Science & Technology

Microsoft warns about new security flaws affecting Surface Pro 3 devices

Microsoft has released a new advisory warning about security bypass vulnerabilities affecting Surface Pro 3 convertible laptops. It could be exploited by an attacker to introduce a malicious device into an enterprise network and disable the device authentication mechanism.

Tracked as CVE-2021-42299 (CVSS score: 5.6), the codename for this question is “TPM Carte Blanche“By Chris Fenner, a Google software engineer renowned for discovering and reporting attack techniques. At the time of writing, other Surface devices such as Surface Pro 4 and Surface Book are considered unaffected, but other non-Microsoft machines. Also uses something similar. The BIOS may be vulnerable.

Automatic GitHub backup

“The device uses the platform configuration register (PCR) Record information about device and software configurations to ensure that the boot process is safe, “the Windows manufacturer said in breaking news. “Windows uses these PCR measurements to determine the state of the device. Vulnerable devices can impersonate a healthy device by extending arbitrary values ​​to the Platform Configuration Register (PCR) bank. increase.”

However, be aware that launching an attack requires physical access to the target victim’s device, or a malicious attacker has previously compromised legitimate user credentials. please. Microsoft said it “tried” to notify all affected vendors.

Device Health Attestation introduced in Windows 10DHA) Is a company Security function This enables trusted BIOS, Trusted Module Platform (TPM), and boot software configurations such as Early Boot Antivirus (ELAM) and Secure Boot on the client computer. In other words, DHA is designed to prove the boot state of your Windows computer.

The DHA service accomplishes this by reviewing and validating the device’s TPM and PCR boot logs and issuing a tamper-proof DHA report that explains how to boot the device. However, using this flaw as a weapon, an attacker could corrupt the TPM and PCR logs to obtain false certifications, effectively jeopardizing the device health certification verification process.

Prevention of data leakage

“On a Surface Pro 3 running recent platform firmware with SHA1 and SHA256PCR enabled, if the device is booted with an Ubuntu 20.04 LTS, there are no measurements at low PCR in the SHA256 bank,” Fenner said. Stated. “This is problematic because it allows you to make any erroneous measurements (such as from Linux userland) that correspond to the required Windows boot log. Use legitimate SHA256 PCR estimates for erroneous measurements. You can request it. [Attestation Key] With the attached TPM. “

In a real-world scenario, a fake Microsoft DHA certificate could be exploited by exploiting CVE-2021-42299 to obtain a TCG log (which records measurements taken during the boot sequence) from a target device that an attacker wants to impersonate. May be fetched. Send a valid health attestation request to the DHA service.

addition Technical details With attack Proof of concept (PoC) Exploits can be accessed from Google’s Security Research repository here..

Microsoft warns about new security flaws affecting Surface Pro 3 devices Microsoft warns about new security flaws affecting Surface Pro 3 devices

Back to top button