Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Defense Digests
Table of content
Dataprise Defense Digest
ID: D3-2023-03-7
CVE-2023-1017 and CVE-2023-1018
Severity: TBA
Published: March, 7th 2023
Two buffer overflow vulnerabilities have been discovered in the Trusted Platform Module (TPM) 2.0 specification that could lead to attackers accessing or overwriting sensitive data such as cryptographic keys. These vulnerabilities can impact billions of devices that use TPMs, including those running on Windows 11. The vulnerabilities are tracked as CVE-2023-1017 and CVE-2023-1018. While only a few vendors have confirmed being impacted, users are advised to take necessary precautions such as limiting physical access to devices, using signed applications, and applying firmware updates as soon as possible.
TPM is a hardware-based technology used to provide operating systems with secure cryptographic functions. It is used to store cryptographic keys, passwords, and other critical data, making any vulnerability in its implementation a cause for concern. The newly discovered vulnerabilities in TPM 2.0 allow an authenticated local attacker to exploit them by sending maliciously crafted commands to execute code within the TPM. This could result in information disclosure or escalation of privileges, leading to unauthorized access to sensitive data. The impact of the vulnerabilities depends on what vendors have implemented on that memory location. It is important to note that these vulnerabilities require authenticated local access to a device, which could be achieved by malware running on the device.
The buffer overflow vulnerabilities in TPM 2.0 arise from how the specification processes the parameters for some TPM commands. The flaws allow an authenticated local attacker to exploit them by sending maliciously crafted commands to execute code within the TPM. This could result in information disclosure or escalation of privileges, leading to unauthorized access to sensitive data. The Trusted Computing Group, the developer of the TPM specification, explains that the buffer overflow problems concern reading or writing 2 bytes after the end of the buffer passed to the ExecuteCommand() entry point.
The impact of the vulnerabilities depends on what vendors have implemented on that memory location. If it is unused memory, the impact may be minimal. However, if it contains live data, such as cryptographic keys, the impact could be severe.
The solution for impacted vendors is to move to a fixed version of the specification, which includes TMP 2.0 v1.59 Errata version 1.4 or higher, TMP 2.0 v1.38 Errata version 1.13 or higher, or TMP 2.0 v1.16 Errata version 1.6 or higher. Lenovo is the only major OEM that has issued a security advisory about the two TPM flaws so far, warning that CVE-2023-1017 impacts some of its systems running on Nuvoton TPM 2.0 chips.
Users are recommended to take necessary precautions such as limiting physical access to their devices to trusted users, only using signed applications from reputable vendors, and applying firmware updates as soon as they become available for their devices. It is important to note that these vulnerabilities require authenticated local access to a device, which could be achieved by malware running on the device. Therefore, it is also recommended to use anti-malware software and to be vigilant against suspicious activities on devices.
INSIGHTS
Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.