Microsoft has posted a new advisory warning of a protection bypass vulnerability impacting Surface area Professional 3 convertible laptops that could be exploited by an adversary to introduce destructive equipment within company networks and defeat the device attestation mechanism.
Tracked as CVE-2021-42299 (CVSS rating: 5.6), the difficulty has been codenamed “TPM Carte Blanche” by Google program engineer Chris Fenner, who is credited with identifying and reporting the attack approach. As of creating, other Surface units, including the Area Professional 4 and Surface area Guide, have been considered unaffected, though other non-Microsoft machines working with a equivalent BIOS may possibly be susceptible.
“Devices use Platform Configuration Registers (PCRs) to history information and facts about system and software package configuration to ensure that the boot procedure is protected,” the Windows maker observed in a bulletin. “Home windows makes use of these PCR measurements to establish device health and fitness. A susceptible gadget can masquerade as a wholesome device by extending arbitrary values into Platform Configuration Register (PCR) banking institutions.”
Nevertheless, it can be worthy of noting that pulling off an attack necessitates bodily access to a target victim’s device, or that a poor actor has had beforehand compromised a legitimate user’s qualifications. Microsoft claimed it has “attempted” to notify all afflicted suppliers.
Launched in Home windows 10, Unit Health Attestation (DHA) is an enterprise protection aspect that ensures shopper computers have reliable BIOS, Dependable Module Platform (TPM), and boot application configurations enabled such as early-start antimalware (ELAM), Secure Boot, and significantly much more. Place in different ways, DHA is developed to attest to the boot condition of a Home windows pc.
The DHA assistance achieves this by reviewing and validating the TPM and PCR boot logs for a machine to difficulty what is actually a tamper-resistant DHA report that describes how the system commenced. But by weaponizing this flaw, attackers can corrupt the TPM and PCR logs to get false attestations, properly compromising the System Wellbeing Attestation validation method.
“On a Area Professional 3 managing the latest platform firmware with SHA1 and SHA256 PCRs enabled, if the product is booted into Ubuntu 20.04 LTS, there are no measurements at all in the SHA256 financial institution minimal PCRs,” Fenner explained. “This is problematic mainly because this will allow arbitrary, phony measurements to be produced (from Linux userland, for instance) corresponding to any Windows boot log wished-for. An genuine SHA256 PCR estimate in excess of dishonest measurements can be requested making use of a respectable [Attestation Key] in the attached TPM.”
In a serious-world circumstance, CVE-2021-42299 can be abused to fetch a phony Microsoft DHA certification by obtaining the TCG Log — which data measurements made all through a boot sequence — from a target system whose health and fitness the attacker needs to impersonate, followed by deliver a legitimate health and fitness attestation request to the DHA assistance.
Supplemental specialized details about the attack and a proof-of-concept (PoC) exploit can be accessed from Google’s Safety Investigate repository here.