Microsoft issues critical security patches. Have you updated yet?

Graham Cluley

Microsoft issues critical security patches. Have you updated yet?

Microsoft issues critical security patches. Have you updated yet?

It’s the second Tuesday of the month, and it’s not just your Adobe Flash Player that you should be updating to protect against the latest discovered vulnerabilities.

Microsoft has released a range of security patches for a variety of its different products, including fixes for 57 flaws (including 19 critical-rated vulnerabilities) that could potentially be exploited by malicious hackers.

Some of the vulnerabilities labelled as “critical” are remote code execution vulnerabilities, which could be used by malicious hackers to run malicious code on computers without requiring user interaction.

Perhaps most curiously, one of the remote code vulnerabilities (which Microsoft acknowledges has been disclosed publicly) affects Hololens, Microsoft’s holographic augmented reality head-mounted display.

Microsoft Hololens

The Hololens vulnerability – known as CVE-2017-8584 – is described by Microsoft as follows:

A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted WiFi packet.

Yep, we’ve finally evolved to a point where people are having to update their augmented reality headsets with security patches. Hmm – maybe “evolved” is the wrong word.

But for those of us with their feet firmly planted in the real world, there are still plenty of fixes for more traditional products including Internet Explorer, Edge, Windows Explorer, and Microsoft Office.

Make sure that you have installed the latest security patches at your earliest opportunity. Home users and small businesses may in particular appreciate the benefits of turning on automatic updates.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Microsoft issues critical security patches. Have you updated yet?”

  1. Your comment about 'Hololens' makes me despair.

    Why oh why cannot I be left with the simplified computer I started with?

    Surely it is possible to leave me with email, Google search and banking facilities only?

    1. I rather like using Linux at home. I prefer Backbox (https://backbox.org/) as it's slick and pretty and seems to be the most tolerant of my ropey old/new hardware & it's never not installed for me. I like the XFCE menu. My usage profile is probably not much different to your stated use case, so I don't make use of the fancy programs installed – I'm just in it for the stability & slick functionality.

      If you really only want the bare minimum, then perhaps you should give one of the lightweight Linux flavours a lick? Here's some info about the ethos of the GNU Project http://static.fsf.org/nosvn/FSF30-video/FSF_30_360p.webm (the "Linux" kernel is the glue that makes the GNU Project's programs all hum along, but the name Linux is catchier, I think & stuck in the collective conciousness).

      For an adorable look at a really simple system called CrunchBang (https://crunchbangplusplus.org/), check out https://youtu.be/9SEc3wnO60o (BTW, the idea of this channel is so cool – showing your typical user doing some set tasks, with zero intro into the OS).

    2. Actually, having just watched this https://youtu.be/mWyqJ50lho4 I might well investigate ArchLinux (https://www.archlinux.org/) it does seem really freeing & his Mum looks like she's absolutely loving the experience & especially about the customisability & minimalism (as desired).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES