Notes on Microsoft ADV170012 – TPM Madness.

Hidden within the latest Microsoft Security Advisory is a Whooper: ADV170012

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012

The summary is that some of the Infineon TPM chip implementations have a bug. And appears that someone has produced a Proof of Concept exploit. Wow.

Microsoft and Infineon have arguably done the right thing here and have announced the issue, produced a Hotfix to help customers better identify the issue, and have developed tools to update the issue through firmware.

What’s not clear to me is just what the issue is, and what the hotfix does. Unfortunately, it may be a while before Microsoft releases more information, while they give companies a head start working on application of the hotfixes.

A link in the article above suggest that exploit is not easy:

A successful attack depends on conditions beyond the attacker’s control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.

Which leads me to believe that any exploit is hard, requiring a highly skilled attacker, not someone who is going to steal my laptop from the local Starbucks in the hopes of getting my Credit Card number, saved somewhere on the machine.

Stay tuned…

Script

In the mean time, I decided to re-write the PowerShell script in the article above. The latest version works great when issuing commands remotely and collecting the data in a centralized location.

For example I could run the command:

icm { iwr 'https://gist.githubusercontent.com/keithga/22aa4500de40bc174f2f4921052e3b87/raw/Test-TPMReimann.ps1' | iex } -Cred $cred -Computer Pickett1,Pickett2,Pickett3,Pickett4 | ft *

And see the output:

infineon.png

Lucky for me I have Four machines that are affected with the Bad TPM Module.

  • One machine is my work machine (Version 6.41)
  • Two machines don’t have bad Infineon version numbers (Verison 3.19), but may need to be cleared anyways. Easy to do.
  • One machine has the bad Infineon version (Version 4.32), but the TPM Module is on a replacement Riser card, and I can purchase a new one for $50.

Now to figure out how to address this at work.

Code

#Requires -Version 3
#requires -RunAsAdministrator
<#
.SYNOPSIS
TPM Infineon Riemann Check
.DESCRIPTION
Checks the status of TPM on the local machine and returns status as a PowerShell object.
Must be run at elevated permissions.
.OUTPUTS
PSCustomObject with several properties.
.EXAMPLE
C:\PS> .\Test-TPMReimann.ps1
hasTPM : True
ManufacturerId : 0x53544d20
ManufacturerVersion : 13.12
FirmwareVersionAtLastProvision :
NeedsRemediation : False
Reason : This non-Infineon TPM is not affected by the Riemann issue. 0x53544d20
.EXAMPLE
C:\PS> icm -scriptblock { iwr 'https://gist.githubusercontent.com/keithga/22aa4500de40bc174f2f4921052e3b87/raw/Test-TPMReimann.ps1&#39; | iex } -RunAsAdministrator -ComputerName PC1,PC2
Given the URL path to this script ( to get the script, click on the raw link above ), will run the command on the machines and collect the results locally.
.LINK
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
.LINK
#>
[cmdletbinding()]
param()
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")){
Throw "Not Administrator"
}
$TPM = try { Get-Tpm } catch { $Null }
$FirmwareVersionAtLastProvision = Get-ItemProperty Path "HKLM:\SYSTEM\CurrentControlSet\Services\TPM\WMI" Name "FirmwareVersionAtLastProvision" ErrorAction SilentlyContinue | % FirmwareVersionAtLastProvision
#region Infineon version test routines
function Test-RiemannVersion ( [string[]] $version ) {
# Returns True if not safe
switch ( $version ) {
4 { return $version[1] -le 33 -or ($version[1] -ge 40 -and $version[1] -le 42) }
5 { return $version[1] -le 61 }
6 { return $version[1] -le 42 }
7 { return $version[1] -le 61 }
133 { return $version[1] -le 32 }
default { return $False }
}
}
#endregion
#region Test Logic
if ( !$TPM ) {
$Reason = "No TPM found on this system, so the Riemann issue does not apply here."
$NeedsRemediation = $False
}
elseif ( $TPM.ManufacturerId -ne 0x49465800 ) {
$Reason = "This non-Infineon TPM is not affected by the Riemann issue. 0x$([convert]::ToString($TPM.ManufacturerId,16))"
$NeedsRemediation = $False
}
elseif ( $TPM.ManufacturerVersion.IndexOf('.') -eq -1 ) {
$Reason = "Could not get TPM firmware version from this TPM. $($TPM.ManufacturerVersion)"
$NeedsRemediation = $False
}
elseif ( Test-RiemannVersion ( $Tpm.ManufacturerVersion -split '\.' ) ) {
$reason = "This Infineon firmware version TPM is not safe. $($Tpm.ManufacturerVersion)"
$NeedsRemediation = $true
}
elseif (!$FirmwareVersionAtLastProvision) {
$Reason = "We cannot determine what the firmware version was when the TPM was last cleared. Please clear your TPM now that the firmware is safe."
$NeedsRemediation = $true
}
elseif ($FirmwareVersion -ne $FirmwareVersionAtLastProvision) {
$Reason = "The firmware version when the TPM was last cleared was different from the current firmware version. Please clear your TPM now that the firmware is safe."
$NeedsRemediation = $true
} else {
$reason = 'OK'
$NeedsRemediation = $False
}
#endregion
#region Output Object
[PSCustomObject] @{
# Basic TPM Information
hasTPM = $TPM -ne $null
ManufacturerId = "0x" + [convert]::ToString($TPM.ManufacturerId,16)
ManufacturerVersion = $Tpm.ManufacturerVersion
FWVersionAtLastProv = $FirmwareVersionAtLastProvision
# Does the machine need Remediation for Riemann issue?
NeedsRemediation = $NeedsRemediation
# Reason String
Reason = $Reason
}
#endregion

view raw
Test-TPMReimann.ps1
hosted with ❤ by GitHub

Notes

Don’t recall why I  named it Reimann, I think I saw that as a code word in an article somewhere, and it stuck. Is the name of the researcher who found the issue, or just an arbitrary code name?

Not sure why you need to know when the last Provision Time was on machines *without* the issue. Either the TPM chips works or not!?!?

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s