Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft re-releases patch for Bluetooth flaw

Microsoft on Thursday re-released its June patch for a vulnerability in which Bluetooth-enabled devices could be attacked.

The reissued fix (bulletin MS08-030) only applies to devices running Windows XP Service Pack 2 or 3, Christopher Budd, security response communications manager for Microsoft, wrote in a blog post.

He said that after releasing the patch, one of seven issued on June 10, engineers noticed that the fix was not working for all operating systems. He did not elaborate on the cause of this.

"Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3," Budd said. "These are available now and are being delivered through the same detection and deployment tools as the original update."

When the patches initially were released, experts said the Bluetooth bulletin, which was ranked "critical" by Microsoft, was among the most interesting because individuals could be affected just by having Bluetooth enabled -- not through any interaction.

However, they said the threat was not severe for businesses because most corporate laptops do not have Bluetooth enabled.

Andrew Storms, director of security operations at nCircle, told SCMagazineUS.com on Thursday that he doubts anyone was exploited as a result of the flawed fix.

He said Microsoft quickly turned around a replacement.

"They could have known that there was a problem with it and waited a month but instead they decided to fast-track the fix," Storms said.

This is the second glitch to affect the June patch bundle. Earlier this week, Microsoft pushed out a fix for an issue in which some customers, depending on their configuration, were unable to deploy the patches.




Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.