June 14, 2021

Microsoft Patches Bluetooth Hole in July’s Patch Tuesday

(LiveHacking.Com) — As expected, Microsoft has released 4 security bulletins to address 22 vulnerabilities in Windows and Office. One of the bulletins is rated Critical, and the other three as Important. Microsoft has marked one bulletin, MS11-053, as a high deployment priority:

  • MS11-053 (Bluetooth Stack). This security bulletin resolves one privately reported vulnerability in the Windows Bluetooth Stack. This bulletin is rated Critical for Windows Vista and Windows 7 platforms. All prior versions of Windows are unaffected.

Microsoft is encouraging all customers to apply MS11-053 first, before deploying the rest of the July updates. If you have Automatic Update enabled on your computer, you will not need to take any action; the tool ensures that the updates are applied and the system is protected.

According to the executive summary, the vulnerability resolved in MS11-053 could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Naturally it  only affects systems with Bluetooth capability.

On the Microsoft Office front, Redmond fixed a problem with Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.