News

Microsoft fixes Bluetooth vulnerability, Windows kernel flaws ahead of Black Hat 2011

Robert Westervelt, News Director

Microsoft issued four security bulletins, addressing flaws in the Windows kernel driver ahead of a Black Hat 2011 security conference presentation and a critical Bluetooth

    Requires Free Membership to View

vulnerability  that could be targeted by a nearby attacker.

We believe it will be difficult to build a reliable exploit for code execution using this vulnerability.

Jonathan Ness, MSRC Engineering

The software giant fixed 22 flaws as part of its July 2011 Patch Tuesday security updates.

The critical Bluetooth vulnerability could allow remote code execution if an attacker sends malicious packets to an affected system. If an attacker successfully exploits the memory corruption error, he could gain full user rights and can install programs and change and delete data. “This vulnerability only affects systems with Bluetooth capability,” Microsoft said. The update is rated “critical” for Bluetooth running on Windows Vista and Windows 7.

In a related blog entry, Jonathan Ness of the MSRC engineering team said the risk to end-user computers for the vulnerability varies. Most computers are configured by default to block external devices from discovering the machine’s 48-bit Bluetooth address, Ness said.  In addition, an attacker must be physically nearby to target a victim, he said.

“We believe it will be difficult to build a reliable exploit for code execution using this vulnerability,” Ness wrote. “It’s more likely that attackers will discover a way to cause a system denial-of-service using this vulnerability.”

Kernel-mode flaws patched prior to Black Hat presentation

Microsoft issued a security bulletin addressing 15 Windows kernel-mode vulnerabilities. The flaws were reported to the software vendor by Tarjei Mandt, a security researcher with security firm Norman, based in Norway.

Mandt is scheduled to present on Windows kernel attacks Aug. 3 at Black Hat 2011 in Las Vegas.  The most severe flaw could enable an attacker to elevate their privileges if logged on locally. The update affects all supported versions of Windows.  According to Mandt’s presentation description, a Windows mechanism called user-mode callbacks may have introduced hundreds of subtle vulnerabilities that can be exploited.

Microsoft also fixed five vulnerabilities in its CSRSS system process, which could also enable an attacker to gain elevated privileges on a user’s system and an update repairing a flaw in Microsoft Visio.