TPM chip vulnerability

A serious vulnerability has been announced in the Infineon Trusted Platform Module (TPM) processors used to secure encryption keys in many PCs and laptops. We utilize TPM modules to implement Bitlocker whole disk encryption on all of our managed computers. Vendors using Infineon TPM chips include HP, Fujitsu, Lenovo, Microsoft (Surface lines), Acer, Asus, LG, Samsung and Toshiba. Lenovo has reported that a number of their devices are impacted by this vulnerability, but our standard Dell desktops and laptops do not appear to be using the Infineon TPM chips. 

Details on the vulnerability
Lenovo’s list of devices using TPM modules

Remediation Plan

To remediate this vulnerability, a firmware update will need to be installed on the computers running the Infineon TPM module. These updates are provided by the computer’s manufacturer.

Infineon TPM vulnerability remediation steps:

  1. Run all available Microsoft updates. All updates must be installed to identify a vulnerable TPM module.
  2. Login with an administrator account and run the TPM.msc to verify the TPM module is vulnerable. If vulnerable, the TPM status will report “The TPM firmware on this PC has a known security problem."

If the TPM module is vulnerable:

  1. Download the updated firmware from the computer’s vendor
  2. If the computer is using Bitlocker whole disk encryption, suspend Bitlocker before applying the firmware update
  3. If computer is a laptop, plug in power adapter
  4. Follow vendor instructions to install the firmware update
  5. Re-enable Bitlocker whole disk encryption

If you have any questions or concerns, please contact your desktop support staff or the Computer Help Desk at or (250) 721-7687.