A remote code execution vulnerability exists in the Bluetooth stack in Microsoft Windows because the Bluetooth stack does not correctly handle a large number of service description requests.
The vulnerability could allow an attacker to run code with elevated privileges.
It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.
For more information about the Windows Product Lifecycle, visit Microsoft Support Lifecycle.
Microsoft is reoffering the updates addressed in Microsoft Security Bulletin MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) because of issues affecting the Windows XP Service Pack 2 and Windows XP Service Pack 3 update.
The Windows XP Service Pack 2 and Windows XP Service Pack 3 update offered in Microsoft Security Bulletin MS08-030 did not fully address the vulnerability discussed in the security bulletin.
This security update is rated Critical for all supported editions of Windows XP and Windows Vista.
An attacker could then take complete control of an affected system. The Windows Bluetooth Stack does not correctly handle a large number of service description requests. Bluetooth is an industry-standard protocol that enables wireless connectivity for computers, handheld devices, mobile phones, and other devices.
Visit the MSDN Bluetooth article for more information.
A remote code execution vulnerability exists in the Bluetooth stack in Microsoft Windows.
An attacker who successfully exploited this vulnerability could run code with elevated privileges.