The bulletin reads in part, as follows:
“These security updates address a security vulnerability by intentionally preventing connections from Windows to unsecure Bluetooth devices. Any device using well-known keys to encrypt connections may be affected, including certain security fobs.”
The reference to security fobs in the bulletin refers to Google’s BLE (Bluetooth Low Energy) Titan Security Keys with a T1 or T2 code and to the Feitian Multipass CTAP1/U2F Security Key. These were recalled last month when it was discovered that “an attacker who is physically close to you at the moment you use your security key – (within approximately 30 feet) – to a) communicate with your security key or b) communicate with the device to which your key is paired.”
Microsoft has blocked the pairing of these Bluetooth Low Energy keys with the pairing misconfiguration. If you experience a connectivity issue, check your Event Log to confirm that your device is affected. If it is, you’ll find the following message:
“Your Bluetooth device attempted to establish a debug connection. The Windows Bluetooth stack does not allow debug connection while it is not in the debug mode.”
The following updatees could lead to pairing and connectivity issues for some Bluetooth devices:
- KB4503293 or later LCU for Windows 10, version 1903
- KB4503327 or later LCU for Windows 10, version 1809 and Windows Server 2019
- KB4503286 or later LCU for Windows 10, version 1803
- KB4503284 or later LCU for Windows 10, version 1709
- KB4503279 or later LCU for Windows 10, version 1703
- KB4503267 or LCU for Windows 10, version 1607 and Windows Server 2016
- KB4503291 or later LCU for Windows 10, version 1507
- KB4503276 or later Monthly Rollup for Windows 8.1 and Windows Server 2012 R2
- KB4503285 or later Monthly Rollup for Windows Server 2012 and Windows Embedded 8 Standard
- KB4503290 for Windows 8.1 and Windows Server 2012 R2
- KB4503263 for Windows Server 2012 and Windows Embedded 8 Standard.