If you have a laptop with Bluetooth and Windows' Automatic Updates tool is nagging you about new patches, you might want to indulge it. According to ZDNet, the latest round of Patch Tuesday updates fixes a critical Bluetooth vulnerability that affects both Windows XP and Windows Vista.
How serious is the hole? Microsoft's security bulletin spells it out quite plainly: "The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." To blame is the Windows Bluetooth stack, which fails to correctly handle "a large number of service description requests."
As ZDNet explains, Microsoft recommends that affected users switch off their machines' Bluetooth functionality until they can apply the patch. Of course, an attacker must be in close proximity to the vulnerable system to exploit the hole—just a few meters, according to this Microsoft blog post. Still, the vulnerability could become problematic in places like Internet cafes, especially considering many laptops come with Bluetooth switched on by default.
|Gigabyte SA-SBCAP3350 puts formidable power on a single board||5|
|Alphacool Eisblock HDX-2 and HDX-3 help M.2 SSDs beat the heat||1|
|Corsair Lighting Pro Expansion Kit lets builders turn up the lights||3|
|Adata D16750 power bank is tougher than the average juice pack||6|
|Deals of the week: fast memory, an AM4 motherboard, and more||9|
|Corsair RMx White Series PSUs take a walk on the snowy side||20|
|Intel crams 100 GFLOPS of neural-net inferencing onto a USB stick||34|
|Toshiba's XG5 1TB NVMe SSD reviewed||8|
|Microsoft and Johnson Controls put Cortana in a thermostat||22|