Microsoft Vulnerability in Bluetooth Stack Could Allow Remote Code Execution

The single Critical vulnerability in today’s batch of security updates addresses an issue in the Bluetooth stack. Your workstations’ risk to this vulnerability varies, depending on a number of factors.

This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability.

This security update is rated Critical for all supported editions of Windows Vista and Windows 7.

The security update addresses the vulnerability by modifying the way that the Windows Bluetooth Stack handles objects in memory.

Affected Software/Operating System :
Windows Vista Service Pack 1 , Windows Vista Service Pack 2 , Windows Vista x64 Edition Service Pack 1 , Windows Vista x64 Edition Service Pack 2 , Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 , Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1