Trusted Platform Module 2.0, better known as TPM 2.0, is a module whose specification details a secure cryptoprocessor that can store encryption keys to protect information. It was released mainly as a result of Microsoft making it a requirement to use Windows 11 smoothly and as an additional security measure, however, researchers have discovered two localized vulnerabilities in the TPM 2.0 reference library, so we We found a compromised security module.
The two vulnerabilities found in the TPM 2.0 library specification are exploited by overflow. Both security flaws, CVE-2023-1017 and CVE-2023-1018, consist of an out-of-bounds write (out-of-bounds) that open the door to write two additional bytes at the end of an order from the TPM 2.0 itself, within the routine CryptParameterDecryption.
If the attacker successfully exploits CVE-2023-1017, they will be able to perform a denial of service or running arbitrary code in the context of TPM, whereas with CVE-2023-1018 you can access sensitive data stored in the module that include cryptographic keys, passwords and other compromising data. Exploitation of both vulnerabilities is undetectable by other components present in the target device and also requires the execution of specifically designed commands.
Although TPM became famous mainly after it was established as a requirement for Windows 11, it is also present in many Internet of Things (IoT) devices. The IoT is one of the fronts that cause the most concern in the cybersecurity sector due to the large number of devices that are in operation and that do not have proper maintenance or are directly without maintenance, which has opened the door for them to be exploited by hacker groups that have managed to launch powerful DDoS attacks.
In the case of Windows 11, the operating system is capable of relying on TPM for features like DRM technologies, Windows Defender, and BitLocker Full Disk Encryption, among others.
The Trusted Computing Group (TCG), the body that maintains the TPM specification, has released an update to the TPM 2.0 specification library with instructions to address security flaws. For end users this translates into the update in the near future (or at least it should be) of the operating system and the firmware of the motherboard. On both fronts you have to apply updates to be protected from discovered vulnerabilities.
Images: Pixabay
