Patch Tuesday: MS Plugs Critical Hole in Bluetooth Stack

Pulkit Chandna

As it does on the second Tuesday of each month, Microsoft today delivered this month’s installment of security updates. June’s edition of Patch Tuesday only includes four security bulletins, which is significantly less compared to last month’s consignment of 16 security bulletins. Between them, the security bulletins released today address 22 vulnerabilities.

Except MS11-053, which is rated “critical”, all the other security bulletins are rated “important.” MS11-053 addresses a vulnerability in the Windows Bluetooth Stack (Windows 7 and Windows 7 Vista only). If exploited, the privately reported flaw could be used for remote code execution.

Despite the vulnerability being assigned the highest severity rating possible, Jerry Bryant, Microsoft’s group manager for security response, ruled out the possibility of a large-scale exploitation of the flaw in the wild. He is not too concerned as “an attacker would have to be in line-of-sight of you and would have to brute force their way into discovering your (network) address, and that would be assuming you are actively advertising it for them.”

As for the remaining security bulletins, all of which share the same severity rating, MS11-054 leads the way in terms of the number of vulnerabilities it addresses. It plugs no less than 15 holes in Windows Kernel-Mode Drivers. Out of the remaining two security bulletins, one resolves five vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS) while the other patches a publicly disclosed flaw in Microsoft Visio.

Around the web