Microsoft warns of critical security hole in Bluetooth stack

Microsoft warns of critical security hole in Bluetooth stack

Summary: The Bluetooth stack vulnerability introduces remote code execution risks on Windows Vista and Windows 7.

SHARE:

Microsoft today shipped four security bulletins with patches for 22 serious security flaws and called special attention to a vulnerability in the Windows Bluetooth stack that could allow hackers to remotely take control of an affected computer.

The vulnerability, fixed with MS11-053, headlines a batch of updates that include fixes for gaping holes in the Windows kernel and security problems in the Windows Client/Server Run-time Subsystem.

[ SEE: Patch Tuesday head-up: 22 vulnerabilities in Windows, Office ]

The Bluetooth stack vulnerability introduces remote code execution risks on Windows Vista and Windows 7, Microsoft warned.

From the bulletin:follow Ryan Naraine on twitter

A remote code execution vulnerability exists in the Windows Bluetooth 2.1 Stack due to the way an object in memory is accessed when it has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a series of specially crafted Bluetooth packets and sending them to the target machine. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft's Jonathan Ness expects to see exploit code that simply causes denial-of-service attacks. However, Microsoft is recommending that users close off the attack surface by preventing any Bluetooth device from connecting to your computer.

The graphic below shows the Windows 7 Bluetooth Settings option for doing so. Side effect: Your Bluetooth mouse or headset will stop working until you re-allow Bluetooth devices to connect to your computer.

Separately, Microsoft is urging Windows users to pay attention to MS11-055, which covers a publicly disclosed vulnerability in the way that Microsoft Visio handles the loading of DLL files. .An attacker who successfully exploited this vulnerability could take complete control of an affected system.

This issue only affects Visio 2003 SP3 and it is rated "important." Newer versions like Visio 2007 and 2010 are not affected.

According to Amol Sarwate, vulnerability research lab manager at Qualys, this current strain of DLL pre-loading vulnerabilities was first identified in August of 2010 and plagues a large number of software packages, some from Microsoft and many from third party vendors.

"Addressing all of the vulnerabilities is a daunting task and will not be completed any time soon, so we recommend implementing the guidelines laid out in KB2269637 that provide an additional safety-net on the operating systems for all Windows applications," Sarwate said.

The other two bulletins MS11-054 and MS11-056 affect Windows Kernel-Mode Drivers (win32k.sys) and Windows Client/Server Runtime Subsystem (CSRSS) respectively. Both are rated as "important" and attackers who already have access to the target machine can use these vulnerabilities to get system level privileges.

Topics: Microsoft, Mobility, Security, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

39 comments
Log in or register to join the discussion
  • Another Day...

    ...another "critical security hole"!
    Gr8Music
    • RE: Microsoft warns of critical security hole in Bluetooth stack

      @Gr8Music

      Yeah because only Microsoft has those. Linux and OSX would never have security vulnerabilities.
      hopp64
      • Because only Microsoft has those...

        @hopp64 - Yeah, you keep dreamin' those dreams ;) and then try writing an OS that's completely bulletproof
        EnKrptyed
      • RE: Microsoft warns of critical security hole in Bluetooth stack

        @hopp64 No one made any comparison. But if you want to show us all how insecure you yourself are by drawing that comparison into the discussion feel free.
        snoop0x7b
      • Not this kind of vulnerability. Get within bluetooth range

        of a malicious computer and you're pwned. Physical access NOT required. Phishing NOT required.
        fr_gough
      • OS X has had this type of vulnerability

        @fr_gough
        I remember it very clearly:
        http://secunia.com/advisories/22068/

        Thankfully, these types of vulnerabilities are extremely rare but yes, they most certainly HAVE happened on OS X.
        toddybottom
      • RE: Microsoft warns of critical security hole in Bluetooth stack

        @hopp64 : Look at the SANS newsletters regarding vulnerabilities. If you say that Linux is secure, look at that. As for OS X - say "MacGuard" and "MacDefender". If it was secure, no one would of had the malware.
        Gis Bun
    • Ed will be all over this one

      Any second now;-)
      Richard Flude
  • RE: Microsoft warns of critical security hole in Bluetooth stack

    Oh my god! This must be kept from News International!
    bargeemike
  • Gosh!

    Zune tech in action. I guess the word "squirt" has a new connotation :P
    ego.sum.stig
    • RE: Microsoft warns of critical security hole in Bluetooth stack

      @ego.sum.stig@...

      Zune sharing technology doesn't use bluetooth. Nice try though...
      PollyProteus
  • Gosh!

    Zune tech in action. I guess the word "squirt" has a new connotation :P
    ego.sum.stig
  • What is with the title of this post?

    Wouldn't it be more accurate and helpful to use:<br>"Microsoft fixes critical security hole in Bluetooth stack"?

    Your title is inaccurate because there is no hole in the Bluetooth stack any more, it has been fixed. If fixed holes still count as "existing" then there are a LOT of holes in all versions of Windows, OS X, and Linux.
    toddybottom
    • They need to feed the troll like ego.sum.stig, ect

      @toddybottom
      from time to time so they throw them a bone or two to keep them happy I guess.

      It's no different then feeding the fish in your aquarium. ;)
      William Pharaoh
      • Are you suggesting ZDNet actually encourages trolls?

        @William Pharaoh
        Hmm, if so, that would be extremely unprofessional but it would explain why most of the responses in Windows articles are from Apple trolls and why flagging their rude, off topic responses does absolutely nothing.
        toddybottom
      • Well, golly

        @William Pharaoh

        A Troll calling someone else a a troll. Wonders will apparently be neverending.
        ego.sum.stig
    • RE: Microsoft warns of critical security hole in Bluetooth stack

      @toddybottom <br>Both the title and your proposed title are facts so no statement is more accurate than the other.
      anono
    • From a Security expert view...

      @toddybottom : the hole is not fixed until all installations of Vista and 7 are patched.

      So, the headline is correct, the hole still exists on unpatched systems. And since the patch was released today, we can expect a zero day vulnerability between today and next week, now that the vulnerability is in the wild and known.
      cosuna
      • By that definition, all holes are not fixed

        @cosuna
        Holes from 10 years ago are still not fixed on computers that haven't had patches installed in 10 years. It isn't that meaningful a statement.

        I won't belabor the point any more. It just seems to me that the bigger news item here is that a patch has been released and should be installed and that this could have been mentioned in the title. Instead, the bigger news item as far as ZDNet is concerned is that there is a security hole in Windows. As William has pointed out, and as I'm coming to realize, ZDNet is more about encouraging trolls to post than it is about disseminating information. Too bad for those of us actually interested in technology related news.
        toddybottom
      • Good point

        I think it's important. Many times updates come and PCs that automatically get them are good, ones that don't aren't. It's good that Ryan calls out the most important patches each times that way IT can do an accelerated testing/release of these patches, especially to laptops that will likely have bluetooth enabled. Think of the damage someone could do in an airport. Scary.

        Perhaps some think it's feeding the trolls but it's really a service to those who actually care. Sure, it gives the Anti-MS folks some fuel but in the end I'd much rather see an article like this, especially one with a headline that immediately makes me want to click on it.
        LiquidLearner