Recent malware attacks such as the WannaCry and Petya ransomware epidemics have highlighted the need to keep our PCs fully updated if we want to remain even remotely safe from attack. It doesn’t matter if you’re running Windows 10 or MacOS, there are threats popping up all the time that companies are responding to with security patches. But it is not just your PC — ancillary devices like the HoloLens augmented reality headset can also be vulnerable.
Tuesday was Microsoft’s usual Patch Tuesday, its time of the month when it issues its main security update for Windows systems. This time around, as Trend Micro points on in its security blog, it was not just the core Windows components that were inoculated against potential threats — HoloLens also received its very first security patch.
According to Microsoft’s security advisory, CVE-2017-8584 is a vulnerability involving remote code execution that was identified in HoloLens, whereby the device does not correctly handle a specific kind of attack that is delivered via Wi-Fi. Trend Micro reports that HoloLens use is not very widespread compared to PCs and other more popular devices, but this particular patch is notable for being the first reminder that such systems can represent yet another vector of attack.
In fact, HoloLens is particularly interesting from a security perspective because it is an entirely stand-alone device that does not use a PC or other device such as a smartphone to do its computing. Systems like Oculus Rift and the HTC Vive rely on PCs and their software is continuously being updated to fix potential security vulnerabilities. But this Patch Tuesday could very well be the first time a stand-alone AR system has received a security patch.
July’s Patch Tuesday was not all about HoloLens, of course. Internet Explorer also got the usual round of fixes, as did Microsoft’s Edge browser that is meant to succeed the older application. A fix for Windows Search, CVE-2017-8589, was also released to ward off attacks that could allow a nefarious party to take over an infected system.
While the HoloLens patch is applicable to far fewer people, the rest of Patch Tuesday’s fixes are — as always — vital and we recommend users keep automatic updates turned on so these and other fixes are applied immediately. The vulnerability behind both WannaCry and Petya was fixed in March for actively supported systems, and so anyone running Windows 10 and was fully patched did not have to worry about infection. However, running an obsolete and unsupported version of Windows or turning updates off was an easy way to see that horrifying ransomware notice pop up.