Sunday, 22 October 2017 18:44

Thoughts on the TPM Vulnerability ADV170012

Written by
Rate this item
(4 votes)

image

In a desperate effort to make this blog post worth reading and not go through the indignity of having to write about Windows 10 1709, I have turned to the headline-generating festival currently ongoing on the net: the vulnerability in Trusted Platform Module (TPM) produced by Infineon Technologies AG which could allow security feature bypass.

The debate over the security vulnerability in some of Infineon' TPM chipsets has been as long as it has been tedious, with the weakness theoretically allowing attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Authoritative voices with a far superior level of technical know-how than me (i.e. just about any other blog or a random 10-year old) will be able to fill you in on the details, but the whole story essentially boils down to whether or not you are affected by the security vulnerability in the RSA key generation method used by TPM products and if you are, how to remediate the issue.

Microsoft did not release any details how the vulnerability can be exploited and they did the right thing. The specifics aren't really important at this point because this decision gives companies some breathing room to assess the vulnerability and prepare remediation of affected services. Because this is the right thing to do.

Three things are important to note:

  1. This is a firmware vulnerability and not a vulnerability in the Windows operating system.
  2. As Keith Garner notes in his blog post Notes on Microsoft ADV170012 – TPM Madness: "A successful attack depends on conditions beyond the attacker’s control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected." 
  3. And finally, whenever or not you are directly affected and require direct remediation steps depends on the TPM specification you are using. For instance, the security of the BitLocker protection is affected only if the TPM firmware version is 1.2 because the keys the TPM protector uses are factorizable.

More practically, what this boils down to is that following manufacturers are affected: HP, Lenovo, Fujitsu and Toshiba. Dell systems appear not to be in danger since Dell Inc. (to my knowledge) does not use TPM chips produced by Infineon Technologies AG. 

Infineon issued firmware updates for Infineon’s Trusted Platform Modules based on TCG specification family 1.2 and 2.0 and affected manufacturers are in the process of releasing updates to customers that will address the vulnerability.

In the meantime, I decided to update my PowerShell script to support latest HP's TPM firmware updates. I do not have any Lenovo, Fujitsu or Toshiba hardware handy, so I would appreciate any help updating my script to support other manufacturers.

Read 411 times Last modified on Monday, 23 October 2017 10:24

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Recent Posts