This post has been republished via RSS; it originally appeared at: MSRC Security Update Guide.An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic. Broadcom no longer supports their hardware on any Windows platforms. As such there is no security update available to address this vulnerability. We recommend that customers using HoloLens 1 devices with this WiFi client device do the following to protect themselves from this vulnerability: Update Wi-Fi routers to mitigate security vulnerabilities (for example, FragAttacks). Use WPA2-Enterprise with certificate-based authentication for HoloLens Wi-Fi. Don’t connect your HoloLens device to untrusted Wi-Fi networks. Don’t reuse Wi-Fi passwords. Don't use plain text HTTP connection. Enable Kiosk mode on your HoloLens device and prevent users from using apps that expose URL links.
MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device