsoft wrote in a blog-post on Friday.
The app is available for those using Windows 10 October 2018 update. It is available for free download in the Microsoft Store.
“This app will give you a great end-to-end example of how you can use the Windows ML APIs to create simple yet magical experiences,” McCoy added.
A Kerala-based application security engineer has won bug bounty from Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users’ accounts — from Office 365 to Outlook emails — open to hacking.
Sahad NK, who works as a security researcher with cybersecurity portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.
“Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them,” said Safetydetective on Tuesday.
The vulnerabilities were reported to Microsoft in June and fixed by November end.
“While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store,” said Sahad.
Sahad discovered that a Microsoft subdomain, “success.office.com”, had not been properly configured. He also found bug in Microsoft Office, Store and Sway products.
A string of bugs when chained together created the perfect attack to gain access to someone’s Microsoft account — simply by tricking a user into clicking a link.
“Anyone’s Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user,” said TechCrunch.