fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Issues Advisory For Surface Pro 3 TPM Bypass Vulnerability

Microsoft Issues Advisory For Surface Pro 3 TPM Bypass Vulnerability

Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments.

The security flaw tracked as CVE-2021-42299 can be exploited in high complexity attacks dubbed TPM Carte Blanche by Google security researchers who discovered them and shared additional details on Monday.

To successfully abuse the bug, attackers would either need access to the owner’s credentials or physical access to the device.

Also Read: Social engineering attacks: 4 Ways businesses and individuals can protect themselves

Bypass security integrity checks

Device Health Attestation is a cloud and on-premises service that validates TPM and PCR logs for endpoints and informs Mobile Device Management (MDM) solutions if Secure Boot, BitLocker, and Early Launch Antimalware (ELAM) are enabled, Trusted Boot is correctly signed, and more.

By exploiting CVE-2021-42299, attackers can poison the TPM and PCR logs to obtain false attestations, allowing them to compromise the Device Health Attestation validation process.

“Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. Windows uses these PCR measurements to determine device health,” Microsoft explains.

“A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks.”

“The attacker can prepare a bootable Linux USB stick to minimize the interactions required with the target device (e.g., as an Evil Maid attack),” added Chris Fenner, the Google software engineer who found the bug.

Falsified measurements in health attestation
Falsified measurements in health attestation (Chris Fenner)

Devices from other vendors also vulnerable

Fenner also published proof-of-concept (Poc) exploit code demonstrating how the flaw could be exploited on Monday.

Microsoft confirmed Fenner’s findings that the Surface Pro 3 is exposed to TPM Carte Blanche attacks. More recent Surface devices such as the Surface Pro 4, Surface Book are not vulnerable.

While the Surface Pro 3 was released in June 2014 and discontinued in November 2016, Redmond says devices from other vendors could also be vulnerable to TPM Carte Blanche attacks and that it attempted to notify all affected vendors of the issue.

Also Read: How can businesses protect their enterprise from Business Email Compromise (BEC) attacks?

“It is possible that other devices, including non-Microsoft devices, using a similar BIOS may also be vulnerable,” Microsoft said.

Correction October 19, 11:45 EST: Updated story and title to remove Microsoft security updates info.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us