Endpoint Vulnerability

Microsoft: Encryption Key Negotiation of Bluetooth Vulnerability

Description

Executive Summary

Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as "Bluetooth Classic") key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the range of the Bluetooth devices in use. Using this specialized equipment, they would need to be close enough to communicate and interfere with the legitimate transmissions being made wirelessly. CERT/CC has issued CVE-2019-9506 and VU#918987 for this tampering vulnerability, which has a CVSS score of 9.3. To address the vulnerability Microsoft has released a software update that enforces a default 7-octet minimum key length to ensure that the key negotiation does not trivialize the encryption. This functionality is disabled by default when the update is installed. Customers must enable this functionality by setting a specific flag in the registry. When the flag is set, Windows software will read the encryption key size and reject the Bluetooth connection if it does not meet the defined minimum key size. If your particular Bluetooth device or the Bluetooth radio in your Windows device, or the driver for that Bluetooth radio does not support the longer key length, this update could block connections with that device when the registry key EnableMinimumEncryptionKeySize is set to a value of 1. Users who have issues connecting their Bluetooth devices after installing and enabling this functionality should check to see if their manufacturer is providing additional guidance on updates and mitigations. To enable this enforcement feature by using Registry Editor, follow these steps: Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
    Click Start, click Run, type Regedit in the Open box, and then click OK. Locate and then click the following registry subkey: HKLM\System\CurrentControlSet\Policies\Hardware\Bluetooth On the Edit menu, click Modify to modify the EnableMinimumEncryptionKeySize registry entry. In the Value data box, type 1, and then click OK. This sets the "EnableMinimumEncryptionKeySize"=dword value to 00000001 Exit Registry Editor. Restart the computer.
You then need to reset your Bluetooth device as follows:
    On the device, go to the Bluetooth Settings. Turn off Bluetooth. Open the Device Manager and locate the Bluetooth Controller. Right-click on the Bluetooth Controller and select Disable device. After the device is disabled, right-click again and select Enable device.
Computers with incompatible Bluetooth controllers or devices may have to temporarily or permanently set EnableMinimumEncryptionKeySize = 0 until controllers, firmware or drivers can be updated or the device itself updated. Bluetooth connections on computers in this state will not be secure. To disable this enforcement feature:
    Click Start, click Run, type Regedit in the Open box, and then click OK. Locate and then click the following registry subkey: HKLM\System\CurrentControlSet\Policies\Hardware\Bluetooth On the Edit menu, click Modify to modify the EnableMinimumEncryptionKeySize registry entry. In the Value data box, type 1, and then click OK. This sets the "EnableMin

Affected Products

Windows RT 8.1,Windows Server, version 1903 (Server Core installation),Windows Server 2016,Windows Server, version 1803 (Server Core Installation),Windows Server 2012,Windows 8,Windows 7,Windows 10,Windows Server 2008,Windows Server 2019

References

CVE-2019-9506,