Microsoft re-releases patch for Bluetooth flaw

Share this article:
Microsoft on Thursday re-released its June patch for a vulnerability in which Bluetooth-enabled devices could be attacked.

The reissued fix (bulletin MS08-030) only applies to devices running Windows XP Service Pack 2 or 3, Christopher Budd, security response communications manager for Microsoft, wrote in a blog post.

He said that after releasing the patch, one of seven issued on June 10, engineers noticed that the fix was not working for all operating systems. He did not elaborate on the cause of this.

"Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3," Budd said. "These are available now and are being delivered through the same detection and deployment tools as the original update."

When the patches initially were released, experts said the Bluetooth bulletin, which was ranked "critical" by Microsoft, was among the most interesting because individuals could be affected just by having Bluetooth enabled -- not through any interaction.

However, they said the threat was not severe for businesses because most corporate laptops do not have Bluetooth enabled.

Andrew Storms, director of security operations at nCircle, told SCMagazineUS.com on Thursday that he doubts anyone was exploited as a result of the flawed fix.

He said Microsoft quickly turned around a replacement.

"They could have known that there was a problem with it and waited a month but instead they decided to fast-track the fix," Storms said.

This is the second glitch to affect the June patch bundle. Earlier this week, Microsoft pushed out a fix for an issue in which some customers, depending on their configuration, were unable to deploy the patches.




Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.