The AchieVer Posted June 13, 2019 Share Posted June 13, 2019 Why Bluetooth Devices No Longer Work After Installing June 2019 Windows Updates Select Bluetooth devices are no longer allowed to pair with Windows computers after installing the June 2019 security updates. Microsoft revealed in an advisory that it decided to block the pairing of devices using Bluetooth Low Energy (BLE) keys because of a security flaw that could allow an attacker to intercept pairing keys. “Microsoft is aware of an issue that affects the Bluetooth Low Energy (BLE) version of FIDO Security Keys. Due to a misconfiguration in the Bluetooth pairing protocols, it is possible for an attacker who is physically close to a user at the moment he/she uses the security key to communicate with the security key, or communicate with the device to which the key is paired,” it says. In other words, because of a bug in the Bluetooth pairing protocols, an attacker can intercept the pairing codes and then be able to connect to the target device without authorization. From this point on, it’s all up to the attacker to decide how much damage they want to do on the compromised system. Microsoft notes that any device that use well-known keys to encrypt connections might be disabled, and the company provides some resources for users whose devices might be impacted. First and foremost, the following updates are said to be blocking the pairing of insecure devices: KB4503293 or later LCU for Windows 10, version 1903. KB4503327 or later LCU for Windows 10, version 1809 and Windows Server 2019. KB4503286 or later LCU for Windows 10, version 1803. KB4503284 or later LCU for Windows 10, version 1709. KB4503279 or later LCU for Windows 10, version 1703. KB4503267 or later LCU for Windows 10, version 1607 and Windows Server 2016. KB4503291 or later LCU for Windows 10, version 1507. KB4503276 or later Monthly Rollup for Windows 8.1 and Windows Server 2012 R2. KB4503285 or later Monthly Rollup for Windows Server 2012 and Windows Embedded 8 Standard. KB4503290 for Windows 8.1 and Windows Server 2012 R2. KB4503263 for Windows Server 2012 and Windows Embedded 8 Standard. There’s not much you can do if the pairing of Bluetooth devices is not possible, albeit some options do exist. First of all, you should try to determine if your device is affected or not. To do this, you need to use the Event Log by launching the Event Viewer: Start menu > type Event Viewer > Run as administrator The event details are the following: Event Log System Event Source BTHUSB or BTHMINI Event ID 22 Name BTHPORT_DEBUG_LINK_KEY_NOT_ALLOWED Level Error Event Message Text Your Bluetooth device attempted to establish a debug connection. The Windows Bluetooth stack does not allow debug connection while it is not in the debug mode. If your computer is blocked from pairing with Bluetooth devices, you have three options: · Check the manufacturer website for your Bluetooth device to see if software updates are available · Uninstall the latest security updates to continue using the Bluetooth device (not recommended given security issues are involved) · Wait for additional options to be resolved and in the meantime avoid using the device Microsoft says customers are strongly recommended to install the June security updates for Windows, but it goes without saying that some might just choose to delay the patching because of this Bluetooth security issue. At this point, it’s not known how many Bluetooth devices are impacted, but given the bug targets all latest versions of Windows, including all Windows 10 releases so far (May 2019 Update is also on the list), blocking the pairing could help protect a significant number of users. Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.