diff --git a/u2f-tests/BLE/BleApi/BleApiWinRT.cpp b/u2f-tests/BLE/BleApi/BleApiWinRT.cpp
index ad3d1a0..6c8b96e 100644
--- a/u2f-tests/BLE/BleApi/BleApiWinRT.cpp
+++ b/u2f-tests/BLE/BleApi/BleApiWinRT.cpp
@@ -25,6 +25,8 @@
 #include <collection.h>
 #include <comdef.h>
 
+#include <sddl.h>
+
 using namespace Platform;
 using namespace Platform::Collections;
 using namespace Concurrency;
@@ -56,10 +58,150 @@ inline std::runtime_error hresult_exception(std::string file, int line, HRESULT
 #define STRING_RUNTIME_EXCEPTION(x)		std::runtime_error( __FILE__ ":" + std::to_string(__LINE__) + ": " + x)
 #define CX_EXCEPTION(x)               HRESULT_RUNTIME_EXCEPTION(x->HResult)
 
+// From: https://github.com/pauldotknopf/WindowsSDK7-Samples/blob/master/com/fundamentals/dcom/dcomperm/SDMgmt.Cpp
+DWORD MakeSDAbsolute(
+  PSECURITY_DESCRIPTOR psidOld,
+  PSECURITY_DESCRIPTOR *psidNew
+)
+{
+  PSECURITY_DESCRIPTOR  pSid = NULL;
+  DWORD                 cbDescriptor = 0;
+  DWORD                 cbDacl = 0;
+  DWORD                 cbSacl = 0;
+  DWORD                 cbOwnerSID = 0;
+  DWORD                 cbGroupSID = 0;
+  PACL                  pDacl = NULL;
+  PACL                  pSacl = NULL;
+  PSID                  psidOwner = NULL;
+  PSID                  psidGroup = NULL;
+  BOOL                  fPresent = FALSE;
+  BOOL                  fSystemDefault = FALSE;
+  DWORD                 dwReturnValue = ERROR_SUCCESS;
+
+  // Get SACL
+  if (!GetSecurityDescriptorSacl(psidOld, &fPresent, &pSacl, &fSystemDefault))
+  {
+    dwReturnValue = GetLastError();
+    goto CLEANUP;
+  }
+
+  if (pSacl && fPresent)
+  {
+    cbSacl = pSacl->AclSize;
+  }
+
+  // Get DACL
+  if (!GetSecurityDescriptorDacl(psidOld, &fPresent, &pDacl, &fSystemDefault))
+  {
+    dwReturnValue = GetLastError();
+    goto CLEANUP;
+  }
+
+  if (pDacl && fPresent)
+  {
+    cbDacl = pDacl->AclSize;
+  }
+
+  // Get Owner
+  if (!GetSecurityDescriptorOwner(psidOld, &psidOwner, &fSystemDefault))
+  {
+    dwReturnValue = GetLastError();
+    goto CLEANUP;
+  }
+
+  cbOwnerSID = GetLengthSid(psidOwner);
+
+  // Get Group
+  if (!GetSecurityDescriptorGroup(psidOld, &psidGroup, &fSystemDefault))
+  {
+    dwReturnValue = GetLastError();
+    goto CLEANUP;
+  }
+
+  cbGroupSID = GetLengthSid(psidGroup);
+
+  // Do the conversion
+  cbDescriptor = 0;
+
+  MakeAbsoluteSD(psidOld, pSid, &cbDescriptor, pDacl, &cbDacl, pSacl,
+    &cbSacl, psidOwner, &cbOwnerSID, psidGroup,
+    &cbGroupSID);
+
+  pSid = (PSECURITY_DESCRIPTOR)malloc(cbDescriptor);
+  if (!pSid)
+  {
+    dwReturnValue = ERROR_OUTOFMEMORY;
+    goto CLEANUP;
+  }
+
+  ZeroMemory(pSid, cbDescriptor);
+
+  if (!InitializeSecurityDescriptor(pSid, SECURITY_DESCRIPTOR_REVISION))
+  {
+    dwReturnValue = GetLastError();
+    goto CLEANUP;
+  }
+
+  if (!MakeAbsoluteSD(psidOld, pSid, &cbDescriptor, pDacl, &cbDacl, pSacl,
+    &cbSacl, psidOwner, &cbOwnerSID, psidGroup,
+    &cbGroupSID))
+  {
+    dwReturnValue = GetLastError();
+    goto CLEANUP;
+  }
+
+CLEANUP:
+
+  if (dwReturnValue != ERROR_SUCCESS && pSid)
+  {
+    free(pSid);
+    pSid = NULL;
+  }
+
+  *psidNew = pSid;
+
+  return dwReturnValue;
+}
+
+
 BleApiWinRT::BleApiWinRT(BleApiConfiguration &configuration)
   : BleApi(configuration)
 {
   RoInitialize(RO_INIT_TYPE::RO_INIT_MULTITHREADED);
+
+  const char* security = "O:BAG:BAD:(A;;0x7;;;PS)(A;;0x3;;;SY)(A;;0x7;;;BA)(A;;0x3;;;AC)(A;;0x3;;;LS)(A;;0x3;;;NS)";
+
+  PSECURITY_DESCRIPTOR pSecurityDescriptor;
+  ULONG securityDescriptorSize;
+
+  if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
+    security,
+    SDDL_REVISION_1,
+    &pSecurityDescriptor,
+    &securityDescriptorSize))
+  {
+    throw STRING_RUNTIME_EXCEPTION("ConvertStringSecurityDescriptorToSecurityDescriptor failed.");
+  }
+
+  // MakeSDAbsolute as defined in
+  // https://github.com/pauldotknopf/WindowsSDK7-Samples/blob/master/com/fundamentals/dcom/dcomperm/SDMgmt.Cpp
+  PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor = NULL;
+  MakeSDAbsolute(pSecurityDescriptor, &pAbsoluteSecurityDescriptor);
+
+  HRESULT hResult = CoInitializeSecurity(
+    pAbsoluteSecurityDescriptor, // Converted from the above string.
+    -1,
+    nullptr,
+    nullptr,
+    RPC_C_AUTHN_LEVEL_DEFAULT,
+    RPC_C_IMP_LEVEL_IDENTIFY,
+    NULL,
+    EOAC_NONE,
+    nullptr);
+  if (FAILED(hResult))
+  {
+    throw HRESULT_RUNTIME_EXCEPTION(hResult);
+  }
 }
 
 BleApiWinRT::~BleApiWinRT(void)
diff --git a/u2f-tests/BLE/ChangeLog b/u2f-tests/BLE/ChangeLog
index 14a4431..0de4624 100644
--- a/u2f-tests/BLE/ChangeLog
+++ b/u2f-tests/BLE/ChangeLog
@@ -1,6 +1,10 @@
 
 U2F V1.1:
 
+1.2.1:
+* Workaround for Windows 10 Creators update bug.
+* Improve detection of Windows 10 Kits directories.
+
 1.2.0:
 * add 1.2 version bit.
 
diff --git a/u2f-tests/BLE/Makefile.win b/u2f-tests/BLE/Makefile.win
index 06e9d00..ee7c30f 100644
--- a/u2f-tests/BLE/Makefile.win
+++ b/u2f-tests/BLE/Makefile.win
@@ -4,11 +4,20 @@ ARCHIVENAME=BLECertTool
 7ZIP=C:\Program Files\7-Zip\7z.exe
 FEATURE_WINRT=1
 
+!IF [WindowsKit.bat >WindowsKit.inc]
+!ELSE
+!ERROR WindowsKit.bat failed.
+!ENDIF
+!INCLUDE WindowsKit.inc
+
 VS_PATH=C:/Program Files (x86)/Microsoft Visual Studio 14.0
-WINSDK_PATH=C:/Program Files (x86)/Windows Kits/10
+!IFNDEF WINDOWS_SDK
+WINDOWS_SDK = C:/Program Files (x86)/Windows Kits/10
+WINDOWS_SDK_PATHS =  $(WINDOWS_SDK_PATHS) -AI"C:/Program Files (x86)/Windows Kits/10/References/" -AI"C:/Program Files (x86)/Windows Kits/10/UnionMetaData/"
+!ENDIF
 
-MSSDK=$(WINSDK_PATH)
-MSTOOLS=$(WINSDK_PATH)
+MSSDK=$(WINDOWS_SDK)
+MSTOOLS=$(WINDOWS_SDK)
 
 !INCLUDE VERSION
 
@@ -31,12 +40,12 @@ CFLAGS = $(CFLAGS) -Gz
 #
 !IFDEF FEATURE_WINRT
 CFLAGS = $(CFLAGS) -DFEATURE_WINRT
-CFLAGS_WINRT = -ZW -Gm- -AI"C:/Program Files (x86)/Microsoft Visual Studio 14.0/VC/vcpackages" -AI"C:/Program Files (x86)/Windows Kits/10/References/"  -AI"C:/Program Files (x86)/Windows Kits/10/UnionMetaData/"
+CFLAGS_WINRT = -ZW -Gm- -AI"C:/Program Files (x86)/Microsoft Visual Studio 14.0/VC/vcpackages" $(WINDOWS_SDK_PATHS)
 !ELSE
 CFLAGS_WINRT =
 !ENDIF
 
-LDFLAGS = setupapi.lib ws2_32.lib
+LDFLAGS = setupapi.lib ws2_32.lib Advapi32.lib
 
 #
 ## Crypto code.
diff --git a/u2f-tests/BLE/VERSION b/u2f-tests/BLE/VERSION
index 12261b8..3e5d41c 100644
--- a/u2f-tests/BLE/VERSION
+++ b/u2f-tests/BLE/VERSION
@@ -1 +1 @@
-VERSION=1.2.0
\ No newline at end of file
+VERSION=1.2.1
\ No newline at end of file
diff --git a/u2f-tests/BLE/WindowsKit.bat b/u2f-tests/BLE/WindowsKit.bat
new file mode 100644
index 0000000..1bbabf4
--- /dev/null
+++ b/u2f-tests/BLE/WindowsKit.bat
@@ -0,0 +1,35 @@
+@echo OFF
+
+::
+::  This script extract the Windows Kit path from the registry.
+::
+
+setlocal ENABLEEXTENSIONS
+set KEY_NAME="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Kits\Installed Roots"
+set VALUE_NAME=KitsRoot10
+
+FOR /F "usebackq skip=2 tokens=1-2*" %%A IN (`REG QUERY %KEY_NAME% /v %VALUE_NAME% 2^>nul`) DO (
+    set ValueName=%%A
+    set ValueType=%%B
+    set ValueValue=%%C
+)
+
+@echo WINDOWS_SDK = %ValueValue:\=/%
+set found=0
+IF EXIST "%ValueValue%UnionMetaData\Windows.winmd"  (
+	set RefPath=-AI"%ValueValue:\=/%References/"
+	set UMDPath=-AI"%ValueValue:\=/%UnionMetaData/"
+	set found=1
+) ELSE (
+	FOR /F "usebackq skip=1 tokens=6 delims=\" %%A IN (`REG QUERY %KEY_NAME% /f "10.*" /k 2^>nul`) DO (
+		IF %found% == 0 IF EXIST "%ValueValue%UnionMetaData\%%A\Windows.winmd" (
+			set RefPath=-AI"%ValueValue:\=/%References/%%A"
+			set UMDPath=-AI"%ValueValue:\=/%UnionMetaData/%%A"
+			set found=1
+		)
+	)
+)
+if found==0 exit /b 0
+
+@echo WINDOWS_SDK_PATHS = $(WINDOWS_SDK_PATHS) %RefPath% %UMDPath%
+exit /b 1
\ No newline at end of file