Microsoft Resolves Security Bypass Vulnerability in Surface Pro 2 Tablets

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Today, Windows OS maker, Microsoft fixed a security bypass vulnerability that affected several Surface Pro 3 tablets. The threat actors used to exploit this security vulnerability in Surface pro 2 Tablets and thereby introduce malicious devices into the enterprise environments.

The security flaw which was first discovered by security researchers is dubbed to be TPM Carte Blanche. The vulnerability tracked as CVE-2021-42299 can be abused by the threat actors who have the credentials to access the owner’s system or have physical access to the system.

Before we dig deep into the news, our users need to know about Device Health Attestation.

Basically, Device Health Attestation is a cloud and on-premises service that follows a validation process to check the TPM and PCR logs for endpoints and notifies Mobile Device Management (MDM) solutions.

By notifying, it ensures the BitLocker, Secure Boot, and Early Launch Antimalware (ELAM) settings are enabled. It also checks for Trusted Boot correctly signed, etc.

Now, the threat actors abuse the CVE-2021-42299 vulnerability and poison the TPM and PCR logs in order to get false health attestations. This, as a result, allows the threat actors to jeopardize and bypass the Device Health Attestation validation process.

Microsoft explains that the systems utilize Platform Configuration Registers or PCRs to register the device information as well as the software information to verify if the whole boot process is secure.

Windows utilize the PCR values to identify the health of a particular device or system.

An affected device can falsely show healthy values if a threat actor modifies arbitrary values into Platform Configuration Register (PCR) banks.

Google Software Engineer, Chris Fenner who found the bug said that the threat actor can create bootable sticks (Linux USB stick) to easily obtain access to the targeted device.

Meanwhile, Fenner published PoC exploit code explaining the possibilities of how the flaw could be exploited.

The advisory for CVE-2021-42299 was published on the official website of Microsoft Security Response Center, the same data when Fenner published the Proof-of-Concept on GitHub.

Additionally, Microsoft doesn’t list the vulnerability as a publicly disclosed flaw.

Microsoft also confirmed that the Surface Pro 4 and Surface Book aren’t vulnerable to security vulnerability.

However, other devices and possibly the non-Microsoft devices that use similar BIOS may be vulnerable to this issue.

Featured Image:

Looking for more Windows news? Signup for our newsletter and get the latest update.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This