Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

ADV190024

Опубликовано: 12 нояб. 2019
Источник: msrc

Описание

Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)

Executive Summary

This advisory addresses CVE-2019-16863.

A security vulnerability exists in certain Trusted Platform Module (TPM) chipsets. The vulnerability weakens key confidentiality protection for a specific algorithm (ECDSA). It is important to note that this is a TPM firmware vulnerability, and not a vulnerability in the Windows operating system or a specific application. Currently no Windows systems use the vulnerable algorithm. Other software or services you are running might use this algorithm. Therefore if your system is affected and requires the installation of TPM firmware updates, you might need to re-enroll in security services you are running to remediate those affected services. For more details contact the TPM manufacturer - https://www.st.com/tpm-update.

Advisory Details

Important This vulnerability is present in a specific vendor’s TPM firmware that is based on Trusted Computing Guidelines (TCG) specification family 2.0, but not 1.2, and not in the TPM standard or in Microsoft Windows. Although Windows security features do not depend on the affected algorithm, third party software may rely on keys generated by the TPM and that would be affected by the vulnerability.

Even after a TPM firmware update is installed, you might need to carry out additional remediation steps to force regeneration of previously created affected TPM keys.

FAQ

1. What systems are at risk from these vulnerabilities?

  • Client Operating Systems Windows client systems are at increased risk due to the prevalence of TPM on client hardware systems. There are distinct advantages to using hardware encryption modules.
  • Server Operating Systems Servers with TPM modules.

2. What is a TPM?

See Trusted Platform Module Technology Overview

3. What is the associated CVE for this vulnerability?

See CVE-2019-16863

4. Have there been any active attacks detected?

No. When this security advisory was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

5. Has this vulnerability been publicly disclosed?

No. Microsoft received information about the vulnerability through coordinated vulnerability disclosure.

6. I have a Surface device. Is my device affected by this vulnerability?

No. Microsoft Surface devices do not have these chipsets installed.

Возможность эксплуатации

Publicly Disclosed

Yes

Exploited

No