News

Bluetooth "critical" vulnerability for XP PCs fixed - again

by Guy J Kewney | posted on 20 June 2008

Microsoft's latest patch to its Bluetooth stack for PCs has had to be re-issued, apparently because the original patch didn't work for Windows XP (32-bit). It seems you don't actually have to have a Bluetooth device attached to your PC, to be vulnerable.

Full information about the "critical vulnerability" is contained in Microsoft Security Bulletin MS08-030 which was originally published: June 10, 2008 and updated today, June 19.

Microsoft Security Bulletin MS08-030 – Critical Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

is the title of the update report. The executive summary says:

This security update is rated Critical for all supported editions of Windows XP and Windows Vista. For more information, see the subsection, Affected and Non-Affected Software, in this section. The security update addresses the vulnerability by modifying the way that the Bluetooth stack handles a large number of service description requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
The FAQ section states:
Why was this security update reoffered on June 19, 2008?

Microsoft is reoffering the updates addressed in Microsoft Security Bulletin MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) because of issues affecting the Windows XP Service Pack 2 and Windows XP Service Pack 3 update.

The Windows XP Service Pack 2 and Windows XP Service Pack 3 update offered in Microsoft Security Bulletin MS08-030 did not fully address the vulnerability discussed in the security bulletin. All other versions of the security update provide protection against the issues discussed in the security bulletin.

The purpose of reissuing this bulletin is to provide the updated version of the security update affecting Windows XP Service Pack 2 and Windows XP Service Pack 3.

Customers who are running Windows XP Service Pack 2 and Windows XP Service Pack 3 should download and deploy this new security update.

Customers running Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 and all supported versions of Windows Vista who have already applied these original security updates do not need to take any further action.

Technorati tags:   
ooops - You can discuss this article on our discussion board.

Related Articles

  • [in News]
    Beware roving print hijackers with Pentax Bluetooth vulnerability[more...]
  • [in News]
    Bluetooth SIG starts to think about including UWB technology[more...]
  • [in News]
    High speed Bluetooth comes a step closer: enhanced data rate approved[more...]
  • [in News]
    Bluetooth - forget about snarfing, concentrate on interference[more...]
  • [in News]
    Motorola bares its Bluetooth grin and points to the PMG[more...]
  • [in Features]
    Awful Hannover. No, Munich! - awful hangover ...[more...]