Operating system and software has been vulnerable to so many threats and it is software manufacturer’s duty to provide fix to all those bugs. In the same fashion, Microsoft has recently rolled out 22 vulnerabilities in Windows operating system and Office suites, which also had the bug related to Bluetooth functionality in Windows Vista and Windows 7 operating systems. This bug was being used to hack or highjack the nearby computer or Bluetooth enable devices.
Last week, Microsoft released 4 updates which are called “Bulletin” and only one update amongst these 4 updates was labeled as “critical”. “Critical” label is supposed to be considered one of the most important ratings in companies 4 step scoring systems. The other three updates were marked as “critical” which is the next most important rating after “critical.”
The number of vulnerabilities, which were released in the month of July, is equal to the count which was released in Feb this year. This count is very less as compared to the 64 of April and 34 of June.
Director of security operations, nCricle Security, Andrew Storms said that “it’s quirky, and it is remotely exploitable,” which means it makes Windows Vista and Windows 7 operating system’s Bluetooth stack very vulnerable.
Amol Sarwate, Manager of Qualys’ Vulnerability also agreed to the point and disclosed his concerns for the user who uses Bluetooth devices with their computer are the most affected and targeted users for this bug. It is very important for a user to apply such patch as it can highjack the Bluetooth stack.
The bug “This one’s sexy” is a generic spyware which is able to access your computer using Bluetooth communication even without user’s agreement and knowledge. It is very easy for an attacker or hacker to deploy such malicious program as they can do it by simply accessing any hot-spot or free wireless internet access, said Marcus Carey, Security researcher of Rapid7. One amazing fact is that the 10 years old operating system , Windows XP, is completely untouched by this bug even if it also supports the Bluetooth compatibility.
MS11-053 is the patch which was top in the chart and Microsoft came forward in defiance saying that computer’s 48 bit Bluetooth address is impossible to crack by any user. An attacker can only obtain the Bluetooth address by any alternate method in the default state. Those alternate methods can be either via brute forcing or by capturing Bluetooth traffic over-the-air. This fact was brought forward by Jonathan Ness, engineer in Microsoft Security Response Center.
Experts pointed out the fact that it can be very fulfilling for some attackers as it can be deployed for targeted users. Like if an attacker knows you or any user holds some important data on his/her computer, they can simply take use of this bug to get information out of your system.