MS08-030 - Critical (if you do not run bluetooth?)

["Eggleston, Mark" <meggleston () healthpart com>]

What are folks doing about this patch:

"MS08-030 - Critical
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution
(951376)
* This vulnerability only affects systems with Bluetooth capability."

Given the classic risk formula (Risk = Threat x Vulnerability) it is
logical to determine that if your desktops do not have Bluetooth
functionality and user's cannot install such devices, the attack vector
is cut off, so the threat is mostly non-existent, thereby making the
risk negligible.  

I am leaning towards patching as just part of good patch management
hygiene, but what would you do if you have no intention to deploy
Bluetooth on your devices?  

Regards,

Mark

This message, together with any attachments, is intended only for
the use of the individual or entity to which it is addressed. It
may contain information that is confidential and prohibited from
disclosure. If you are not the intended recipient, you are hereby
notified that any dissemination or copying of this message or any
attachment is strictly prohibited. If you have received this
message in error, please notify the original sender immediately by
telephone or by return e-mail and delete this message along with
any attachments, from your computer.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online information security 
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------