TPM 2.0 security has been compromised and revealed to be vulnerable to hackers.
The TPM (Trusted Platform Module) is designed to protect your device from hackers. As a result, Microsoft has made it mandatory to have a TPM 2.0 module to run the latest version of Windows 11. Although the TPM chip is intended to secure your computer, it still has flaws, and there is always a risk of security compromise.
Microsoft’s Windows 11 requires TPM for security features such as Device Encryption, Windows Defender System Guard (DRTM), Measured Boot, and Device Health Attestation. While TPM enhances protection and is effective at keeping sensitive information secure and encrypting data, other operating systems like Linux also support TPMs. Still, they do not have a strict requirement for using the OS.
According to a report published by Bleeping Computer, two newly-discovered vulnerabilities in TPM 2.0 allow hackers to execute malicious code that gives them access to data from billions of users and escalated privileges on your device. This also enables attackers to access or overwrite sensitive data. As a result of this flaw, hackers can steal cryptographic keys and other sensitive information.
It is recommended to only give access to your device to trusted users and to use signed applications from reputable vendors. Additionally, you should update your laptop as soon as updates become available for your device. All users running Windows 10 or Windows 11 with TPM 2.0 can safely assume they are being impacted.
- TPM 2.0 v1.59 Errata version 1.4 or higher
- TPM 2.0 v1.38 Errata version 1.13 or higher
- TPM 2.0 v1.16 Errata version 1.6 or higher
The Trusted Computing Group (TCG) has identified that the solution to the problem involves using one of the fixed versions of the TPM Specification. However, OEMs can only resolve this once Windows 11 users limit physical access to their devices.
The TPM 2.0 vulnerabilities were discovered by Quarkslab’s researchers Francisco Falcon and Ivan Arce. The vulnerabilities are tracked as CVE-2023-1017 (out-of-bounds read) and CVE-2023-1018 (out-of-bounds write). The CERT Coordination Center has published an alert for vendors for months. Lenovo is the only major OEM issuing a security advisory warning that CVE-2023-1017 impacts Nuvoton TPM 2.0 chips.
- Download Windows 11 Insider Preview 25324.1000 (rs_prerelease) AMD64 ISO: Complete Installation Guide, Windows 11 ISO Downloadby Romeshwar Prasad
- How to Mirror a Phone, Mac, or PC to an Amazon Fire TV Stickby Love Adhikari
- How to add your Amazon Fire Stick to a Samsung TVby Mehak
- How to split a bill on Google Payby Akhil Sharma
- Fix iPad Touchscreen Not Working Issueby Akhil Sharma