An attacker could then install programs; view, change, or delete date; or create new accounts with full user rights.To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-1453.For more information, see the subsection, Affected and Non-Affected Software, in this section.The security update addresses the vulnerability by modifying the way that the Bluetooth stack handles a large number of service description requests.The updated versions of the affected security updates will be made available through all of the same distribution channels as the original security updates, including Automatic Updates, Windows Update and Windows Server Update Services. The file information details can be found in Microsoft Knowledge Base Article 951376.I am using an older release of the software discussed in this security bulletin. The affected software listed in this bulletin have been tested to determine which releases are affected. To determine the support life cycle for your software release, visit Microsoft Support Lifecycle.It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.For more information about the Windows Product Lifecycle, visit Microsoft Support Lifecycle.
An attacker who successfully exploited this vulnerability could take complete control of an affected system.For more information about the extended security update support period for these software versions or editions, visit Microsoft Product Support Services.Customers who require custom support for older releases must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options.Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office.For contact information, visit Microsoft Worldwide Information, select the country, and then click Go to see a list of telephone numbers.What might an attacker use the vulnerability to do?An attacker who successfully exploited this vulnerability could gain complete control over the affected system.When you call, ask to speak with the local Premier Support sales manager.For more information, see the Windows Operating System Product Support Lifecycle FAQ.Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality.Power Shell Script Method Run the following commands as an elevated administrator: $Bth Driver Keys = Get-Child Item "HKLM:\System\Current Control Set\Enum\usb" -recurse -Error Action Silently Continue | where foreach($Key in $Bth Driver Keys) How to undo the workaround Run the following commands as an elevated administrator: $Bth Driver Keys = Get-Child Item "HKLM:\System\Current Control Set\Enum\usb" -recurse -Error Action Silently Continue | where foreach($Key in $Bth Driver Keys) You can stop and disable the driver by using the following command at the command prompt (available in Windows XP and above, and in the Windows 2000 Resource Kit): sc config bthport start= disabled How to undo the workaround You can re-enable the Bluetooth driver by using the following command at the command prompt (available in Windows XP and above and in the Windows 2000 Resource Kit): sc config bthport start= demand What is the scope of the vulnerability?