Windows 10 Security: HoloLens Receives First Patch Tuesday Fix From Microsoft

This week marks another milestone for Microsoft's patch Tuesday with the first fix for vulnerability that affects HoloLen's mixed reality headset.

If utilized, the error in how HoloLens handles objects in memory may allow an attacker to "take control of an affected system" according to Microsoft Security Advisory .

The HoloLen remote code execution resolution, considered to be a low chance of exploitation, was released as part of yesterday's bundle with more than 50 security updates for Microsoft products.

"The device can be compromised by receiving only WiFi packages, apparently without any approval," analyzes the HoloLens error from the Zero Day Initiative Security ] (ZDI) security group. It affects Windows 10 and Windows Server 2016.

See: Microsoft HoloLens: The Smart Person's Guide

HoloLens is a wearable headset that designs digital images in the user's view, and currently only available to select users as a pre-release product. Microsoft calls it a mixed reality headset because it can place real-world digital objects in a credible way, such as putting a 3D model of a trophy on a real board.

While the HoloLens update resolves a problem in a set so new, it's unavailable to the public, Microsoft recently made headings for cutting out obsolete technology, when it issued a version of an extraordinary update For Windows XP which left Mainstream support in 2014.

A total of over 50 vulnerabilities were targeted by yesterday's patch, including 19 errors that were considered critical. Of the critical errors, six have enabled remote code execution.

ZDI highlights a critical error as it expects to be seen used in phishing campaigns. Vulnerability likely to be exploited allows an attacker to execute the code remotely after sharing a folder and a malicious executable file with the user.

While four of the 50 vulnerabilities are publicly known, no one is expected to be actively exploited at the moment.

Patches include fixes to Microsoft web browsers, both for Edge – related to missing correct HTTP content analysis – and Internet Explorer, which was updated with the latest Adobe Flash patch. There are also updates to resolve code and password execution in Office and PowerShell. ZDI states that some browser-related errors highlight the vulnerabilities of the engines used to perform JavaScript, the web's defacto scripting language.

And Microsoft- Demo from holo lens

Picture: Microsoft

Read more about security

Source link