TPM 2.0 vulnerabilities make Microsoft look like clowns

So much for the Microsoft "bully pulpit" for TPM just to install and run Windows 11 legally. 

Very disturbing quote from the article:

To make matters worse, the CERT Coordination Center at Carnegie Mellon University published an alert in which it warned that an exploit leveraging these vulnerabilities would be essentially “undetectable” by the devices themselves as well as the best antivirus software

https://www.msn.com/en-us/news/technology/billions-of-pcs-and-other-devices-vulnerable-to-newly-discovered-tpm-2-0-flaws/ar-AA18i5HL?ocid=winpstoreapp&cvid=84cce37ea49c43ce9faf4f48847b912a&ei=10

 CVE 2023-1017 and CVE-2023-1018

The general recommendation for vendors:

Fortunately, the Trusted Computing Group (TCG) has come up with a fix for now in a new security bulletin (PDF). Basically, it involves vendors moving to a fixed version of the Trusted Platform Module specification, more specifically either of the ones listed below:

  • TMP 2.0 v1.59 Errata version 1.4 or higher
  • TMP 2.0 v1.38 Errata version 1.13 or higher
  • TMP 2.0 v1.16 Errata version 1.6 or higher

 

SA