Yes, folks, you read that correctly – the new TPM 2.0 (Trusted Platform Module) security mechanism that Microsoft insisted everyone must have to enhance security includes a serious security flaw. This recently discovered vulnerability in TPM 2.0 could allow hackers to execute malicious code, which could then give them access to sensitive data and/or allow them escalated privileges on an affected PC.
- You also might like: The Sinister Truth About TPM
The vulnerabilities in TPM 2.0 were discovered by Quarkslab researchers Francisco Falcon and Ivan Arce who have said the flaws could impact billions of devices. The TPM 2.0 chip is supposed to be designed to help make Windows 11 PCs and other devices more secure, which makes the discovery of a serious security flaw in TPM 2.0 all the more concerning.
- For more information regarding this vulnerability, read the official advisory from the Trusted Computing Group (TCG), the developer of the TPM specification: TPM 2.0 library memory corruption vulnerabilities
Should You Be Concerned?
The major concern here is the sheer number of devices involved which, as the security researchers stated, could potentially number in the billions. However, while still of serious concern for the individual home user, it should be noted that exploitation of this vulnerability requires either authenticated hands-on access to the PC or for the user to inadvertently infect their system with malware that meets that condition.
Apparently, OEMs are aware of the vulnerability and are currently working on a fix. In the meantime, if your machine is among those impacted, to mitigate the risk you should:
- Limit access to your PC – make sure nobody else can physically access your PC
- Make sure your firmware and software are all completely up to date
- Make sure to download only reputable software from trusted sources
Final words: So much for the “Trusted” label. As Mr. Magoo might say… Aaah, Microsoft, you’ve done it again!
—
As usual Microsoft have created a problem of their own making. In this case it really does serve them right. The Evil Empire has forced people to abandon PC’s that were perfectly capable of running Windows 11. No sympathy but unfortunately it is the PC manufacturers not Microsoft that will have to come up with a fix.
Jim if this can be fixed by a Bios software update then I thought the hole point (pun intended) of TPM was that it was contained burnt into a hardwired chip that couldn’t be changed ? And if it can be “fixed” by a simple software update that suggests that a very smart person might be able to exploit it again someday by software !
Hey Reg,
I am not 100% certain Reg but I assume this vulnerability will be fixed via a firmware update. Yes, you are correct, as is the case with most hardware, TPM relies on firmware (software), so the potential for exploitation is always a consideration. It’s up to the manufacturers to make sure their firmware is bullet proof.
I find it ironic in the extreme that a mechanism forced upon users by MS supposedly to boost security is itself insecure.
I think that what this was all about, was to sell new computers and the windows software, not so much a security issue, well it sounds like it backfired on them. Oh well!
I have a question and not sure where to start. Jim may be able to help.
Have you or anyone tried this software I am listing below or have tested it? I used it and it found 10 bots.
https://escanav.com/en/mwav-tools/download-free-antivirus-toolkit.asp
Hey Brian,
No, I haven’t tried that software as yet. I generally rely on either MBAM or Emsisoft Emergency Kit as second-opinion malware scanners.
Sorry, can’t be of much help on that one.
No worries. Just thought I would ask.
Thanks!