Lucene search

K
mscveMicrosoftMS:ADV190017
HistoryJun 11, 2019 - 7:00 a.m.

Microsoft HoloLens Remote Code Execution Vulnerabilities

2019-06-1107:00:00
Microsoft
msrc.microsoft.com
79

0.007 Low

EPSS

Percentile

80.0%

Executive Summary

Microsoft is aware of vulnerabilities that affect the Broadcom wireless chipset included in the Microsoft HoloLens device. The vulnerabilities could allow an unauthenticated attacker in physical proximity to cause a denial of service condition or execute code on a target system. The vulnerabilities were issued CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

To address this issue, Microsoft has included the updated Broadcom firmware in the latest HoloLens update.

Recommended Actions

Microsoft recommends that customers install the June security update for HoloLens. See the Security Updates table for the link to the update and more information.