If you have a laptop with Bluetooth and Windows' Automatic Updates tool is nagging you about new patches, you might want to indulge it. According to ZDNet, the latest round of Patch Tuesday updates fixes a critical Bluetooth vulnerability that affects both Windows XP and Windows Vista.
How serious is the hole? Microsoft's security bulletin spells it out quite plainly: "The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." To blame is the Windows Bluetooth stack, which fails to correctly handle "a large number of service description requests."
As ZDNet explains, Microsoft recommends that affected users switch off their machines' Bluetooth functionality until they can apply the patch. Of course, an attacker must be in close proximity to the vulnerable system to exploit the hole—just a few meters, according to this Microsoft blog post. Still, the vulnerability could become problematic in places like Internet cafes, especially considering many laptops come with Bluetooth switched on by default.