Microsoft admits XP's Bluetooth patch didn't work
Re-releases security update, pins preliminary blame on 'human issues'
June 19, 2008 12:00 PM ETComputerworld - Microsoft Corp. asked for a patch do-over today as it re-released one of last week's security updates after realizing the original fix didn't do the job.
"After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin," Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), said in an e-mail. "As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue."
MS08-030 debuted June 10 as part of a group of seven security updates that patched 10 vulnerabilities in Windows and other Microsoft software. Called out by several analysts last week as the most interesting fix of the bunch, MS08-030 was supposed to plug a hole in Windows' implementation of Bluetooth, the short-range wireless protocol.
The update was one of three pegged "critical," the highest threat ranking in Microsoft's four-step scoring system.
Although the patch offered last week for Windows Vista and the 64-bit versions of Windows XP did the trick, the fix for the 32-bit editions of XP, including the new Service Pack 3 (SP3), did not, said Budd. He also promised that Microsoft would find out how the non-patching patch made it through the company's testing.
Human error, he added, is the likely cause. "As part of our standard process, we're beginning an investigation into how this happened," Budd said in a short entry to the MSRC's blog today. "We're just starting this investigation, but early on, it appears that there may have been two separate human issues involved. When we're done with our investigation, we'll take steps to better prevent it in the future."
Microsoft has had to re-release patches before. It most recently went back to the drawing board in March, when it was forced to re-issue a flawed update that had caused some versions of its Excel spreadsheet to make math mistakes.
The revised MS08-030 bulletin stated that the new patch for Windows XP has been seeded to the usual Microsoft distribution channels, including Automatic Updates, Windows Update and Windows Server Update Services (WSUS).
Microsoft
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
