Trusted Platform Module (TPM) Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Clients - Productivity Products
Multiple vulnerabilities were identified in Trusted Platform Module (TPM). An attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and elevation of privilege on the targeted system.
Trusted Platform Module (TPM) technology is a hardware-based solution that provides secure cryptographic functions to the operating systems on modern computers, making it resistant to tampering. TPM can be implemented in hardware form, virtual TPM's in Hypervisor form or in a purely software-based implementation. Hardware and software manufacturers use these specifications to build firmware that complies with standards and provides a secure interface to sensitive cryptographic data. TPM is employed in a variety of devices, from enterprise-grade hardware to Internet of Things (IoT) appliances.
Impact
- Information Disclosure
- Elevation of Privilege
System / Technologies affected
- Trusted Platform Module (TPM) 2.0 reference library specification Level 00, Revision 01.59 November 2019
Solutions
Apply any updates provided by hardware and software manufacturers. Updating the firmware of TPM chips may be necessary, and this can be done through an OS vendor or the original equipment manufacturer (OEM). Users can refer to the following link
沒有留言:
發佈留言