An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
trustedcomputinggroup trusted platform module 2.0 |
||
microsoft windows 10 1809 |
||
microsoft windows 10 20h2 |
||
microsoft windows 11 21h2 |
||
microsoft windows 10 21h2 |
||
microsoft windows 10 22h2 |
||
microsoft windows 10 1607 |
||
microsoft windows 10 1507 |
||
microsoft windows server 2016 |
||
microsoft windows 11 22h2 |
||
microsoft windows server 2019 |
||
microsoft windows server 2022 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources The outlook is grim for Outlook - and SAP, Adobe. Android, and Chrome - so get ready for a long update party
Patch Tuesday Microsoft's March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited, and nine that are rated critical. Let's start with the two that miscreants found before Redmond issued a fix. First up: prioritize patching CVE-2023-23397, a privilege elevation bug in Microsoft Outlook that received a 9.8 out of 10 CVSS rating. While details of the hole haven't been publicly disclosed, it has already been exploited in the wild, and Microsoft lists its...