Microsoft Windows up to RT 8.1 Bluetooth Driver privilege escalation

Summaryinfo

A vulnerability was found in Microsoft Windows up to RT 8.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Bluetooth Driver. Such manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2023-21739. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.

Detailsinfo

A vulnerability was found in Microsoft Windows up to RT 8.1 (Operating System). It has been rated as critical. Affected by this issue is an unknown code of the component Bluetooth Driver. Impacted is confidentiality, integrity, and availability.

The weakness was shared 01/10/2023 as confirmed security guidance (Website). The advisory is shared for download at portal.msrc.microsoft.com. This vulnerability is handled as CVE-2023-21739. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 09/22/2025).

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-25906). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Microsoft

Name

• Windows

Version

• 8.1
• 10
• 10 20H2
• 10 21H2
• 10 22H2
• 10 1607
• 10 1809
• 11 21H2
• 11 22H2
• RT 8.1

License

• commercial

Website

• Vendor: https://www.microsoft.com/
• Product: https://www.microsoft.com/en-us/windows

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion