CVE-2026-23671

Q: What is the severity of CVE-2026-23671?

CVE-2026-23671 has a CVSS score of 7.0 (HIGH). A race condition vulnerability in Windows Bluetooth RFCOM Protocol Driver allows an authenticated attacker to execute code with elevated privileges on the local system. This affects Windows systems with Bluetooth functionality enabled. Attackers need local access to exploit this vulnerability.

7.0 HIGH

📋 TL;DR

A race condition vulnerability in Windows Bluetooth RFCOM Protocol Driver allows an authenticated attacker to execute code with elevated privileges on the local system. This affects Windows systems with Bluetooth functionality enabled. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Windows Bluetooth RFCOM Protocol Driver

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Bluetooth functionality to be enabled and attacker to have local authenticated access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM-level privileges, allowing installation of malware, data theft, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation from standard user to administrator/SYSTEM privileges, enabling lateral movement and further exploitation.

🟢

If Mitigated

Limited impact with proper access controls, monitoring, and patching in place.

🌐 Internet-Facing: LOW - Requires local access and authentication; not directly exploitable over internet.

🏢 Internal Only: HIGH - Significant risk from insider threats or attackers who gain initial foothold through other means.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires race condition exploitation which can be challenging but feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23671

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Check for updates
3. Install all security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Disable Bluetooth RFCOM Protocol

windows

Disable the vulnerable Bluetooth RFCOM protocol driver to prevent exploitation

sc config bthrfcom start= disabled
sc stop bthrfcom

Disable Bluetooth Service

windows

Completely disable Bluetooth service if not required

sc config BluetoothUserService start= disabled
sc stop BluetoothUserService

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Enable Windows Defender Exploit Guard and configure Attack Surface Reduction rules

🔍 How to Verify

Check if Vulnerable:

Check Windows version and installed updates against Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify security update KB number is installed via 'wmic qfe list' or Settings > Update & Security > View update history

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Bluetooth services
Privilege escalation attempts
Unexpected driver loading

Network Indicators:

Local Bluetooth protocol anomalies

SIEM Query:

EventID=4688 AND (ProcessName LIKE '%rfcom%' OR ParentProcessName LIKE '%rfcom%') AND NewProcessName NOT LIKE '%system%'

📊 Metadata

CVE ID: CVE-2026-23671

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-362

Published: March 10, 2026

Last Updated: March 13, 2026

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23671 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows 11 26h1 by Microsoft

Windows 11 26h1 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Bluetooth RFCOM Protocol

Disable Bluetooth Service

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities