Microsoft's June Patch Tuesday release included a critical fix affecting all Windows Vista and XP systems, which could allow attackers to wirelessly steal confidential information from laptops by exploiting a flaw in the Bluetooth stack. The Bluetooth stack flaw, detailed in Microsoft bulletin CVE-2008-1453 and rated 'critical', could allow an attacker to take complete control of an affected system, install programs, alter data or create new accounts with full user rights.
The MS08-030 patch modifies the way that the Bluetooth stack handles a large number of service description requests. Microsoft recommends applying the patch immediately and security experts advise users to turn off Bluetooth features until the patch has been applied. Matthew Aburn, director of security consultancy Halcyon, said the flaw was particularly dangerous because hardware manufacturers usually set the factory default for Bluetooth as 'active'.