What's new

Infineon Technologies Trusted Platform Modules (TPMs), Security Feature Bypass Vulnerability

ThienBui

Techniques
Supporter
Resolution



Recommended Actions:

Step 1: Apply All Microsoft® Windows Operating Systems Security Updates.

Step 2: Determine devices in your organization that are affected - Use event log entries.

NOTE: After the applicable Windows update is applied, the system will generate Event ID 1794 in the Event Viewer after each reboot under Windows Logs - System when vulnerable firmware is identified. On devices running Windows 10 that have the October 2017 security update installed, in a CMD prompt, type "TPM.MSC" to open the Trusted Platform Module (TPM) Management snap-in. Devices with affected TPM modules will display the following error message: (Shown Below)

  • "The TPM is ready for use. The TPM firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572."
  • If you determine that you do not have an Infineon® TPM capable system then no further action is required.
  • If your PC is affected, go to Step 3 below to locate your PC model and firmware availability.
Step 3: Download and run the firmware update tool provided by Toshiba



IMPORTANT NOTE: Refer to Microsoft® Security TechCenter document before clearing & resetting TPM keys:( https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012 )


Downloads here

* What is a TPM?

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessors that can securely store critical data such as passwords, certificates and encryption keys. TPM is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and is used for secured crypto processes within computing devices as well as for secured storage of critical data. TPMs are typically used in business laptops, routers and embedded and IoT devices. The technical TPM specification was written by an industry consortium called Trusted Computing Group (TCG).
 
Back
Top