Today, Windows OS maker, Microsoft fixed a security bypass vulnerability that affected several Surface Pro 3 tablets. The threat actors used to exploit this security vulnerability in Surface pro 2 Tablets and thereby introduce malicious devices into the enterprise environments.
The security flaw which was first discovered by security researchers is dubbed to be TPM Carte Blanche. The vulnerability tracked as CVE-2021-42299 can be abused by the threat actors who have the credentials to access the owner’s system or have physical access to the system.
Before we dig deep into the news, our users need to know about Device Health Attestation.
Basically, Device Health Attestation is a cloud and on-premises service that follows a validation process to check the TPM and PCR logs for endpoints and notifies Mobile Device Management (MDM) solutions.
By notifying, it ensures the BitLocker, Secure Boot, and Early Launch Antimalware (ELAM) settings are enabled. It also checks for Trusted Boot correctly signed, etc.
Now, the threat actors abuse the CVE-2021-42299 vulnerability and poison the TPM and PCR logs in order to get false health attestations. This, as a result, allows the threat actors to jeopardize and bypass the Device Health Attestation validation process.
Microsoft explains that the systems utilize Platform Configuration Registers or PCRs to register the device information as well as the software information to verify if the whole boot process is secure.
Windows utilize the PCR values to identify the health of a particular device or system.
An affected device can falsely show healthy values if a threat actor modifies arbitrary values into Platform Configuration Register (PCR) banks.
Google Software Engineer, Chris Fenner who found the bug said that the threat actor can create bootable sticks (Linux USB stick) to easily obtain access to the targeted device.
Meanwhile, Fenner published PoC exploit code explaining the possibilities of how the flaw could be exploited.
The advisory for CVE-2021-42299 was published on the official website of Microsoft Security Response Center, the same data when Fenner published the Proof-of-Concept on GitHub.
Additionally, Microsoft doesn’t list the vulnerability as a publicly disclosed flaw.
Microsoft also confirmed that the Surface Pro 4 and Surface Book aren’t vulnerable to security vulnerability.
However, other devices and possibly the non-Microsoft devices that use similar BIOS may be vulnerable to this issue.
Featured Image: https://www.microsoft.com/en-in
Looking for more Windows news? Signup for our newsletter and get the latest update.