In addition to the gaggle of security updates Microsoft is rolling out this week, there’s a particularly serious vulnerability that has been announced. This vulnerability is not issued against software of the operating system, but instead is at the firmware level.
A security vulnerability exists in certain Trusted Platform Module (TPM) chipsets. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. After you have installed software and/or firmware updates, you will need to re-enroll in any security services you are running to remediate those services.
Hardware manufacturers will need to issue a firmware update to ultimately close the hole, but Microsoft says this issue has not been made publicly known until now so that the industry can create a coordinated plan. Microsoft has provided updates in this month’s other available security patches, and according to the company the operating system security updates should be applied before any firmware updates.
WARNING: Do NOT apply the TPM firmware update prior to applying the Windows operating system mitigation update. Doing so will render your system unable to determine if your system is affected.
Further information, including remediation, is available here: ADV170012 | Vulnerability in TPM could allow Security Feature Bypass
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!