Sunday, June 22, 2008

Microsoft re-issues one security fix for a Bluetooth hole

For an undisclosed reason, there continued to be a vulnerability in Windows XP's built-in protocol stack for Bluetooth, even after a patch released a week ago Tuesday was supposed to have addressed the problem.

Last week's round of Patch Tuesday updates from Microsoft included what had been described as a critical fix, over and above what the company had just released in Windows XP Service Pack 3, that addressed a potential problem with how the operating system's internal Bluetooth protocol stack responds to requests for certain services.

But as Microsoft's security team admitted yesterday, they later learned that, for some reason, systems with XP SP2 and XP SP3 weren't experiencing the full benefits of the fix. What isn't completely clear is how they learned that -- the team maintains there is no active exploit -- though it's possible the team may have discovered the persistent problem through continued testing.

So yesterday, the team reissued its security update, officially for Windows XP SP2 and SP3, 64-bit editions of Windows XP Professional including SP2, and 32- and 64-bit editions of Windows Vista, with and without SP1. However, an FAQ in the company's security bulletin states that the update is only critical for XP SP2 and XP SP3 users. "Customers running Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 and all supported versions of Windows Vista who have already applied these original security updates do not need to take any further action," the FAQ reads.

All that Microsoft will say about the Bluetooth protocol problem itself is that the stack may break when given too many service requests simultaneously -- essentially another type of stack overflow. It does not say how many simultaneous requests can trigger an overflow, including whether it's as few as two. But it does say an attacker can gain access to the system with high privileges.

What drew attention to the earlier divulgence of this vulnerability two weeks ago was that it impacted Vista users: that there was a way, despite tremendous improvements to the new system kernel, for a remote user to unduly obtain privileged access. Apparently the initial fix last week was sufficient for Vista users.



  • Microsoft woos hobbyist developers
  • Free software great and small
  • Next round of Microsoft ‘Patch Tuesday’ addresses Bluetooth problem
  • Microsoft extends the lifespan of Outlook Express, Hotmail anyway
  • Windows XP SP3 official release delayed, but download still available
  •