CVE-2023-35634
📋 TL;DR
This vulnerability allows an unauthenticated attacker within Bluetooth range to execute arbitrary code on affected Windows systems by sending specially crafted packets. It affects Windows devices with Bluetooth enabled, potentially allowing full system compromise. The attacker must be within physical proximity of the target device.
💻 Affected Systems
- Windows Bluetooth Driver
📦 What is this software?
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
Windows 11 23h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM/administrator privileges, enabling data theft, ransomware deployment, persistence establishment, and lateral movement within the network.
Likely Case
Remote code execution with user-level privileges, allowing local privilege escalation to gain full system control and install malware.
If Mitigated
No impact if Bluetooth is disabled or device is out of physical range; limited impact with proper network segmentation and endpoint protection.
🎯 Exploit Status
Requires attacker to be within Bluetooth range and craft specific malicious packets. No authentication needed to initiate connection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Security updates from October 2023 or later (KB5031356 for Windows 10, KB5031354 for Windows 11)
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634
Restart Required: Yes
Instructions:
1. Install Windows Update from October 2023 or later. 2. Apply security update KB5031356 (Win10) or KB5031354 (Win11). 3. Restart system to complete installation.
🔧 Temporary Workarounds
Disable Bluetooth
windowsTurn off Bluetooth functionality to prevent exploitation
Settings > Devices > Bluetooth & other devices > Turn Bluetooth Off
PowerShell: Set-Service bthserv -StartupType Disabled; Stop-Service bthserv
Disable Bluetooth Discovery
windowsMake device non-discoverable to reduce attack surface
Settings > Devices > Bluetooth & other devices > More Bluetooth options > Uncheck 'Allow Bluetooth devices to find this PC'
🧯 If You Can't Patch
- Disable Bluetooth on all vulnerable systems immediately
- Implement physical security controls to restrict unauthorized personnel from being within Bluetooth range of critical systems
🔍 How to Verify
Check if Vulnerable:
Check Windows version and update status: winver.exe shows build number; pre-October 2023 updates are vulnerable if Bluetooth enabled.Check Version:
PowerShell: Get-HotFix | Where-Object {$_.HotFixID -like "KB503135*"} or systeminfo | findstr /B /C:"OS Name" /C:"OS Version"Verify Fix Applied:
Verify October 2023 security updates are installed: Settings > Update & Security > Windows Update > View update history, look for KB5031356/KB5031354.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs: Security logs showing unexpected Bluetooth connections, System logs with Bluetooth driver errors/crashes
Network Indicators:
- Unusual Bluetooth pairing requests from unknown devices, unexpected outbound connections from Bluetooth interface
SIEM Query:
DeviceLogonEvents | where DeviceName contains "Bluetooth" and ActionType == "LogonFailed" | summarize count() by DeviceName, Timestamp