[German]Microsoft have been used TPM chips from Infineon in Surface Pro 3. These chips probably contain vulnerabilities in some versions. Affected owners of a Surface Pro 3 should therefore install an TPM update.
I recently wrote something about attacks on Trusted Platform Mobile (TPM) chips in the article Security: TPM vulnerable; and dump mode for Intel ME. And almost exactly one year ago Microsoft addressed in ADV170012 a vulnerability (CVE-2017-15361) in TPM in an advisory (see my blog post Microsoft Surface: TPM updates, coil whine and LTE image).
At German site Dr. Windows I just read, that the CVE-2017-15361 vulnerability within the Surface Pro 3 TPM chips could cause attackers to bypass cryptographic functions and grab keys for bitlockers, PGP, YubiKey, or disk encryption in Chrome OS.
To find out exactly which Infineon TPM chips are affected by CVE-2017-15361, please visit this website. For affected devices, the device manufacturers probably provide a firmware update for the TPM chip. Microsoft has done this for Surface Pro 3, but the TPM update will probably have to be installed manually.
Microsoft has published KB4073006 about updating the TPM on Surface devices on Jun 2018. There is also an article Install and use the Surface Pro 3 Trusted Platform Module (TPM) update tool from July 2018, that addresses this topic. German MVP and blogger Ralf Eiberger has also a (German) blog post TPM Update beim Surface Pro 3 (Google Translate), describing in detail, how to update TPM on a Surface Pro 3.
Cookies helps to fund this blog: Cookie settings