Surface Pro 3 has got a fix against a TPM bypass exploit

Surface Pro 3 owners in here may be aware of the publicly available exploit that can bypass TPM on the device. It has been finally fixed.

Microsoft Surface Laptop Gen 1 Banner

CVE-2021-42299, also know as TPM Carte Blanche, was first discovered by Google security researchers. However, it has limited use. An attacker needs to know device owner's credentials or has physical access to the device.

CVE-2021-42299 allowed to poison the TPM and PCR logs to obtain false attestations. After that, it is possible  to compromise the Device Health Attestation validation process.

For reference: Device Health Attestation is Microsoft's cloud service that validates TPM and PCR logs for endpoints, checks the state of certain security features including BitLocker, Secure Boot and a few more, and then report the result to Mobile Device Management (MDM).

A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks.

The situation allow the attacker to connect a specially configured bootable USB stick with Linux and then interfere with device's boot process and access its data. There is a proof of concept exploit code.

Microsoft confirmed that Surface Pro 3 is vulnerable. More recent Surface devices such as the Surface Pro 4, Surface Book are not vulnerable.

According to Bleeping Computer, the Redmond software giant has already issued a fix.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisment

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer from Russia who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published. Required fields are marked *