'Patch Tuesday' addresses Bluetooth vulnerability
By Chris Taylor
13/07/2011
Companies with IT assets are being advised to take the new Microsoft 'Patch Tuesday' releases seriously, as a new system vulnerability has been discovered.
Computer Weekly reports that aside four minor system updates for the Windows operating system, there is a far more threatening issue that requires urgent patching.
The Microsoft Bulletin MS11-053 says that a Bluetooth Stack vulnerability could "allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system.
"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Microsoft added that this vulnerability is only limited to systems with Bluetooth capability on Windows 7 and Windows Vista. Any firm with automated patch management software should have already had this important fix installed.
Commenting on the Bluetooth exploit, Marcus Carey, a security researcher at vulnerability management firm Rapid7, said: "Wireless vulnerabilities such as MS11-053 are always quite sexy because if successfully exploited they allow attackers to do anything they want to the machine through Bluetooth wireless devices."
Cary said that an attacker is likely to need specialised equipment to have any success at infiltrating a system, therefore limiting the risk somewhat.
However, he added: "This should concern users who have internal Bluetooth devices or people who use after-market Bluetooth headphones, mouses, keyboards or printers through USB."
