china wholesale electronics

June Patch Tuesday Addresses Bluetooth, Kill Bit

June Patch Tuesday Addresses Bluetooth, Kill Bit

Microsoft plans to issue seven sets of security patches on June 10 in a Patch Tuesday that will include critical fixes for Internet Explorer, DirectX and Bluetooth wireless software for Windows.
 
Beyond the critical fixes, Microsoft plans to release patches rated important. Important fixes are due for Active Directory, the Windows Internet Name Service (WINS), and the Pragmatic General Multicast (PGM) protocol, which Windows uses to stream media to multiple recipients.

The seventh update is rated moderate. This security update addresses "kill bit" for Windows. The patch disables code that has a known security bug.

The Bluetooth Bug

The Bluetooth critical update affects the latest versions of Windows, including Windows XP SP2 and SP3 and Windows Vista SP1. The vulnerability could allow attackers to take control of a computer from a remote location.

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Tyler Reguly, a security researcher at nCircle, said that by his records, this is the first time Microsoft has issued a Bluetooth patch. "I'm curious to see what it affects," he said, "especially given the rather small effective range of Bluetooth." Bluetooth has a range of about 30 feet.

Yet Another Kill Bit

The kill bit is a feature Microsoft invented to solve the problem of unexpected ActiveX execution in Internet Explorer. This is a flag that allows a user to prevent execution of some ActiveX items while running Internet Explorer.

"Microsoft is setting another kill bit," Regulay said. "I'll be interested to see what product it is this time. It was First4Internet XCP (Sony Rootkit incident) in 2005, and Yahoo Jukebox a few months ago."

This month Microsoft is acknowledging two denial-of-service vulnerabilities. Regulay said it's interesting that Microsoft is once again wavering on its DoS stance. Microsoft can't seem to make up its mind one way or another about whether or not DoS is a vulnerability, he said.

Exploiting User Privileges

Amol Sarwate, manager of the vulnerability research lab at Qualys, pointed to a critical update that affects the DirectX component of Windows. "The critical vulnerabilities allow remote users to run a malicious code of their choice on the victim's machine, allowing them to steal sensitive information," he said.

Three important patches are planned for components of the Windows operating system, including Active Directory, WINS and PGM. These vulnerabilities allow an attacker to cause a denial of service by crashing or rebooting the machine or the affected service, Sarwate explained.

keywords:bluetooth devices , Cheap Bluetooth ,Wholesale Bluetooth device