[ insider_reports_insider ]
Microsoft Closes Critical Bluetooth Flaw
David Utter
Staff Writer
2008-06-11
 Insider Reports RSS Feed
The monthly updates from Microsoft brought a few Critical repairs to its customers; one fix corrected a remotely executable vulnerability in the Bluetooth stack.
 | | Microsoft Closes Critical Bluetooth Flaw |  |
June's Patch Tuesday distribution involved seven Security Bulletins, with three receiving the dreaded Critical rating. Critical flaws mean the potential for the most dangerous exploits, remote executables, exists.
The Bluetooth stack, enabling short range wireless communication between devices using that protocol, needed a Critical fix. As the Bluetooth stack could not correctly handle a large number of service description requests, an attacker would gain complete control over the affected system by flooding it with specially crafted Service Discovery Protocol (SDP) packets.
Microsoft also corrected Critical issues in Internet Explorer and DirectX. Internet Explorer versions 5.01, 6, and 7. Both vulnerabilities covered by the patch could have been exploited in a drive-by fashion, should the unpatched browser visit a malicious page designed to attack the flaw.
The DirectX patch modified a prior fix for the issue, MS07-064. Older versions of DirectX 7 and 8.1 on Windows 2000 machines contained a vulnerability to Synchronized Accessible Media Interchange (SAMI), which is used to provide captions in media files.
Windows systems using DirectX 9 and 10 were not open to the SAMI issue, but were vulnerable to the way the Windows MJPEG Codec handles MJPEG streams in Audio Video Interleave (AVI) and Advanced Systems Format (ASF) files, common to Windows Media Player.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
