13 stories
today

Microsoft HoloLens gets its first ever Patch Tuesday update

Since its dev kit release last Spring, the Microsoft HoloLens has managed to skate on by as a tool for app developers and businesses to gain a new perspective with mixed reality. Now marks another momentous occasion for the HoloLens, its first Patch Tuesday security update (via TechRepublic).

Yesterday’s large security release included over 50 fixes for vulnerabilities, including one for the Microsoft HoloLens. The flaw found in the mixed reality headset allowed cyberattackers access to the headset so much that they could take remote control of it.

According to the Security Update details page, Microsoft published the CVE-2017-8585 fix to address the flaw.

A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted WiFi packet.
The update addresses the vulnerability by correcting how Hololens handles objects in memory.
This could be the first step for the Microsoft HoloLens to become a commercial product. However, the device still has a long way to go before it can be available for public consumption. Perhaps not even until 2019, if some reports are to be believed. Still, the first security update is one to celebrate as the Microsoft HoloLens develops.

 

Further reading: , , ,

Are you keeping a close eye on Microsoft HoloLens?