Microsoft re-releases patch for Bluetooth flaw

Share this article:
Microsoft on Thursday re-released its June patch for a vulnerability in which Bluetooth-enabled devices could be attacked.

The reissued fix (bulletin MS08-030) only applies to devices running Windows XP Service Pack 2 or 3, Christopher Budd, security response communications manager for Microsoft, wrote in a blog post.

He said that after releasing the patch, one of seven issued on June 10, engineers noticed that the fix was not working for all operating systems. He did not elaborate on the cause of this.

"Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3," Budd said. "These are available now and are being delivered through the same detection and deployment tools as the original update."

When the patches initially were released, experts said the Bluetooth bulletin, which was ranked "critical" by Microsoft, was among the most interesting because individuals could be affected just by having Bluetooth enabled -- not through any interaction.

However, they said the threat was not severe for businesses because most corporate laptops do not have Bluetooth enabled.

Andrew Storms, director of security operations at nCircle, told SCMagazineUS.com on Thursday that he doubts anyone was exploited as a result of the flawed fix.

He said Microsoft quickly turned around a replacement.

"They could have known that there was a problem with it and waited a month but instead they decided to fast-track the fix," Storms said.

This is the second glitch to affect the June patch bundle. Earlier this week, Microsoft pushed out a fix for an issue in which some customers, depending on their configuration, were unable to deploy the patches.




Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.