Microsoft fixes Floor Professional 3 TPM bypass with public exploit code

0
179

[ad_1]

Microsoft has patched a safety function bypass vulnerability impacting Floor Professional 3 tablets, enabling menace actors to introduce malicious units inside enterprise environments.
The safety flaw, dubbed TPM Carte Blanche by Google safety researchers who found it, is tracked as CVE-2021-42299 and might be exploited in excessive complexity assaults by attackers with entry to the proprietor’s credentials or bodily entry to the gadget.
Gadget Well being Attestation is a cloud and on-premises service that validates TPM and PCR logs for endpoints and informs Cellular Gadget Administration (MDM) options if Safe Boot, BitLocker, and Early Launch Antimalware (ELAM) are enabled, Trusted Boot is appropriately signed, and extra.
By exploiting CVE-2021-42299, attackers can poison the TPM and PCR logs to acquire false attestations, permitting them to compromise the Gadget Well being Attestation validation course of.
“Gadgets use Platform Configuration Registers (PCRs) to report details about gadget and software program configuration to make sure that the boot course of is safe. Home windows makes use of these PCR measurements to find out gadget well being,” Microsoft explains.
“A susceptible gadget can masquerade as a wholesome gadget by extending arbitrary values into Platform Configuration Register (PCR) banks.”
“The attacker can put together a bootable Linux USB stick to attenuate the interactions required with the goal gadget (e.g., as an Evil Maid assault),” added Chris Fenner, the Google software program engineer who discovered the bug.
Advisory revealed the identical day PoC code was revealed
Fenner additionally revealed proof-of-concept (Poc) exploit code demonstrating how the flaw could possibly be exploited on Monday.
Although Microsoft lists the CVE-2021-42299 advisory as revealed throughout Patch Tuesday, on October twelfth, it posted it on Microsoft Safety Response Heart’s web site the identical day Fenner’s PoC was revealed on GitHub.
Moreover, regardless that a PoC exploit for the vulnerability has been revealed, Microsoft does not record it as a publicly disclosed flaw.
Microsoft confirmed Fenner’s findings that the Floor Professional 3 is uncovered to assaults if not patched. More moderen Floor units such because the Floor Professional 4, Floor Guide aren’t susceptible.
Whereas the Floor Professional 3 was launched in June 2014 and discontinued in November 2016, Redmond says units from different distributors may be susceptible to TPM Carte Blanche assaults and that it tried to inform all affected distributors of the difficulty.
“It’s attainable that different units, together with non-Microsoft units, utilizing an identical BIOS may additionally be susceptible,” Microsoft mentioned.
A Microsoft spokesperson was not accessible for remark when contacted by BleepingComputer earlier at present for extra particulars.

[ad_2]