20 June 2008, 16:04

Bluetooth - the patch that didn't patch

Microsoft has released a new version of the patch to close the Bluetooth security hole in Windows XP SP2 and SP3. The version released on patch day did not do what it was supposed to, leaving systems vulnerable even after it was installed. According to Security Bulletin MS08-030, an error occurred when the Bluetooth service experienced a large number of service discovery protocol packets (SDP), permitting code to be injected and executed.

The new patch is already being distributed through Windows Update. The initial version of the patch for Vista fixed the security hole so it does not need updating. Microsoft is currently investigating how this error occurred. So far it seems that two separate instances of human error contributed.

Channels

Services

Bluetooth - the patch that didn't patch

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit