Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Exploits

New TPM 2.0 exploit attackers to access or overwrite sensitive data

Paul Anderson by Paul Anderson
March 5, 2023
in Exploits
0
New TPM 2.0 Exploit
9
SHARES
543
VIEWS
Share on FacebookShare on Twitter

Two buffer overflow vulnerabilities have been discovered in the Trusted Platform Module (TPM) 2.0 specification, which could give cybercriminals unauthorized access to or the ability to overwrite sensitive data such as cryptographic keys.

You might also like

Plex media server seen exploited in the wild utilizing a 3 year old RCE

Google reports a rise in ransomware attacks

Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

TPM is a hardware-based technology that offers secure cryptographic functions to operating systems. It is commonly used to store passwords, cryptographic keys, and other crucial data. As a result, any vulnerability in its implementation poses a significant security risk.

While a TPM is necessary for certain Windows security features like Measured Boot, Device Encryption, Windows Defender System Guard (DRTM), and Device Health Attestation, it is not mandatory for other commonly used features.

However, if a Trusted Platform Module is present, it provides an additional layer of security to protect sensitive information and encrypt data for Windows security features.

The TPM 2.0 specification gained widespread attention and controversy when Microsoft made it a requirement for running Windows 11. This was due to its ability to provide necessary boot security measures and guarantee reliable authentication with Windows Hello face recognition.

While Linux also supports TPMs, there are no mandatory requirements for the operating system to use the module. Nonetheless, Linux tools are available for users and applications to secure their data in TPMs.

The TPM 2.0 exploit

Researchers from Quarkslab, Francisco Falcon, and Ivan Arce have discovered new vulnerabilities in TPM 2.0 that could potentially affect billions of devices. The two vulnerabilities are known as CVE-2023-1017 (out-of-bounds read) and CVE-2023-1018 (out-of-bounds write).

The vulnerabilities arise due to how the TPM specification processes parameters for certain commands, which allows authenticated local attackers to exploit them by sending maliciously crafted commands to execute code within the TPM.

The Trusted Computing Group (TCG), the developer of the TPM specification, has issued a security bulletin warning that this could result in information disclosure or escalation of privileges.

According to TCG, the buffer overflow problems relate to reading or writing two bytes beyond the end of the buffer passed to the ExecuteCommand() entry point. The impact of this depends on the memory location and whether it contains live data or not.

The CERT Coordination Center has been alerting vendors about these vulnerabilities for months, but only a few have confirmed that they are affected. CERT warns that an attacker who has access to a TPM-command interface can send maliciously crafted commands to the module and trigger these vulnerabilities, leading to read-only access to sensitive data or overwriting of normally protected data like cryptographic keys.

Vendors who are impacted by these vulnerabilities should move to a fixed version of the specification, which includes:

  • TMP 2.0 v1.59 Errata version 1.4 or higher
  • TMP 2.0 v1.38 Errata version 1.13 or higher
  • TMP 2.0 v1.16 Errata version 1.6 or higher

Lenovo is the only major OEM that has issued a security advisory about the two TPM flaws so far, warning that CVE-2023-1017 impacts some of its systems running on Nuvoton TPM 2.0 chips.

While these vulnerabilities require authenticated local access to a device, it’s important to remember that malware running on the device would meet that condition. TPM is supposed to be a highly secured space, even from malware running on the device, so the practical importance of these vulnerabilities should not be downplayed.

Users are advised to limit physical access to their devices to trusted users, use only signed applications from reputable vendors, and apply firmware updates as soon as they become available for their devices.

Tags: TPM 2.0vulnerability
Share16Tweet8
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Plex media server seen exploited in the wild utilizing a 3 year old RCE

by Kyle
March 11, 2023
0
Plex RCE responsible-for lastpass breach

CISA, the cybersecurity and infrastructure agency, has included a severe remote code execution (RCE) vulnerability in the Plex Media Server, which is nearly three years old, in its...

Read more

Google reports a rise in ransomware attacks

by Paul Anderson
July 15, 2022
0
Google reports a rise in ransomware attacks

In the 3rd issue of the recently released, Threat Horizons, Google's Cybersecurity Action Team (GCAT) provides organizations with information about emerging risks and actionable mitigation. Bad actors have...

Read more

Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

by Christi Rogalski
July 11, 2022 - Updated on February 23, 2023
0
Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

Cross-site scripting, also known as XSS, attacks rank high on lists of common cybersecurity risks. It is the injection of malicious code into the web application to exploit...

Read more

Citrix exploit CWE-284 allows hackers to reset admin password

by Christi Rogalski
July 8, 2022
0
Citrix CWE-284 CVE-2022-27511 exploit

A critical bug has been identified in the Citrix Application Delivery Management console (ADM) that, if exploited, could lead to a serious security breach including allowing the attackers...

Read more

Follina Exploit Being Deployed by Chinese APT Group TA413

by Kyle
June 3, 2022
0
Chinese APT TA413

A Chinese state-sponsored hacking group, given the call sign "TA413", has been identified using the new Microsoft Office zero-day exploit, Follina, to launch attacks. Microsoft has tagged this...

Read more
Next Post
Acer corporate confirms breach – data being sold for Monero

Acer corporate confirms breach - data being sold for Monero

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.