TPM 2.0 security flaw could leave billions vulnerable to hackers — is your laptop affected?

News
By Sean Riley
published

Wasn't TPM 2.0 supposed to protect your laptop?

Intel Platform Trust Technology (TPM 2.0) BIOS settings
(Image credit: Laptop Mag)

The TPM 2.0 chip is designed to help make Windows 11 PCs and other devices more secure, which you may recall from our explainer on TPM 2.0 back when it was announced as a requirement for Windows 11. 

It's also what makes the news that there is a security flaw in TPM 2.0 all the more upsetting. According to a report from BleepingComputer, a newly-discovered vulnerability in TPM 2.0 could allow hackers to execute malicious code, which could in turn give them access to your data or give them escalated privileges on your PC or laptop (via Tom's Guide).

Should you be worried about the TPM 2.0 vulnerability?

Yes, but it's a qualified yes. The key words that we were looking for were "actively exploited in the wild" or some variation on those terms. The Quarklab's researchers, Francisco Falcon and Ivan Arce, didn't evoke that language. Now that doesn't make the vulnerabilities less real, but it makes us downgrade from a full 5-alarm fire alert.

One key reason why this is still concerning is the sheer volume of devices impacted, billions when you factor in Windows PCs and other devices that rely on TPM 2.0. The other reason is that while the original warnings about this flaw went out months ago, Lenovo is the only major OEM to issue a security advisory.

Basically, this means that if you have a Windows 10 or Windows 11 laptop with a TPM 2.0 chip, you have to assume you are impacted for now.

So what can you do about the TPM 2.0 vulnerability?

The Trusted Computing Group (TCG), the team behind the TPM specification, identified a fix for the problem that involves using one of the following fixed versions of the TPM specification:

  • TMP 2.0 v1.59 Errata version 1.4 or higher
  • TMP 2.0 v1.38 Errata version 1.13 or higher
  • TMP 2.0 v1.16 Errata version 1.6 or higher

However, again this is something the OEMs will need to put in place. For now the best way to protect your laptop is to ensure that no one else has physical access to your system, make sure you are running the latest firmware and software updates, run one of the best antivirus apps, and avoid installing software from unknown sources as the vulnerability could be exploited either in person or via malware.

We'll keep you updated as additional vendors address the TPM 2.0 security flaw.

Sean Riley
Sean Riley

Sean Riley has been covering tech professionally for over a decade now. Most of that time was as a freelancer covering varied topics including phones, wearables, tablets, smart home devices, laptops, AR, VR, mobile payments, fintech, and more.  Sean is the resident mobile expert at Laptop Mag, specializing in phones and wearables, you'll find plenty of news, reviews, how-to, and opinion pieces on these subjects from him here. But Laptop Mag has also proven a perfect fit for that broad range of interests with reviews and news on the latest laptops, VR games, and computer accessories along with coverage on everything from NFTs to cybersecurity and more.