This week marks another milestone for Microsoft's patch Tuesday with the first fix for vulnerability that affects HoloLen's mixed reality headset.
If utilized, the error in how HoloLens handles objects in memory may allow an attacker to "take control of an affected system" according to Microsoft Security Advisory .
The HoloLen remote code execution resolution, considered to be a low chance of exploitation, was released as part of yesterday's bundle with more than 50 security updates for Microsoft products.
"The device can be compromised by receiving only WiFi packages, apparently without any approval," analyzes the HoloLens error from the Zero Day Initiative Security ] (ZDI) security group. It affects Windows 10 and Windows Server 2016.
HoloLens is a wearable headset that designs digital images in the user's view, and currently only available to select users as a pre-release product. Microsoft calls it a mixed reality headset because it can place real-world digital objects in a credible way, such as putting a 3D model of a trophy on a real board.
While the HoloLens update resolves a problem in a set so new, it's unavailable to the public, Microsoft recently made headings for cutting out obsolete technology, when it issued a version of an extraordinary update For Windows XP which left Mainstream support in 2014.
A total of over 50 vulnerabilities were targeted by yesterday's patch, including 19 errors that were considered critical. Of the critical errors, six have enabled remote code execution.
ZDI highlights a critical error as it expects to be seen used in phishing campaigns. Vulnerability likely to be exploited allows an attacker to execute the code remotely after sharing a folder and a malicious executable file with the user.
While four of the 50 vulnerabilities are publicly known, no one is expected to be actively exploited at the moment.