14 DAY TRIAL // A vulnerability discovered in Toshiba’s Bluetooth Stack for Windows and Service Station can be used by attackers to gain system privileges on a computer running the affected software versions.
With elevated privileges on the machine, a threat actor has the possibility to take control of the computer by executing malicious programs, or to alter or delete information stored on the hard disk.
The security flaw has received the CVE-2015-0884 identifier and it is a path privilege escalation vulnerability with a CVSS base score of 5.3, as per information from the Computer Emergency Response Team (CERT) division at Carnegie Mellon University.
Successful exploitation requires local authentication, which makes compromising the system more difficult. Credited for its discovery is Giovanni Delvecchio from SmartNet.
Toshiba released updates for the vulnerable products and urges users to apply them immediately. The software builds mitigating the risk are 9.10.32 for Bluetooth Stack for Windows and 2.2.14 for Service Station.
In a security advisory, the company offers instructions on how a user can determine if the software version installed is vulnerable and how to apply the update. The fresh releases are available from Toshiba’s support page.
The company warns that if its Bluetooth Stack for Windows is not pre-installed on the machine, it may be added by software related to the Bluetooth adapter.