MIcrosoft rated the bug "critical, but members of the company's Secure Windows Initiative team are saying that a recently patched Bluetooth vulnerability is not such a big deal.
The bug could theoretically allow attackers to run code and PWN your system, but in a post entitled, "MS08-030: All bark and no bite? The case of the Bluetooth update," the SWI team said that MS08-030 is not one of those "the sky is falling" updates.
They gave three reasons for their conclusion:
1) You've got to be pretty close -- a few yards at best -- in order to make a Bluetooth connection.
2) There's a narrow window of opportunity to sent the malicious message that would trigger this bug."Based on our investigation, a single-processor machine is unlikely to be affected by this issue," the SWI team writes
3)The attacker must place their data in the computer's memory within this narrow window.
"The information above is presented to help customers understand that the “sky is not falling” in terms of immediate risk due to this vulnerability. That said, we still recommend customers patch any affected systems, especially those that have Bluetooth enabled," they write.
| Attachment | Size |
|---|---|
| childs_complaint.pdf | 63.09 KB |
