1. Forum
  2. Usenet
  3. ALT.COMP.OS.WINDOWS-10

  • Trusted Platform Module (TPM) Vulnerability

    From wasbit@21:1/5 to All on Mon Jul 8 10:14:45 2024
    FYI
    Eclypsium, a security firm, recently discovered a vulnerability in the system-board firmware supporting the Trusted Platform Mode (TPM) for a
    wide range of Intel processors.

    - https://www.askwoody.com/newsletter/free-edition-finding-the-achilles-heel-of-tpm/

    Eclypsium blog
    - https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/

    --
    Regards
    wasbit

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From VanguardLH@21:1/5 to wasbit on Mon Jul 8 15:55:04 2024
    wasbit <[email protected]> wrote:

    FYI
    Eclypsium, a security firm, recently discovered a vulnerability in the system-board firmware supporting the Trusted Platform Mode (TPM) for a
    wide range of Intel processors.

    - https://www.askwoody.com/newsletter/free-edition-finding-the-achilles-heel-of-tpm/

    Eclypsium blog
    - https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/

    There have been prior vulnerabilities in both 1.0 and 2.0 of TPM. This
    one looks to be with the UEFI code calling TPM functions. If you don't
    use Bitlocker, or some other feature of Windows that uses TPM, why not
    just disable it in the BIOS?

    I don't need TPM either as a module nor as firmware in the UEFI (e.g.,
    Intel's Platform Trust Technology or AMD fTPM) for anyting I use under
    Windows 10. I don't use BitLocker, and use Veracrypt instead (successor
    to TrueCrypt). I don't use Bitlocker, Windows Hello, Hyper-V with VMs
    that have a virtual TPM, or Secure Boot. However, this is my personal computer, not a corporate workstation or portable. In fact, disabling TPM/IntelPTT feature in the UEFI eliminates Windows Update from
    bothering me with offers to upgrade to Windows 11.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From VanguardLH@21:1/5 to winston on Mon Jul 8 22:02:19 2024
    winston <[email protected]> wrote:

    There have been prior vulnerabilities in both 1.0 and 2.0 of TPM. This
    one looks to be with the UEFI code calling TPM functions. If you don't
    use Bitlocker, or some other feature of Windows that uses TPM, why not
    just disable it in the BIOS?

    Waste of time, if no one(besides you) else has physical access to the
    device and the ability to exploit the weakness.

    Yep, but neither is a deterrent to a spy or gov't that wants to implant something on your computer at home or work. I don't think the
    vulnerabilities are addressing end users on their home PCs nearly as
    much as company or gov't workstations. Lots of vulnerabilities are of importance only to sensitive hosts or to paranoids (those that really
    don't have anything valuable beyond their personal lives but which could
    be divulged without ever touching your computer).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)