Subscribe

Microsoft Issues Advisory For Surface Pro 3 TPM Bypass Flaw

October 20, 2021

Microsoft published an advisory that addresses a security feature bypass vulnerability known as CVE-2021-42299 impacting Surface Pro 3.

According to Google security experts who found it, the vulnerability can be exploited in highly complex attacks known as TPM Carte Blanche and could ultimately allow threat actors to introduce malicious devices into enterprise environments.

Exploiting the vulnerability could allow attackers to poison the TPM and PCR protocols to obtain false certificates, allowing them to compromise the Device Health Attestation. The Device Health Attestation is a cloud and on-premise service that validates TPM and PCR protocols for endpoints and notifies mobile device management solutions when Secure Boot, BitLocker and Early Launch Antimalware are enabled, Trusted Boot is correctly signed, and other validation processes are performed.

While newer Surface devices such as the Surface Pro 4 and Surface Book are not vulnerable, Microsoft said other devices from other manufacturers could be vulnerable to TPM Carte Blanche attacks.

For more information, read the original story in BleepingComputer.

Top Stories

UK surgeon performs remote robotic surgery on patient 1,500 miles away

Kalshi declines payouts on Iran leadership prediction market after Khamenei’s death

CIOCAN launches memorial award honouring Canadian IT leader Fawn Annan

Check Point launches Canada-only security region to meet rising data residency demands

OpenAI amends Pentagon deal after backlash over surveillance concerns

QuitGPT: OpenAI faces consumer backlash after DoD deal

Related Articles

Microsoft launches $99 Microsoft 365 E7 tier bundling Copilot AI tools

March 10, 2026 Microsoft is introducing a new top-tier Microsoft 365 subscription called E7 that bundles its Copilot artificial intelligence more...

Dutch intelligence warns of Russian campaign targeting Signal and WhatsApp accounts

March 10, 2026 Dutch intelligence agencies say Russian state-linked hackers are conducting a global campaign to compromise Signal and WhatsApp more...

Check Point launches Canada-only security region to meet rising data residency demands

March 5, 2026 Check Point Software on Wednesday launched a dedicated Canada data region for its CloudGuard Web Application Firewall more...

API key breach triggers $82K Gemini bill for developer team

March 5, 2026 A small development company in Mexico says a compromised Google Cloud API key triggered more than $82,000 more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.