Staying on an old and unsecure OS sure is a solution, but it’s incredibly fucking stupid.
At least you could install Linux and use an old Windows version inside a VM instead of running a vulnerable system on bare metal. That way you can still use Windows when you need to.
I am not sure if it required a blob or not but I use an ASUS USB-BT500 on my Arch system and I only installed the bluez package for it to work (and bluedevil for the GUI on KDE).