A new study has found that there are two serious security defects in the Trusted Platform Module (TPM) 2.0 reference library specification. These defects could potentially lead to information disclosure or privilege escalation.
The study, conducted by cybersecurity company Quarkslab, found that the vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0.
The Trusted Computing Group (TCG) has said that these flaws could affect billions of devices. TPM is a hardware-based solution that is designed to provide secure cryptographic functions and physical security mechanisms to resist tampering efforts.
Microsoft has said that the most common TPM functions are used for system integrity measurements and for key creation and use. The boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM.
If you have a TPM 2.0, it is important to update it as soon as possible to protect your device from these vulnerabilities.