Microsoft Windows Bluetooth Driver CVE-2017-8628 Man in the Middle Spoofing Vulnerability

Microsoft Windows is prone to a security vulnerability that may allow attackers to conduct spoofing attacks.

An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible.

Information

Bugtraq ID: 100744
Class: Unknown
CVE: CVE-2017-8628

Remote: Yes
Local: No
Published: Sep 12 2017 12:00AM
Updated: Sep 14 2017 06:14PM
Credit: Ben Seri and Gregory Vishnepolsky of Armis, Inc.
Vulnerable: Microsoft Windows Server 2016 0
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows RT 8.1
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 version 1703 for x64-based Systems 0
Microsoft Windows 10 version 1703 for 32-bit Systems 0
Microsoft Windows 10 Version 1607 for x64-based Systems 0
Microsoft Windows 10 Version 1607 for 32-bit Systems 0
Microsoft Windows 10 version 1511 for x64-based Systems 0
Microsoft Windows 10 version 1511 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 for 32-bit Systems 0

Not Vulnerable:

Exploit

Attackers can use readily available tools to exploit this issue.

References:

• Microsoft Homepage (Microsoft)
  
• The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities (Ben Seri ??& Gregory Vishnepolsky)
  
• The IoT Attack Vector â??BlueBorneâ? Exposes Almost Every Connected Device (Armis)
  
• CVE-2017-8628 | Microsoft Bluetooth Driver Spoofing Vulnerability (Microsoft)
  
• VU#240311 Multiple Bluetooth implementation vulnerabilities affect many devices (CERT)
  

Source: www.securityfocus.com