Patched MS Bluetooth Flaw Exposes Even Disconnected PCs

An anonymous reader writes "Among the 22 security holes Microsoft issued updates to fix yesterday is a critical kernel-level Bluetooth flaw that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network. An attacker could use the bug to gain access to any unpatched, Bluetooth-enabled Windows Vista or Win7 computer within 100 meters (or much further with specialized tools), all before the target system even gets an alert that another computer is requesting a Bluetooth connection."

Confusing

[Haedrian]

"even when the targeted computer is not connected to a network."
"target would merely need to have Bluetooth turned on."

Meh, not as scary as I thought. You shouldn't be running around with bluetooth on anyway. Also, if you're using a 'hidden' connection there's no real way for an attacker to find you is there?

So basically computers at risk are those who always leave bluetooth on and shown to everyone. Which unless you're trying to connect to a new device should be NEVER.

Re:Confusing

[kevinmenzel]

Yeah, there are ways of protecting the user. WHICH IS WHY THEY PATCHED THE HOLE. This isn't an unpatched vulnerability. The title even notes that this vulnerability was patched. They found the hole. They patched the hole. No more hole. No more trench. No blaming the user.

The only way a user would be vulnerable to this, is if they never updated. At which point, hell yeah, blame the user.

Re:Confusing

[peppepz]

You shouldn't be running around with bluetooth on anyway.

Actually, I should be able to, because it's useful.
It's my OS that should drop any packet I'm not interested in. Machines are supposed to do the work for me, not the opposite.

Re:Consequences?

[bloodhawk]

Sooooo you expect highly secure devices in military installations, cash machines, banks etc are blue tooth enabled and you think MS is the one that doesn't have a clue?