Join Sign in
0800 527 867
Contact us >
THE LAPTOP COMPANY LTD
  • Browse Range ˅
    • All of Government
    • Apple
    • Dell
    • Dynabook Toshiba
    • HP
    • Lenovo
    • Microsoft Surface
    • Education Shop
    • Work from Home gear
    • All Products
  • Solutions
    • AOG Government Agencies >
      • All of Government Product Catalogues
      • AoG Broader Outcomes
      • Gateway
    • Modernise Your Workforce with Surface >
      • Surface Pro for Business Copilot+ PC Intel
      • Surface Laptop for Business Copilot+ PC Intel
      • Surface Copilot Plus
      • Surface Pro Copilot Plus 5G
      • Surface Laptop 6
      • Surface Pro 10
      • Modernise Your Workforce
      • Surface Repairability
      • Surface Windows 11 Migration
      • Microsoft for Healthcare
      • Microsoft Design and Construction
      • Surface Broader Outcomes
      • Switch to Surface
    • NEW HP EliteBook G1 >
      • HP EliteBook X G1
      • HP EliteBook 8 G1
      • Choose Your EliteBook G11 >
        • HP EliteBook 1040 G11
        • HP EliteBook 800 G11
        • HP EliteBook 600 G11
    • Ctrl with HP >
      • Which HP ZBook G11?
      • HP ZBook Power G11
      • HP Windows 11 Migration
      • HP Carbon Offsets
      • HP Premium+ Support
      • HP Sustainability
      • HP Fleets
    • Apple with TLC
    • Financial Sector
    • Higher Education
    • Local Government
    • Meeting rooms
    • Hybrid Work
    • Schools and Students >
      • Smarter Classrooms
  • Services
    • Modern Fleet Mgmt
    • Procurement services
    • Fleet leasing
    • Windows 11 Migration
    • Intune & Device mgmt
    • Autopilot & Device Deployment
    • Jamf - Apple Mgmt
    • UXx User Experiences
    • RecoverMax - trade-ins
    • Renew - fix & re-use
  • Support
    • Get Support
    • Surface Repairs
    • Apple Repairs
    • About Us
    • Terms and Conditions >
      • Terms of Sale
      • Terms and Conditions of Service
      • Returns and Refunds
      • Privacy
  • Insights

Infineon TPM Vulnerability

2/11/2017

 
In Brief
Researchers have discovered a serious vulnerability in Infineon Trusted Platform Module (TPM) cryptographic processors used to secure encryption keys in many PCs, laptops, Chromebooks and smartcards.

In cryptographic terms, the flaw in the way the public key encryption key pair is generated makes it possible for an attacker to work out private 1024-bit and 2048-bit RSA keys stored on the TPM simply by having access to the public key.  This would allow an attacker to remove encryption or alter information otherwise protected by the keys stored on the TPM.

What is TPM?
A TPM is a cryptographic chip built on to the motherboard of many (but not all) PCs and laptops as a secure place to store system passwords, certificates, encryption keys and even biometric data (e.g. for fingerprint login or Windows Hello).  The principle is that storing keys inside the TPM is a lot better than keeping them on the hard drive or letting them be managed by the operating system, both of which can be compromised.

Microsoft’s BitLocker uses a TPM. They can also be used for authentication (checking a PC is the one it claims to be) and attestation (that a system’s boot image hasn’t been tampered with), for example on Google’s Chromebooks.

Remediation for Windows Devices
Step 1: Apply all Microsoft Windows Operating System Security Updates
Step 2: Determine devices in your organization that are affected using event log entries.
NOTE: After the applicable Windows update is applied, the system will generate Event ID 1794 in the Event Viewer after each reboot under Windows Logs - System when vulnerable firmware is identified. On devices running Windows 10 that have the October 2017 security update installed, in a CMD prompt, type "TPM.MSC" to open the Trusted Platform Module (TPM) Management snap-in. Devices with affected TPM modules will display the following error message: (Shown Below)
  • "The TPM is ready for use. The TPM firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572."
  • If you determine that you do not have an Infineon® TPM capable system then no further action is required.
  • If your PC is affected, go to Step 3 below to locate your PC model and firmware availability. 
  • If your firmware is not yet available, Microsoft has provided the following mitigation process that is recommended until the release of the firmware update package.  
    • https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012
Step 3: Download and run the firmware update tool provided by the Hardware Vendor (Toshiba, HP, Lenovo, etc).
Step 4: Once the firmware update has been applied to vulnerable devices, additional steps may be required (e.g. devices where BitLocker is in use)

Links to firmware updates
The best source for up-to-date firmware links appears to be Infineon's website;
Information on TPM firmware update for Microsoft Windows
Direct manufacturer links from that page are;
  • HP
  • Lenovo
  • Toshiba

Comments are closed.

    The Laptop Company

    News and announcements

    Archives

    December 2019
    June 2019
    April 2019
    November 2018
    July 2018
    January 2018
    December 2017
    November 2017

    Contact Us
    x

      Contact us 

      Would you like to know more about these updates, or information about the services available from The Laptop Company?  For personal assistance during business hours, please call 0800 527 867.
    Send

.

Get in touch

About
Legal information
Contact
© COPYRIGHT THE LAPTOP COMPANY (LTD) 2022. ALL RIGHTS RESERVED.
Enquire >
Click here to Contact us
x
  • Browse Range ˅
    • All of Government
    • Apple
    • Dell
    • Dynabook Toshiba
    • HP
    • Lenovo
    • Microsoft Surface
    • Education Shop
    • Work from Home gear
    • All Products
  • Solutions
    • AOG Government Agencies >
      • All of Government Product Catalogues
      • AoG Broader Outcomes
      • Gateway
    • Modernise Your Workforce with Surface >
      • Surface Pro for Business Copilot+ PC Intel
      • Surface Laptop for Business Copilot+ PC Intel
      • Surface Copilot Plus
      • Surface Pro Copilot Plus 5G
      • Surface Laptop 6
      • Surface Pro 10
      • Modernise Your Workforce
      • Surface Repairability
      • Surface Windows 11 Migration
      • Microsoft for Healthcare
      • Microsoft Design and Construction
      • Surface Broader Outcomes
      • Switch to Surface
    • NEW HP EliteBook G1 >
      • HP EliteBook X G1
      • HP EliteBook 8 G1
      • Choose Your EliteBook G11 >
        • HP EliteBook 1040 G11
        • HP EliteBook 800 G11
        • HP EliteBook 600 G11
    • Ctrl with HP >
      • Which HP ZBook G11?
      • HP ZBook Power G11
      • HP Windows 11 Migration
      • HP Carbon Offsets
      • HP Premium+ Support
      • HP Sustainability
      • HP Fleets
    • Apple with TLC
    • Financial Sector
    • Higher Education
    • Local Government
    • Meeting rooms
    • Hybrid Work
    • Schools and Students >
      • Smarter Classrooms
  • Services
    • Modern Fleet Mgmt
    • Procurement services
    • Fleet leasing
    • Windows 11 Migration
    • Intune & Device mgmt
    • Autopilot & Device Deployment
    • Jamf - Apple Mgmt
    • UXx User Experiences
    • RecoverMax - trade-ins
    • Renew - fix & re-use
  • Support
    • Get Support
    • Surface Repairs
    • Apple Repairs
    • About Us
    • Terms and Conditions >
      • Terms of Sale
      • Terms and Conditions of Service
      • Returns and Refunds
      • Privacy
  • Insights