Security News > 2021 > October > Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices

Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism.

As of writing, other Surface devices, including the Surface Pro 4 and Surface Book, have been deemed unaffected, although other non-Microsoft machines using a similar BIOS may be vulnerable.

"Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register banks."

Introduced in Windows 10, Device Health Attestation is an enterprise security feature that ensures client computers have trustworthy BIOS, Trusted Module Platform, and boot software configurations enabled such as early-launch antimalware, Secure Boot, and much more.

"On a Surface Pro 3 running recent platform firmware with SHA1 and SHA256 PCRs enabled, if the device is booted into Ubuntu 20.04 LTS, there are no measurements at all in the SHA256 bank low PCRs," Fenner said.

In a real-world scenario, CVE-2021-42299 can be abused to fetch a false Microsoft DHA certificate by obtaining the TCG Log - which records measurements made during a boot sequence - from a target device whose health the attacker wants to impersonate, followed by send a valid health attestation request to the DHA service.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/O9IASHVuEKQ/microsoft-warns-of-new-security-flaw.html