Surface Pro 3 owners in here may be aware of the publicly available exploit that can bypass TPM on the device. It has been finally fixed.
CVE-2021-42299, also know as TPM Carte Blanche, was first discovered by Google security researchers. However, it has limited use. An attacker needs to know device owner's credentials or has physical access to the device.
CVE-2021-42299 allowed to poison the TPM and PCR logs to obtain false attestations. After that, it is possible to compromise the Device Health Attestation validation process.
For reference: Device Health Attestation is Microsoft's cloud service that validates TPM and PCR logs for endpoints, checks the state of certain security features including BitLocker, Secure Boot and a few more, and then report the result to Mobile Device Management (MDM).
A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks.
The situation allow the attacker to connect a specially configured bootable USB stick with Linux and then interfere with device's boot process and access its data. There is a proof of concept exploit code.
Microsoft confirmed that Surface Pro 3 is vulnerable. More recent Surface devices such as the Surface Pro 4, Surface Book are not vulnerable.
According to Bleeping Computer, the Redmond software giant has already issued a fix.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: