Microsoft’s July 14, 2026 security update patches a high-severity remote code execution vulnerability in the Windows Bluetooth Port Driver. Labeled CVE-2026-42975, the flaw could let an attacker within Bluetooth range hijack an unpatched PC without any user interaction. The fix is part of the monthly Patch Tuesday release, and both Microsoft and security experts urge immediate installation, particularly on laptops, tablets, and any Windows device that moves outside the office.
A Deep-Dive into the Bluetooth Driver Flaw
CVE-2026-42975 is a heap-based buffer overflow (CWE-122) in the Windows Bluetooth Port Driver, a core component that manages Bluetooth radio communications. An attacker can exploit the vulnerability by sending specially crafted data over an adjacent network—meaning they must be within physical proximity of the target device, such as in the same room. The attack does not require authentication or prior access to the system.
The CVSS v3.1 score is 8.0, placing it in the "High" severity category. While not as critical as an internet-routable remote code execution flaw, the score reflects the potential for complete system compromise if an exploit lands. Microsoft's advisory confirms the vulnerability but says it has seen no evidence of active exploitation in the wild. However, the lack of public exploit code should not lull anyone into complacency; once the patch is available, reverse engineering of the fix could reveal enough detail for attackers to craft working exploits within days.
The vulnerable driver handles communication for all Bluetooth devices paired with Windows, from keyboards and mice to headphones and barcode scanners. Because the flaw lies in the operating system's Bluetooth stack, simply having Bluetooth enabled, even if no device is connected, may expose the system. Disabling Bluetooth entirely is a viable short-term workaround, as covered later.
Affected Windows Versions at a Glance
The vulnerability affects a broad swath of Windows releases, spanning Windows 10, Windows 11, and Windows Server. Microsoft has released fixes in the July 2026 cumulative updates for each supported version. Here is the list of vulnerable builds and the builds that contain the patch:
| Windows Version | Affected Build Range | Fixed Build |
|---|---|---|
| Windows 10 v1607 | Before 14393.9339 | 14393.9339 or later |
| Windows 10 v1809 | Before 17763.9020 | 17763.9020 or later |
| Windows 10 v21H2 | Before 19044.7548 | 19044.7548 or later |
| Windows 10 v22H2 | Before 19045.7548 | 19045.7548 or later |
| Windows 11 v24H2 | Before 26100.8875 | 26100.8875 or later |
| Windows 11 v25H2 | Before 26200.8875 | 26200.8875 or later |
| Windows 11 v26H1 | Before 28000.2269 | 28000.2269 or later |
| Windows Server 2012 | Before 9200.26226 | 9200.26226 or later |
| Windows Server 2012 R2 | Before 9600.23291 | 9600.23291 or later |
| Windows Server 2016 | Before 14393.9339 | 14393.9339 or later |
| Windows Server 2019 | Before 17763.9020 | 17763.9020 or later |
| Windows Server 2022 | Before 20348.5386 | 20348.5386 or later |
| Windows Server 2025 | Before 26100.33158 | 26100.33158 or later |
Server Core installations are also affected. The absence of a graphical desktop does not mean the Bluetooth driver is absent; many Server Core images still include the Bluetooth stack. Administrators should verify build numbers rather than assuming a server without a Bluetooth user interface is safe.
Some older Windows 10 and Windows Server versions listed may only receive updates through paid Extended Security Update (ESU) agreements. Organizations with these deployments must ensure they have active ESU licenses and that the July 2026 patches are being offered and applied.
Why This Matters to Everyday Windows Users and IT Pros
For Home Users and Small Businesses
If you use a Windows laptop or desktop with Bluetooth enabled for your wireless mouse, headphones, or phone sync, you are exposed. The attack requires someone to be physically close—within typical Bluetooth range of about 10 meters, though high-gain antennas can extend that. This means a coffee shop, airport lounge, co-working space, or even a crowded office elevator could be a hunting ground.
The good news: Fixing this is as simple as checking Windows Update and installing the latest cumulative update. There is no special configuration required; the driver is patched automatically with the update. If you see that the update is available, install it and restart your PC. If automatic updates are turned on, your device may already be protected.
To verify, press Win + R, type winver, and check that your OS build matches or exceeds the fixed build from the table above. For example, on Windows 11 24H2, you should see build 26100.8875 or later.
For IT Administrators and Managed Environments
This vulnerability should push Bluetooth-enabled mobile devices to the top of your patch priority list. Corporate laptops, tablets, and even some 2-in-1 devices often travel outside the office perimeter, where physical proximity attacks are more feasible. An executive's laptop at an industry conference, a field technician's tablet, or a nurse's workstation cart that uses Bluetooth barcode scanners—all become more attractive targets.
Servers with Bluetooth (including Server Core) represent a smaller but non-zero risk, especially if they are located in physically accessible areas. The adjacent attack vector means an attacker would need to get near the server itself, but in colocation facilities or branch offices, that's not impossible.
Here are key actions for IT teams:
- Deploy the July 2026 cumulative update through your standard patch management system (Windows Update for Business, WSUS, Intune, Configuration Manager, etc.).
- Audit devices to confirm the update installed successfully and the build number is correct. Don't rely solely on deployment success reports.
- Prioritize laptops and tablets that may have been on vacation or away from the corporate network. Use forced update policies where necessary.
- For devices that can't be updated immediately, consider disabling Bluetooth via Group Policy or MDM. This is a compensating control, not a permanent fix.
- Review Bluetooth service status on servers. If Bluetooth is not needed, disable it permanently using a baseline security configuration.
The Evolution of Windows Bluetooth Security
Bluetooth vulnerabilities have been a recurring theme in Windows security updates. The wireless protocol, while convenient, has a history of implementation flaws. Microsoft's Bluetooth stack has been hardened over the years, but as new code paths are introduced, new vulnerabilities emerge. In 2025, for instance, several Bluetooth-related denial-of-service issues were patched, but a heap overflow with code execution potential is a different beast.
CVE-2026-42975 is notable because it is a "confirmed" vulnerability per Microsoft's own rating. The advisory includes precise affected version ranges and a clear root cause. This is not speculation or a third-party report; Microsoft has analyzed the issue and shipped a fix. That confirmation gives defenders confidence that the risk is real and that patching is the only reliable mitigation.
The fact that the attack requires physical proximity might lead some to underestimate the threat, but history shows that proximity-based attacks are often used in targeted breaches. A well-resourced attacker could position a device in a lobby or outside a secure area to scan for vulnerable Bluetooth stacks. With remote work and business travel still common, individual users and enterprise endpoints are frequently in uncontrolled environments.
Immediate Actions to Secure Your Windows PC
Time is of the essence. Even though there's no known active exploit, the race begins as soon as the update is released. Attackers will dissect the patch to reverse-engineer the vulnerability, and because the attack vector is Bluetooth, it's inherently wireless and low-interaction. Here's exactly what to do:
-
Check for Updates Now
On a Windows PC, go to Settings > Windows Update and click "Check for updates." Install all pending updates, especially the one labeled "2026-07 Cumulative Update." Restart when prompted. -
Verify Your Build Number
After rebooting, check your OS build by runningwinveror going to Settings > System > About. Compare it to the fixed builds in the table above. If it's below the fixed version, the update did not install correctly. -
Temporary Bluetooth Disable (If You Can't Update Yet)
If for some reason you cannot install the update immediately—say, you're traveling and have metered data—you can disable Bluetooth to remove the attack surface.
- Quickest way: Click the network icon in the taskbar and toggle Bluetooth off.
- For a more permanent disable until you patch: Go to Settings > Bluetooth & devices and turn off Bluetooth. Then open Device Manager, find the Bluetooth adapter, right-click, and select "Disable device."
Note: This will disconnect all wireless peripherals. Re-enable after updating. -
For Enterprises: Enforce Policies
Use Group Policy or MDM to:
- Forbid Bluetooth on unpatched systems via policy.
- Force immediate update installation for vulnerable builds.
- Monitor compliance with build number auditing. -
Prioritize At-Risk Devices
Focus on laptops, tablets, and any machine that leaves a secured physical location. While desktops in locked offices are at lower risk, an unpatched laptop used at a coffee shop is a clear target.
What Comes Next
Microsoft's advisory says no active exploitation has been detected, but that status could change rapidly. The security community expects that proof-of-concept code may appear within weeks. Because the vulnerability is in a driver that handles external input, it's possible that a reliable exploit could be developed that works across multiple Windows versions. The proximity requirement may limit widespread automated attacks, but targeted attacks are a real concern.
In future Patch Tuesday updates, keep an eye out for any revisions to this CVE or related Bluetooth security improvements. Microsoft may also release out-of-band updates if active exploits are found. For now, the best defense is a simple but urgent one: apply the July 14, 2026 patch, and check that every Windows device in your care is running a safe build.