CVE-2021-1684

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified)

Description: The issue is related to an impersonation vulnerability in the Passkey Entry Protocol of the Bluetooth service in Windows operating systems. This vulnerability is associated with authentication errors and can allow an attacker to elevate their privileges and gain unauthorized access to protected information.

Recommendations: To address the vulnerability, apply the software update released by Microsoft, which will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key. As a temporary workaround, consider restricting access to the Bluetooth service until a patch is available. Avoid using the Bluetooth service for pairing devices until the issue is resolved.