Title

Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in the Windows Bluetooth Stack. To exploit this vulnerability, an attacker would need to be in the proximity of the affected system to send a series of malicious Bluetooth packets within the range of Bluetooth radio spectrum. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise the affected system. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Bluetooth Stack Vulnerability - (CVE-2011-1265): A remote code execution vulnerability exists in the Windows Bluetooth 2.1 Stack due to the way an object in memory is accessed when it has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a series of specially crafted Bluetooth packets and sending them to the target machine.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-053 (2566220). Vulnerable Applications/Systems: Windows Vista SP1* and SP2 (x86 and x64) Windows 7 and Windows 7 SP1 (x86 and x64) *Windows Vista Service Pack 1 is only affected when the optional Windows Vista Feature Pack for Wireless has been installed. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below. Bthport.sys *Windows Vista SP1 – 6.1.6002.22204 Windows Vista SP2 – 6.0.6002.18457 or 22629 Windows 7 – 6.1.7600.16805 or 20955 Windows 7 SP1 – 6.1.7601.17607 or 21719

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-29384

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.