Microsoft says that certain Bluetooth devices might start experiencing pairing and connectivity issues after Windows users apply cumulative, security, or monthly rollup updates released today.
As detailed by the Windows support document published today by Microsoft, “These security updates address a security vulnerability by intentionally preventing connections from Windows to unsecure Bluetooth devices. Any device using well-known keys to encrypt connections may be affected, including certain security fobs.”
BLE Titan Security Keys and Feitian Multipass blocked
The security fobs part at the end refers to Google’s Bluetooth Low Energy (BLE) Titan Security Keys with a T1 or T2 code which were recalled last month and to the Feitian Multipass (Feitian CTAP1/U2F Security Key).
This happened after it was discovered that “an attacker who is physically close to you at the moment you use your security key — within approximately 30 feet — to (a) communicate with your security key, or (b) communicate with the device to which your key is paired.”
“Microsoft has blocked the pairing of these Bluetooth Low Energy (BLE) keys with the pairing misconfiguration,” says Redmond’s ADV190016 Bluetooth Low Energy Advisory.
More details regarding this vulnerability are available in the flaw’s CVE-2019-2102 entry in the Common Vulnerabilities and Exposures database.
Checking if a Bluetooth device is affected
Windows users who experience issues while pairing, connecting, or using their Bluetooth devices after having installed one of the updates released today by Microsoft should “contact the manufacturer of your Bluetooth device to determine if a device update exits.”
Customers can also check the Event Log to see if their Bluetooth devices are affected by looking for an event with the following message:
Impacted Windows updates
As detailed by Microsoft, installing the following cumulative updates (LCU), Monthly Rollups, or security updates could lead to pairing and connectivity issues for some Bluetooth devices: