Microsoft Issues Fix Addressing Crucial Bluetooth Flaw in Windows
Microsoft, on July 12, 2011, for its Patch Tuesday security bulletin, released fixes, with a particularly critical update that addresses flaws in Windows Vista and Windows 7, states PCWorld dated July 13, 2011.
Interestingly, of all the security patches, MS11-053 is most important as it plugs a hole, which can let an attacker gain complete hold over a PC through the dispatch of malevolent Bluetooth wireless packs.
States group manager Jerry Bryant for Microsoft's security response, the hole mayn't be that exploitable since there are extenuating parameters among which one relates to the necessity for discovering Bluetooth on an attacked tool since it isn't available by default.
And during such search, it'd become easier for an attacker to insert matter, which enables the crash down of stack as also allows execution of malware on the system.
States Microsoft in its security advisory that the attacker can subsequently load programs; see, modify, or erase data; alternatively open fresh accounts having all of the user privileges.
Actually the vulnerability results from weak reviewing of access within the stack that'll conveniently gain admission into deleted or non-initialized memory segments related to data that's specified as existing. By forming malevolent packs crafted for dumping data inside the system's memory, it becomes convenient to develop a virus, which proliferates from one computer to another despite the PCs not being within a network.
One explanation why the vulnerability merely influences Windows Vista and 7, and not Windows XP type of legacy environments is that there's no inherent Bluetooth support for XP. Albeit, the more historical OSs are normally increasingly unsafe and susceptible, when certain vulnerability affects a more fresh technology, which wasn't into existence within the earlier OS, there's obviously no impact on the legacy environment.
Says leader of the MSRC Engineering Team, Jonathan Ness where the team includes Microsoft's software security technicians, his group trusts that developing any dependable exploit for executing malware will be hard through the utilization of the said vulnerability. Searchsecurity.com published this on July 12, 2011. Ness adds that the cyber-criminals will most probably utilize the vulnerability to find a method for triggering a DOS onto a target computer.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 19-07-2011