ADV190017 — Microsoft HoloLens Remote Code Execution Vulnerabilities

Executive Summary

Executive Summary Microsoft is aware of vulnerabilities that affect the Broadcom wireless chipset included in the Microsoft HoloLens device. The vulnerabilities could allow an unauthenticated attacker in physical proximity to cause a denial of service condition or execute code on a target system. The vulnerabilities were issued CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. To address this issue, Microsoft has included the updated Broadcom firmware in the latest HoloLens update. Recommended Actions Microsoft recommends that customers install the June security update for HoloLens. See the Security Updates table for the link to the update and more information.

Overview

Important

MS Severity

Not Exploited

MS Exploit Status

Not Found

MS Exploit Likelihood

Category Remote Code Execution

Released Jun 11 2019

Last Updated Jun 11 2019

Publicly Disclosed No

CISA KEV Not Listed

Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

1 affected product

Product	KB Article	Severity	Impact	Restart Required
Windows 10 Version 1809 for HoloLens	`4503327 (Security Update)`	Important	Remote Code Execution	Yes

Patches

1 patch

Article	Type	Restart
`4503327`	Security Update	Yes

Known Exploits

No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.

Acknowledgments

Microsoft has not published researcher acknowledgments for this CVE, or they are not yet reflected in our data source. Check the MSRC advisory directly for the most current credit information.

References

MSRC Advisory MITRE NVD