"This one's sexy," said Marcus Carey, a security researcher with Rapid7. "It's classical spy kind of stuff, being able to access [a PC] using Bluetooth when [the victim] doesn't even know you're there. All [an attacker] would have to do is go to Washington, D.C. or northern Virginia, where lots of U.S. government employees work, and sit at a Starbucks or somewhere else with free Wi-Fi."

Windows XP is not affected by the vulnerability. Although the 10-year-old operating system supports Bluetooth, Microsoft rewrote its supporting code for Vista.

Microsoft also had MS11-053 at the top of its patch chart today, but cited several caveats to explain why it believes attackers will not be able to come up with a reliable exploit in the next month.

"Your system's 48-bit Bluetooth address is not 'discoverable' by default," said Jonathan Ness, an engineer with the Microsoft Security Response Center, in a today. "In the default state, an attacker must obtain your Bluetooth address another way -- either via brute forcing it or extracting it from Bluetooth traffic captured over-the-air."

The former could take an attacker hours, Ness added, while the latter requires specialized hardware that costs thousands.