Yes, folks, you read that correctly – the new TPM 2.0 (Trusted Platform Module) security mechanism that Microsoft insisted everyone must have to enhance security includes a serious security flaw. This recently discovered vulnerability in TPM 2.0 could allow hackers to execute malicious code, which could then give them access to sensitive data and/or allow them escalated privileges on an affected PC.
- You also might like: The Sinister Truth About TPM
The vulnerabilities in TPM 2.0 were discovered by Quarkslab researchers Francisco Falcon and Ivan Arce who have said the flaws could impact billions of devices. The TPM 2.0 chip is supposed to be designed to help make Windows 11 PCs and other devices more secure, which makes the discovery of a serious security flaw in TPM 2.0 all the more concerning.
- For more information regarding this vulnerability, read the official advisory from the Trusted Computing Group (TCG), the developer of the TPM specification: TPM 2.0 library memory corruption vulnerabilities
Should You Be Concerned?
The major concern here is the sheer number of devices involved which, as the security researchers stated, could potentially number in the billions. However, while still of serious concern for the individual home user, it should be noted that exploitation of this vulnerability requires either authenticated hands-on access to the PC or for the user to inadvertently infect their system with malware that meets that condition.
Apparently, OEMs are aware of the vulnerability and are currently working on a fix. In the meantime, if your machine is among those impacted, to mitigate the risk you should:
- Limit access to your PC – make sure nobody else can physically access your PC
- Make sure your firmware and software are all completely up to date
- Make sure to download only reputable software from trusted sources
Final words: So much for the “Trusted” label. As Mr. Magoo might say… Aaah, Microsoft, you’ve done it again!