Microsoft has addressed a security feature bypass flaw that affects Surface Pro 3 tablets and makes it easy for threat actors to infect devices in corporate networks.
The security issue, nicknamed TPM Carte Blanche by the Google security researchers, is listed as CVE-2021-42299 and may be used in elevated attacks by hackers having access to the system or access to the owner’s credentials.
Device Health Attestation is a cloud and on-premises service that analyzes endpoint TPM and PCR records and tells Mobile Device Management (MDM) solutions whether Secure Boot, BitLocker, and Early Launch Antimalware (ELAM) are active, Trusted Boot is appropriately signed, and much more.
By abusing CVE-2021-42299, attackers can corrupt the TPM and PCR logs to acquire fake attestations. This way, they succeed in compromising the Device Health Attestation validation process.
Microsoft explains that Platform Configuration Registers (PCRs) are used by devices to record device and software configuration data to secure the boot process. Windows use these PCR measures to assess device health.
A susceptible device can impersonate a healthy machine by inserting random numbers into Platform Configuration Register (PCR) banks.
According to Chris Fenner, the Google software developer who discovered the flaw, the attacker can build a bootable Linux USB stick to limit contacts with the target device (e.g., as an Evil Maid attack).
Fenner also released proof-of-concept (POC) exploit code that showed how the vulnerability might be used.
Fenner’s observations that Surface Pro 3 is vulnerable to cyberattacks if not patched were verified by Microsoft. Surface devices, like the Surface Pro 4 and Surface Book, are not affected.
While the Surface Pro 3 was introduced in June 2014 and removed from the market in November 2016, Microsoft said that devices from other vendors might also be vulnerable to TPM Carte Blanche attacks. It has sought to warn all impacted suppliers.
