Microsoft closes critical hole in HoloLens in new patch round
Microsoft has closed a total of more than fifty vulnerabilities in its latest patch round, also known as patch Tuesday. Among them are nineteen critical vulnerabilities, one of which is present in the ar headset HoloLens.
According to Microsoft, the leak in the headset is not actively being attacked, which is not surprising since there are not many copies of the HoloLens in circulation. The description of the vulnerability indicates that an attacker was able to remotely execute malicious code and take over the device. This was possible with the help of a special WiFi package, after which it was possible to install programs and change data.
Zero Day Initiative reports that the leak is notable, as it appears to be exploitable without requiring any form of authentication. The vulnerability with attribute CVE-2017-8584 is related to the way the HoloLens handles memory objects. Microsoft also closed other rce vulnerabilities in this patch round, for example in Windows Explorer and in Windows Search.
Microsoft has published the full list of updates. Those who prefer to see all updates on the same page can use a PowerShell tool from Microsoft’s John Lambert. It can be found on GitHub, Bleeping Computer reports. He also uses this to create overviews, including the most recent.