Microsoft Vulnerability in Bluetooth Stack Could Allow Remote Code Execution

The single Critical vulnerability in today’s batch of security updates addresses an issue in the Bluetooth stack. Your workstations’ risk to this vulnerability varies, depending on a number of factors. I’d like to use this blog post to outline those risk factors.


This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability.
This security update is rated Critical for all supported editions of Windows Vista and Windows 7. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way that the Windows Bluetooth Stack handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Affected Software/Operating System : 
Windows Vista Service Pack 1 , Windows Vista Service Pack 2 , Windows Vista x64 Edition Service Pack 1 , Windows Vista x64 Edition Service Pack 2 , Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 , Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1

Read More at http://www.microsoft.com
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.