CVE-2021-1684: Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this…

medium5.5CVSS 3.1

AVLACLPRLUINSUCHINAN

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

Affected

38 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10_version_1507	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1607	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1803	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1809	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1909	>= 10.0.0 < publication	publication
microsoft	windows_10_version_2004	>= 10.0.0 < publication	publication
microsoft	windows_10_version_20h2	>= 10.0.0 < publication	publication
microsoft	windows_8.1	>= 6.3.0 < publication	publication
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012_r2	>= 6.3.0 < publication	publication
microsoft	windows_server_2016	—	—
microsoft	windows_server_2016	—	—
microsoft	windows_server_2016	—	—
microsoft	windows_server_2016	>= 10.0.0 < publication	publication
microsoft	windows_server_2019	>= 10.0.0 < publication	publication
microsoft	windows_server_version_2004	>= 10.0.0 < publication	publication
microsoft	windows_server_version_20h2	>= 10.0.0 < publication	publication
msrc	windows_10	—	—
msrc	windows_10_version_1607	—	—