CVE-2021-1683

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified)

Description: The issue is related to errors in authorization within the Bluetooth service of Windows operating systems. Exploitation of this issue may allow an attacker to elevate their privileges and gain unauthorized access to protected information. It is associated with an impersonation vulnerability in the Passkey Entry Protocol. For more information, the Bluetooth SIG has released a statement.

Recommendations: To address the vulnerability, apply the software update released by Microsoft, which will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key. As a temporary workaround, consider restricting the use of Bluetooth pairing until a patch is applied. Avoid using the Bluetooth service for sensitive operations until the issue is resolved.