This document provides a technical overview of Microsoft’s interim measures against a vulnerability in Trusted Platform Module (TPM) chipsets manufactured by Infineon (CVE-2017-15361).

• Technical Overview of Microsoft’s Interim Measures against CVE-2017-15361 Version: 1.0

Table of contents analysis document

1 Introduction
2 Technical Analysis
2.1 Generation of RSA keys
2.2 generation of EventLog Log Entries
References
Keywords and Abbreviations

Summary:

This vulnerability affects the generation of Rivest–Shamir–Adleman (RSA) keys by vulnerable TPM chipsets making keys susceptible to the Return of Coppersmith's attack (ROCA). This attack enables attackers to recover the private key from the public key of a weak public-private key pair.

The CVE-2017-15361 vulnerability is a firmware vulnerability, and not a vulnerability in the operating system. However, because of its criticality, Microsoft has implemented interim measures against this vulnerability until firmware vendors provide a patch addressing it. These measures are implemented as part of the KB4041691 update for the Windows version that is in the focus of this work.

According to Microsoft, among other things, the KB4041691 update modifies Windows 10 such that it prevents the generation of weak RSA keys by the TPM and generates EventLog log entries when a vulnerable TPM chipset is detected.

The KB4041691 update does not modify the generation of the storage root key, which is conducted as part of the TPM provisioning process. That is, the storage root key is generated in the context of the TPM and therefore, it may be weak. This may pose a significant security risk.

It is important to emphasize that in order to fully remediate the CVE-2017-15361 vulnerability, users have to install the firmware update provided by the hardware original equipment manufacturer (OEM) for patching the vulnerability. In addition, users have to clear and re-provision the TPM. This may render software that uses TPM-generated keys unstable and may lead to loss of TPM-protected data. Therefore, users have to make in advance remediation plans for such software and data. This includes, for example, a temporary transition to the use of software-generated keys. After the TPM has been re-provisioned, users may generate new keys with it and re-enroll software that uses TPM-generated keys and data that needs to be protected by the TPM.