Microsoft issues critical security patches. Have you updated yet?

19 critical vulnerabilities addressed by latest Patch Tuesday updates.

Microsoft issues critical security patches. Have you updated yet?

It's the second Tuesday of the month, and it's not just your Adobe Flash Player that you should be updating to protect against the latest discovered vulnerabilities.

Microsoft has released a range of security patches for a variety of its different products, including fixes for 57 flaws (including 19 critical-rated vulnerabilities) that could potentially be exploited by malicious hackers.

Some of the vulnerabilities labelled as "critical" are remote code execution vulnerabilities, which could be used by malicious hackers to run malicious code on computers without requiring user interaction.

Perhaps most curiously, one of the remote code vulnerabilities (which Microsoft acknowledges has been disclosed publicly) affects Hololens, Microsoft's holographic augmented reality head-mounted display.

Microsoft Hololens

The Hololens vulnerability - known as CVE-2017-8584 - is described by Microsoft as follows:

A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted WiFi packet.

Yep, we've finally evolved to a point where people are having to update their augmented reality headsets with security patches. Hmm - maybe "evolved" is the wrong word.

But for those of us with their feet firmly planted in the real world, there are still plenty of fixes for more traditional products including Internet Explorer, Edge, Windows Explorer, and Microsoft Office.

Make sure that you have installed the latest security patches at your earliest opportunity. Home users and small businesses may in particular appreciate the benefits of turning on automatic updates.

Tags: , , , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , , ,

3 Responses

  1. BaliRob

    July 12, 2017 at 9:54 am #

    Your comment about 'Hololens' makes me despair.

    Why oh why cannot I be left with the simplified computer I started with?

    Surely it is possible to leave me with email, Google search and banking facilities only?

    • furriephillips in reply to BaliRob.

      July 12, 2017 at 4:39 pm #

      I rather like using Linux at home. I prefer Backbox (https://backbox.org/) as it's slick and pretty and seems to be the most tolerant of my ropey old/new hardware & it's never not installed for me. I like the XFCE menu. My usage profile is probably not much different to your stated use case, so I don't make use of the fancy programs installed – I'm just in it for the stability & slick functionality.

      If you really only want the bare minimum, then perhaps you should give one of the lightweight Linux flavours a lick? Here's some info about the ethos of the GNU Project http://static.fsf.org/nosvn/FSF30-video/FSF_30_360p.webm (the "Linux" kernel is the glue that makes the GNU Project's programs all hum along, but the name Linux is catchier, I think & stuck in the collective conciousness).

      For an adorable look at a really simple system called CrunchBang (https://crunchbangplusplus.org/), check out https://youtu.be/9SEc3wnO60o (BTW, the idea of this channel is so cool – showing your typical user doing some set tasks, with zero intro into the OS).

    • furriephillips in reply to BaliRob.

      July 12, 2017 at 5:13 pm #

      Actually, having just watched this https://youtu.be/mWyqJ50lho4 I might well investigate ArchLinux (https://www.archlinux.org/) it does seem really freeing & his Mum looks like she's absolutely loving the experience & especially about the customisability & minimalism (as desired).

Leave a Reply