Bluetooth vulnerability fixed in latest Patch Tuesday update
July 17, 2011
Posted by on
Microsoft recently fixed an issue that allowed an attacker to exploit a weakness in the Bluetooth stack in Windows 7 and Windows Vista machines which would most likely crash a users machine. A remote code-injection attack would also be possible but difficult to execute. For once Windows XP users are safe as the problem has only existed since the Bluetooth stack was updated in Vista.
The exploit requires the PC to be in Discovery mode (which is not the default setup) which will broadcast the adaptor address out. If executed correctly, an attacker could exploit the vulnerability by constructing a series of specially crafted Bluetooth packets and sending them to the target machine. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights and take complete control of a system without any user notification at any time
There is also the chance of a non-bluetooth enabled laptop or desktop machine being compromised with the insertion of a USB dongle as Vista and Windows 7 come Bluetooth ready and will auto-initiate. If you don’t use Bluetooth and never intend to then the best defence is to totally disable the service.
This vulnerability is of course now fixed but the possibility of drive-by attacks has now been proven. Expect more similar exploits soon.