MS08-030 Not A Big Deal Says Microsoft

Microsoft released a patch for Bluetooth technology this month as part of the company's monthly batch of patches. While on the surface it seems like a significant risk, Microsoft says it's not really a big deal.

Writing in its Security Vulnerability Research & Defense blog, the company stated that "First, since the issue is triggered over a Bluetooth link, the attacker would have to be within fairly close physical proximity to the target system. \[...\] Second, as the security bulletin states, the issue is triggered by a flood of SDP messages. \[...\] Finally, the attacker needs to find a way to control the memory layout of the target system, and place data they control in the correct location, all within the timing window mentioned above."

So there you have it: As long as no one is using a high gain Bluetooth antenna in your vicinity and as long as no one is smart enough to figure out how to manipulate things into an amenable state, you're safe. Ahem.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.