On Tuesday, Microsoft released shield fixes for desktop users and network administrators alike. Seven shield bulletins address 10 vulnerabilities, three of them critical.

protection researchers say the critical patches that affect Windows desktop users should be given the highest priority.

There are plus three urgent patches, MS08-034, MS08-035 and MS08-036, that affect Windows servers, as well as a moderate patch. Managers of Windows servers should install these patches. MS08-032 is the moderate patch and addresses the “kill bit” for Windows. The patch disables cipher with a known defense bug.

Betting on Bluetooth

“The vulnerability in the Bluetooth stack is particularly noteworthy considering it allows an attacker in range of a Bluetooth-enabled device running Windows XP or Vista to take control of that device,” said Ben Greenbaum, senior research manager for Symantec protection Response. “User interaction is not due. All that is due is for the device to have Bluetooth on and to be within range of the attacker.”

Tyler Reguly, a defense engineer with nCircle, a network shield firm that works with companies like ESPN and Safeway and government agencies like the FCC, said he finds the Bluetooth patch interesting considering it’s a vulnerability in a popular wireless protocol.

“It is remote cipher execution in both XP and Vista. citizens traveling with laptops are probably the most likely to have Bluetooth enabled,” Reguly said. “It’s urgent to keep in mind the limited range of Bluetooth, which is what, in my opinion, somewhat limits the severity of the vulnerability.”

The IE Trend

According to Amol Sarwate, manager of the vulnerability research lab at Qualys, the most serious of that month’s patches is the vulnerability in World Wide Web Explorer, MS08-031, which is a zero-day threat.

“Victims would only need to visit a compromised site in order to be affected by the remote cipher for viruses, worms and other…

Orginal post by Top Tech News