Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0225 Microsoft Surface Pro 3 Security Feature Bypass Vulnerability 20 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Surface Pro 3 Operating System: Windows Impact/Access: Reduced Security -- Existing Account Resolution: None CVE Names: CVE-2021-42299 OVERVIEW Microsoft has released an out-of-band advisory detailing a security bypass vulnerability that affects the Microsoft Surface Pro 3. [1] Microsoft advises that there is proof of concept code available targeting this vulnerability. [1] IMPACT Microsoft has assigned CVE-2021-42299 to this vulnerability. [1][2] Microsft advises that the Surface Pro 4, Surface Book, and more recent Surface devices are not vulnerable. [2] Microsoft has attempted to notify all affected vendors. [2] MITIGATION There is no fix available for this vulnerability. Microsoft states "We encourage customers to practice good security habits, including positive control over their device and preventing unauthorized physical access to their machine." [1] REFERENCES [1] Microsoft Surface Pro 3 Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42299 [2] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYW+lFONLKJtyKPYoAQgzxw//XasU9FoK6KUHB0j9qS8BYRoK1Nn7iTpw /dp7nPwgVTl3lMoyUU93K+BcPXQBf7H3zKhpquT9ZzngzQJrXSK6ieKRmwNgrO11 KB++9wzBF4u6dT14AwiS/zl1vYX8ogTtMQ+xVlGgJkcf+C5JlRDxNhZ1izuQPrKJ mFTiAzRkO5X36Zb481Ygo1zbq03zGdYSHOW5wyquyTLXfQISijZG5laS8vVWOLiA Lyceu8odvw5B0i3TK5VmbiW+SoNWPX2UQ2B8CLPRG4H8Ut1mKkhzkX/vrNjOWVSP U4SjFkAkUUkVJQD/QKEf46b2xwFJTeUPpatiQM8iIiae5s6K5GGnIIeFAyeAU+ZY MwE+HMAQrjeAKsVBE9bMOzjDuDPnB0+aXQyuF0rDr4s88gFuCyhOjPxoSl81aALC bUkgVXEiVK2ocNrjeI5y/ydHoq3VA/Tso0JIOHSNsijJmbSUVnpCWlsjVfB5E0Mz TLl5HqIlKc2QdcHlcPxy8j/pgfaWR/XenUAbUvwXwUkB6GwRmQWB6nJJNolIOHbn ghYUxLKLsN5ytCEfGdLO3xR4uTKM2LykaXnKiKd4QJL7PKQrb5qMgrXy/MkskGfO hVTIpJlGyopJ4KrPWcojaJtv/VWCLiTo+yAiziJ4+nzNPS3eox6etpQ5YiyNwQV6 WsPetlZxh3w= =KB2Q -----END PGP SIGNATURE-----