Microsoft has released four updates to close 22 security holes. Particularly noteworthy is update MS11-053 (KB2566220), which fixes a critical flaw in the Bluetooth stack on Windows 7 and Vista. Windows XP and the server systems are not affected. Sending a series of specially crafted Bluetooth packets to a vulnerable target system allows arbitrary code to be injected and executed.
Microsoft has assigned the problem only a “medium” exploitability rating, as the development of a reliable exploit for the hole is expected to be unlikely in the medium term, and it is generally expected to result only in a system crash. A successful attacker would also need to know the victim’s Bluetooth address. However, as Windows systems are not in discovery mode by default, there is no simple way for potential attackers to obtain the address.