Microsoft Reissues Critical Security Fix For Windows XPMicrosoft Reissues Critical Security Fix For Windows XP
The original patch worked on Windows Vista, but failed to accomplish its task in Windows XP SP2 and SP3, the Microsoft Security Response Center said.
June 20, 2008
Microsoft has reissued a critical patch for the Bluetooth stack in Windows XP, saying the original fix did not correct a vulnerability that a hacker could exploit to take control of a PC.
The original patch worked on Windows Vista, but failed to accomplish its task in Windows XP SP2 and SP3, Christopher Budd, a member of the Microsoft Security Response Center, said in the group's blog.
After releasing the patch in Security Bulletin MS08-30, Microsoft engineers "learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin," Budd said.
"Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not," he said.
The latest patch would be distributed through the same channels as the original fix, including Microsoft's Automatic Update tool.
A preliminary investigation of the original failing has found that it may be related to "two separate human issues," Budd said, offering no other details. "When we’re done with our investigation, we’ll take steps to better prevent it in the future."
The vulnerability within the Bluetooth stack, which handles communications over the wireless specification, would enable an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft labeled the flaw "critical."
Microsoft released the original fix June 10 in a package of seven security patches addressing 10 vulnerabilities. Three of the bulletins were rated "critical," three "important," and one "moderate."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023