Microsoft makes 22 patches to software

Microsoft fixed 22 bugs in its software yesterday and closed several important security holes , including a critical flaw in Bluetooth.

According to the Vole, three of the patches fix problems in Windows The four bulletins patched issues in all versions of the Windows operating system and in Microsoft Visio 2003 Service Pack 3. Only one has been rated “critical.” The remaining three are just “important.”

Microsoft bulletin MS11-053, which addressed a critical vulnerability in the Windows Bluetooth stack on Windows Vista and Windows 7, is being seen as particularly important. Attackers could exploit the vulnerability by crafting and sending specially crafted Bluetooth packets to the target system to remotely take control.

The problem is how an object in memory is accessed when it has not been correctly started or if it has been deleted. Attackers can use this flaw to crash the system, install programs, access data and create new user accounts.

It is unlikely to be used much. The attacker would have to be within Bluetooth range to use it. However those who use gear in public spaces, such as airports, could be at risk.

The Bluetooth bug is a kernel-level problem and gives attackers “complete system access.”

The second priority patch addresses an “important” DLL-preloading issue in Visio 2003 Service Pack 3. This has been around since August 2010 and Microsoft has been busy trying to fix it with lots of different patches. It only affects those who use Visio in the enterprise although users could be at risk for remote code execution attacks on the unpatched machines.

Microsoft fixed 15 vulnerabilities in Windows kernel-mode drives. These would appear to be important but in reality the attacker has to already have access to the target system before these bugs can be exploited.