Microsoft has reissued a critical patch for the Bluetooth stack in Windows XP, saying the original fix did not correct a vulnerability that a hacker could exploit to take control of a PC.
The original patch worked on Windows Vista, but failed to accomplish its task in Windows XP SP2 and SP3, Christopher Budd, a member of the Microsoft Security Response Center, said in the group's blog.
After releasing the patch in Security Bulletin MS08-30, Microsoft engineers "learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin," Budd said.
"Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not," he said.
The latest patch would be distributed through the same channels as the original fix, including Microsoft's Automatic Update tool.
A preliminary investigation of the original failing has found that it may be related to "two separate human issues," Budd said, offering no other details. "When we're done with our investigation, we'll take steps to better prevent it in the future."
The vulnerability within the Bluetooth stack, which handles communications over the wireless specification, would enable an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft labeled the flaw "critical."
Microsoft released the original fix June 10 in a package of seven security patches addressing 10 vulnerabilities. Three of the bulletins were rated "critical," three "important," and one "moderate."