Security Basics mailing list archives

Re: MS08-030 - Critical (if you do not run bluetooth?)

From: krymson () gmail com
Date: 2 Apr 2009 18:01:20 -0000

I would go ahead and just install the patch, like you were leaning towards doing. Several reasons:

1. In case someone somewhere tries to use a bluetooth device or enable bluetooth.

2. Let's assume you will never have bluetooth. Putting the patch on has no value, and leaving the patch out may have no
value. But...

3. Less complication for your patch reporting or vuln reporting. I actually would find some value in cleaning up my
vuln assessment scans and wsus/patching reports. And rather than mess with an exception, I'd just install the patch and
forget about it.

Another way to look at it: If an auditor comes in and does his own scan with his own tool, he won't right away know
you're just ignoring a patch as not needed. He'll either ding you or best case inquire about it (because he expects
you're just ignoring) and waste some time/paper, minimal as it may be.

<- snip ->
What are folks doing about this patch:

"MS08-030 - Critical

Vulnerability in Bluetooth Stack Could Allow Remote Code Execution

(951376)

* This vulnerability only affects systems with Bluetooth capability."

Given the classic risk formula (Risk = Threat x Vulnerability) it is

logical to determine that if your desktops do not have Bluetooth

functionality and user's cannot install such devices, the attack vector

is cut off, so the threat is mostly non-existent, thereby making the

risk negligible.

I am leaning towards patching as just part of good patch management

hygiene, but what would you do if you have no intention to deploy

Bluetooth on your devices?

Regards,

Mark

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online information security
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total
hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------

Current thread:

MS08-030 - Critical (if you do not run bluetooth?) Eggleston, Mark (Apr 02)
- Re: MS08-030 - Critical (if you do not run bluetooth?) Robin Wood (Apr 03)
- Re: MS08-030 - Critical (if you do not run bluetooth?) Chris (Apr 03)
- <Possible follow-ups>
- Re: MS08-030 - Critical (if you do not run bluetooth?) krymson (Apr 03)
- Re: Re: MS08-030 - Critical (if you do not run bluetooth?) ad33lh (Apr 03)