Cybersecurity researchers at Quarkslab have discovered two vulnerabilities in the Trusted Platform Module (TPM) 2.0 that could mean serious problems for “billions” of devices.
TPM 2.0 is a chip that PC manufacturers have included in motherboards since mid-2016. The technology, Microsoft explains, is intended to provide “security-related features.” The chip helps to generate, store and limit the use of cryptographic keys.
The company further explains that many TPMs contain physical security mechanisms that make them tamper-proof.
TPM 2.0 error
Now, researchers Francisco Falcon and Ivan Arce have discovered out-of-scope read (CVE-2023-1017) and out-of-scope write (CVE-2023-1018) vulnerabilities that could allow cybercriminals to escalate privileges and steal sensitive data from sensitive endpoints (opens in a new tab). The impact of defects may vary depending on the supplier, Beeping Computer he said.
The CERT Coordination Center has published a defect warning and says it has been notifying suppliers for months, however only a few entities have confirmed that they are affected.
“An attacker who has access to the TPM command interface could send maliciously crafted commands to the module and trigger these vulnerabilities,” CERT warned. “This allows read-only access to sensitive data or overwriting normally protected data that is only accessible by the TPM (e.g. cryptographic keys).”
Organizations concerned about these bugs should upgrade to one of these patched versions:
TMP 2.0 v1.59 Errata in version 1.4 or later
TMP 2.0 v1.38 Errata on version 1.13 or later
TMP 2.0 v1.16 Errata on version 1.6 or later
Apparently, Lenovo is the only major OEM to issue a warning about these flaws already, and others will hopefully soon follow suit.
To exploit this vulnerability, an attacker would need to have authenticated access to the device. However, any malware already running on an endpoint will meet this prerequisite, the researchers warn.
By: Beeping Computer (opens in a new tab)