Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft issues its first HoloLens security patch in July’s Patch Tuesday

By

microsoft july 2017 patch tuesday hololens lowe s
Image used with permission by copyright holder
Recent malware attacks such as the WannaCry and Petya ransomware epidemics have highlighted the need to keep our PCs fully updated if we want to remain even remotely safe from attack. It doesn’t matter if you’re running Windows 10 or MacOS, there are threats popping up all the time that companies are responding to with security patches. But it is not just your PC — ancillary devices like the HoloLens augmented reality headset can also be vulnerable.

Tuesday was Microsoft’s usual Patch Tuesday, its time of the month when it issues its main security update for Windows systems. This time around, as Trend Micro points on in its security blog, it was not just the core Windows components that were inoculated against potential threats — HoloLens also received its very first security patch.

According to Microsoft’s security advisory, CVE-2017-8584 is a vulnerability involving remote code execution that was identified in HoloLens, whereby the device does not correctly handle a specific kind of attack that is delivered via Wi-Fi. Trend Micro reports that HoloLens use is not very widespread compared to PCs and other more popular devices, but this particular patch is notable for being the first reminder that such systems can represent yet another vector of attack.

Related

In fact, HoloLens is particularly interesting from a security perspective because it is an entirely stand-alone device that does not use a PC or other device such as a smartphone to do its computing. Systems like Oculus Rift and the HTC Vive rely on PCs and their software is continuously being updated to fix potential security vulnerabilities. But this Patch Tuesday could very well be the first time a stand-alone AR system has received a security patch.

July’s Patch Tuesday was not all about HoloLens, of course. Internet Explorer also got the usual round of fixes, as did Microsoft’s Edge browser that is meant to succeed the older application. A fix for Windows Search, CVE-2017-8589, was also released to ward off attacks that could allow a nefarious party to take over an infected system.

While the HoloLens patch is applicable to far fewer people, the rest of Patch Tuesday’s fixes are — as always — vital and we recommend users keep automatic updates turned on so these and other fixes are applied immediately. The vulnerability behind both WannaCry and Petya was fixed in March for actively supported systems, and so anyone running Windows 10 and was fully patched did not have to worry about infection. However, running an obsolete and unsupported version of Windows or turning updates off was an easy way to see that horrifying ransomware notice pop up.

Editors’ Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more