It’s the second Tuesday of the month, and it’s not just your Adobe Flash Player that you should be updating to protect against the latest discovered vulnerabilities.
Microsoft has released a range of security patches for a variety of its different products, including fixes for 57 flaws (including 19 critical-rated vulnerabilities) that could potentially be exploited by malicious hackers.
Some of the vulnerabilities labelled as “critical” are remote code execution vulnerabilities, which could be used by malicious hackers to run malicious code on computers without requiring user interaction.
Perhaps most curiously, one of the remote code vulnerabilities (which Microsoft acknowledges has been disclosed publicly) affects Hololens, Microsoft’s holographic augmented reality head-mounted display.
The Hololens vulnerability - known as CVE-2017-8584 - is described by Microsoft as follows:
A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted WiFi packet.
Yep, we’ve finally evolved to a point where people are having to update their augmented reality headsets with security patches. Hmm - maybe “evolved” is the wrong word.
But for those of us with their feet firmly planted in the real world, there are still plenty of fixes for more traditional products including Internet Explorer, Edge, Windows Explorer, and Microsoft Office.
Make sure that you have installed the latest security patches at your earliest opportunity. Home users and small businesses may in particular appreciate the benefits of turning on automatic updates.