#VU8322 Spoofing in Windows and Windows Server - CVE-2017-8628
Published: September 12, 2017 / Updated: September 12, 2017
Vulnerability identifier: #VU8322
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8628
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
A remote attacker can perform spoofing attack.
A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker can perform a MitM (Man-in-the-Middle) attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.
A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker can perform a MitM (Man-in-the-Middle) attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.
Remediation
Install updates from vendor's website.