Microsoft closes critical hole in Bluetooth stack
Microsoft has released four updates to close 22 security holes. Particularly noteworthy is update MS11-053 (KB2566220), which fixes a critical flaw in the Bluetooth stack on Windows 7 and Vista. Windows XP and the server systems are not affected. Sending a series of specially crafted Bluetooth packets to a vulnerable target system allows arbitrary code to be injected and executed.
Microsoft has assigned the problem only a "medium" exploitability rating, as the development of a reliable exploit for the hole is expected to be unlikely in the medium term, and it is generally expected to result only in a system crash. A successful attacker would also need to know the victim's Bluetooth address. However, as Windows systems are not in discovery mode by default, there is no simple way for potential attackers to obtain the address. As an alternative to applying the patch, Microsoft has suggested that users disallow Bluetooth connections, but doing so will also prevent such components as Bluetooth mice from functioning.
Update MS11-054 (KB2555917) fixes 15 problems in various Windows kernel mode drivers that allow users with limited access rights who are logged into a system to escalate their privileges. The holes are based on the flawed handling of pointers and affect all currently supported versions of Windows.
Five further vulnerabilities in the Microsoft Windows Client/Server Runtime Subsystem (CSRSS) also allow potential attackers to escalate their privileges. Update MS11-056 (KB2507938) fixes these problems. Microsoft has also released a patch for Visio 2003 to fix a vulnerability that became known as "DLL hijacking" or "binary planting" in mid 2010.
An overview of all the patches is available in the "Microsoft Security Bulletin Summary for July 2011".