The vulnerability of the Intel Platform Trust Technology (PTT) platform for storing account data and managing keys, along with the microsoftware Intel Trusted Execution Engine (TXE) and Intel Server Platform Services, arises from the lack of protection for operational data. This allows attackers to gain access to the cryptographic keys stored in the Trusted Platform Module (TPM).

The vulnerability of the Intel Platform Trust Technology-based data storage and key management platform, along with the Intel Trusted Execution Engine software and Intel Server Platform Services, is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow a...

Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs. Trusted Platform Module TPM is a...

Microsoft Patches RCE Bug Actively Under Attack

A critical bug in a Microsoft scripting engine, under active attack, has been patched as part of Microsoft’s Patch Tuesday security roundup. The vulnerability exists in Internet Explorer and allows an attacker to execute rogue code if a victim is coaxed into visiting a malicious web page, or, if...

Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)

Executive Summary This advisory addresses CVE-2019-16863. A security vulnerability exists in certain Trusted Platform Module TPM chipsets. The vulnerability weakens key confidentiality protection for a specific algorithm ECDSA. It is important to note that this is a TPM firmware vulnerability, an...

Trusted Platform Module CVE-2019-16863 Unspecified Security Vulnerability

Description Trusted Platform Module is prone to an unspecified security vulnerability. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Technologies Affected STMicroelectronics Trusted Platform Module Trusted...

The vulnerability of UEFI (BIOS) software on HP workstations allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of UEFI BIOS software on HP workstations is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information, provided that the TPM module is disabled...

The vulnerability of UEFI (BIOS) software on HP workstations allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of UEFI BIOS software on HP workstations is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information, provided that the TPM module is disabled...

CVE-2019-6322

HP has identified a security vulnerability with some versions of Workstation BIOS UEFI Firmware where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default...

CVE-2019-6321

HP has identified a security vulnerability with some versions of Workstation BIOS UEFI Firmware where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default...

CVE-2019-1589

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

The vulnerability of microprogramming software to the Trusted Platform Module (TPM) cryptographic processor, related to security configuration errors, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of microprogramming software against the Trusted Platform Module TPM cryptographic processor is related to security configuration errors. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of microprogramming software to the Trusted Platform Module (TPM) cryptographic processor, related to security configuration errors, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of microprogramming software against the Trusted Platform Module TPM cryptographic processor is related to security configuration errors. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

CVE-2018-6622

An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group TCG Trusted Platform Module TPM 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can...

PT-2018-17713 · Mcafee · Mcafee Drive Encryption

Name of the Vulnerable Software and Affected Versions: McAfee Drive Encryption MDE versions 7.1.0 and above Description: The issue allows physically proximate attackers to bypass local security protection via a specific set of circumstances. This is related to an Authentication Bypass vulnerabili...

Microsoft Windows: Require additional authentication at startup (TPM startup key)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winaddauthtpmstartupkey.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Require additional authentication at startup: Configure TPM startup key Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH...

ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM

A potential security vulnerability known as “ROCA: Vulnerable RSA Generation” has been identified with the RSA keys generated by the HP Trusted Platform Module TPM Accessory and printers equipped with a TPM. This vulnerability could potentially be exploited remotely to allow remote disclosure of...

IBM Flex System x222 servers IMM2 Information Disclosure Vulnerability

The IBM Flex System x222 servers are an x222 series blade server from IBM in the U.S. Integrated Management Module II IMM2 is one of the... A security vulnerability exists in the TPM of IMM2 on IBM Flex System x222 servers, which stems from a failure to properly configure it. A remote attacker...

April 17, 2018—KB4093117 (OS Build 15063.1058)

April 17, 2018—KB4093117 OS Build 15063.1058 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running ...

Siemens SIMATIC Industrial PCs

CVSS v3 5.9 ATTENTION: Remotely exploitable Vendor: Siemens Equipment: SIMATIC Industrial PCs Vulnerability: Cryptographic Issues AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of SIMATIC Industrial PCs using a version of Infineon’s Trusted Platform Module...