A pair of new vulnerabilities have been found within the TPM 2.0 Library by a cybersecurity company by the name of Quarkslab. These vulnerabilities have the potential to be a threat to billions of devices
These vulnerabilities involve the Trusted Platform Module, TPM for short, which is, ironically, used to improve the security of your PC and securely create and store cryptographic keys, to confirm that the operating system and firmware on your device are what they’re supposed to be and haven’t been tampered with. TPM is one of the requirements for Windows 11. According to QuarksLab two vulnerabilities CVE-2023-1017 and CVE-2023-1018 have been found in TPM 2.0 which concern an out-of-bounds-write and an out-of-bounds-read. These issues require the attacker to really know what they are doing for them to take advantage of these vulnerabilities.
The Trusted Computing Group (TCG) which is behind the TPM standard have released an errata on how to address these vulnerabilities and noted that “these shortcomings are the result of a lack of necessary length checks, resulting in buffer overflows that could pave the way for local information disclosure or escalation of privileges.” TCG recommends that vendors should apply the updates to address the flaws, which for us means that we will likely see an update from major hardware vendors to address this issue shortly.
What do you think of this? Let us know in the comments.
As Computex 2024 approaches, the tech industry buzzes with anticipation for a series of high-profile…
MSI, a key player in the graphics card market, appears to be shifting its focus…
TeamGroup has once again proven its prowess in the field of memory product innovation by…
Konami's eFootball has reached a staggering 750 million downloads worldwide. This milestone comes as the…
Just a few hours after its release on Steam alone Manor Lords has already managed…
FORTY YEARS OF WRESTLEMANIA WrestleMania is the biggest event in sports entertainment, where Superstars become…