Security restrictions bypass in Trusted Platform Module in Microsoft Windows

Published: 2017-10-10 | Updated: 2017-10-12
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2017-15361
Exploitation vector Network
Public exploit N/A
Vulnerable software
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Security restrictions bypass


Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2017-15361

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No


The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists in certain Trusted Platform Module (TPM) chipsets due to unknown error. A remote attacker can cause the application to weaken key strength.


Microsoft hasn't released any patches addressing the vulnerability.
If your device is not from Microsoft, apply the firmware provided by the OEM.

Vulnerable software versions

Windows: 8.1 - 10

Windows Server: 2012 - 2016 10.0.14393.10

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.