Microsoft admits to failure with Bluetooth patch

**Glaswegian** · 06-23-2008, 12:28 PM

Microsoft has re-released one of last week's security updates after realising the patch it had issued didn't do the job.

"After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin," Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), said. "As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue."

MS08-030 was part of a group of seven security updates that patched 10 vulnerabilities in Windows and other Microsoft software. Called out by several analysts last week as the most interesting fix of the bunch, MS08-030 was supposed to plug a hole in Windows' implementation of Bluetooth, the short-range wireless protocol. The update was one of three pegged "critical," the highest threat ranking in Microsoft's four-step scoring system.

Although the patch offered last week for Windows Vista and the 64-bit versions of Windows XP did the trick, the fix for the 32-bit editions of XP, including the new Service Pack 3 (SP3), did not, said Budd. He also promised that Microsoft would find out how the non-patching patch made it through the company's testing.

http://www.techworld.com/security/ne...&NewsID=101976

06-23-2008, 12:28 PM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,449 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Microsoft admits to failure with Bluetooth patch Microsoft has re-released one of last week's security updates after realising the patch it had issued didn't do the job. "After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin," Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), said. "As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue." MS08-030 was part of a group of seven security updates that patched 10 vulnerabilities in Windows and other Microsoft software. Called out by several analysts last week as the most interesting fix of the bunch, MS08-030 was supposed to plug a hole in Windows' implementation of Bluetooth, the short-range wireless protocol. The update was one of three pegged "critical," the highest threat ranking in Microsoft's four-step scoring system. Although the patch offered last week for Windows Vista and the 64-bit versions of Windows XP did the trick, the fix for the 32-bit editions of XP, including the new Service Pack 3 (SP3), did not, said Budd. He also promised that Microsoft would find out how the non-patching patch made it through the company's testing. http://www.techworld.com/security/ne...&NewsID=101976 __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner