A pair of new vulnerabilities have been found within the TPM 2.0 Library by a cybersecurity company by the name of Quarkslab. These vulnerabilities have the potential to be a threat to billions of devices
These vulnerabilities involve the Trusted Platform Module, TPM for short, which is, ironically, used to improve the security of your PC and securely create and store cryptographic keys, to confirm that the operating system and firmware on your device are what they’re supposed to be and haven’t been tampered with. TPM is one of the requirements for Windows 11. According to QuarksLab two vulnerabilities CVE-2023-1017 and CVE-2023-1018 have been found in TPM 2.0 which concern an out-of-bounds-write and an out-of-bounds-read. These issues require the attacker to really know what they are doing for them to take advantage of these vulnerabilities.
The Trusted Computing Group (TCG) which is behind the TPM standard have released an errata on how to address these vulnerabilities and noted that “these shortcomings are the result of a lack of necessary length checks, resulting in buffer overflows that could pave the way for local information disclosure or escalation of privileges.” TCG recommends that vendors should apply the updates to address the flaws, which for us means that we will likely see an update from major hardware vendors to address this issue shortly.
What do you think of this? Let us know in the comments.
DeepCool has just announced the ASSASSIN IV VC VISION CPU cooler, the latest in its…
Antec has just introduce the Antec Performance 1 M Aluminium ITX Gaming Case, which they…
INNO3D may have just given us a sneak peek at NVIDIA's next-generation graphics technology ahead…
Xbox continues to bring some of its "exclusive" titles to rival platforms, including Sony's PlayStation.…
Lords of the Fallen recently marked its first anniversary and is in far better shape…
The director of Final Fantasy 7 Rebirth is calling on fans to refrain from creating…