Microsoft: 10 patches for Windows

All of the critical items plug holes vulnerable to remote code execution (RCE) exploits in Windows programs interacting with wireless protocol using voice and data for Bluetooth, Internet Explorer and Microsoft DirectX, an application programming function in Windows.

Meanwhile, the important fixes are designed to block elevation of privilege and denial of service from would-be hackers in Windows Internet Name Service, Active Directory and Pragmatic General Multicast, a transport protocol in Windows programs used for file transfer and streaming media.

The moderate patch applies to the kill bit function in Windows programs, a method by which a user can shut off an ActiveX control in IE.

But it's the Bluetooth vulnerability, experts say, that is most important to patch because it exemplifies the relatively nascent attack vector of wireless peripherals.

"[The Bluetooth vulnerability] is noteworthy because user interaction is not required," said Ben Greenbaum, senior research manager for Symantec. "All that is required is for the device to have Bluetooth on and to be within range of the attacker. That's something IT guys should look at first."

Second to that in importance, according to Greenbaum, is the patch for Active Directory, a critical component to system setting in a Windows processing environment. He added that the IE patch is also "very mission-critical."

Critical fixes

Bluetooth technology and how it interoperates with Windows components and applications is the theme of the first critical patch. According to Redmond, it resolves "a privately reported vulnerability in the Bluetooth stack in Windows" which could allow a hacker carte blanche -- edit, delete, change and write capabilities -- over an enterprise system. The affected systems are all versions of Windows XP, Service Packs 2 and 3, and Vista SP1.

"The Bluetooth bulletin is the most interesting critical patch that deserves keen attention," said Paul Zimski of Scottsdale, Ariz.-based Lumension Security. "The impact of a remote code execution in Windows Bluetooth could mean that it's possible to attack a victim's computer just by being within close proximity and not actually being on the network itself."