🟠 High | Source: Microsoft Security Response Center
A heap-based buffer overflow vulnerability in the Windows Bluetooth Port Driver allows an attacker on the same network segment to execute arbitrary code on a target machine without any authentication. The flaw is exploitable over an adjacent network, meaning an attacker needs to be physically or logically nearby — such as on the same Wi-Fi or Bluetooth range — rather than reaching the target from the internet. This makes it particularly relevant for shared or co-located environments, including cloud-connected endpoints and hybrid worker devices.
Security Architect’s Take: Prioritise patching any Windows endpoints and Azure-connected hybrid nodes running the vulnerable Bluetooth driver, particularly shared or co-located infrastructure where network adjacency cannot be guaranteed. As a supplementary control, consider enforcing policies to disable Bluetooth on servers and cloud-connected devices where it is not operationally required.
Original advisory: CVE-2026-42975 Windows Bluetooth Port Driver Remote Code Execution