Pin Me

Explaining the June 2008 Microsoft Security Update: Bluetooth, DirectX and IE Security Loopholes

written by: John Lister•edited by: Tricia Goss•updated: 12/31/2008

Microsoft's latest security update includes fixes for three serious security threats. Find out what the problems are and what risks you face if you don't have Automatic Updates switched on.

  • slide 1 of 2
    The June security update from Microsoft contains seven fixes, three of which the company ranks as ‘critical’. Windows users will have already received these unless they have switched off the Automatic Updates service. If you’re in that position, it’s worth visiting Microsoft’s website to manually install the fixes for these three particular issues.

    Bluetooth Loophole in Windows
    The most serious involves the Bluetooth features in both XP and Vista. Microsoft found a loophole in the way Windows uses the system which meant a hacker making a Bluetooth connection could theoretically take complete controls of Windows. It wouldn’t allow widespread hacking as anyone exploiting it would have to be within a few feet of a computer (and carrying their own device) to take advantage. But it could have serious consequences as it would allow a hacker to install any software they wanted (such as keyloggers which could capture user names and passwords), or simply read and alter data stored on the machine. Microsoft actually had to issue a second fix for this problem after the original update didn’t completely solve the problem in XP. The firm says this was down to human error rather than any technical failure.

    DirectX Loophole in Windows
    The second critical problem relates to DirectX, a system used in Windows for multimedia, particularly in gaming. As with the Bluetooth bug, hackers could conceivable have used DirectX files to take control of a user’s system.

    Internet Explorer Bugs in Windows
    The other critical issue involves two bugs in Internet Explorer which could be triggered by visiting a specially designed webpage. Doing so would either leave a computer open to attack, or would reveal information about the user. It appears this problem was uncovered by a specific attempt at phishing -- tricking users into visiting a web page that appears to belong to an official source such as an online bank. While Microsoft obviously had to announce this bug now, they will likely have considered it poor timing given the high-profile release of the latest edition of rival browser Firefox, which many commentators believe is less vulnerable to such bugs. That’s true to an extent, though it’s also possible hackers will be more likely to target Internet Explorer simply because it has many more users.

    If you're a Vista user, you can find out more about Windows' security features in Joli Ballew's article on the built-in Vista Security Center.

  • slide 2 of 2


    DirectX packaging