以下是关于漏洞CVE-2017-15361的关键信息,以简洁的Markdown格式返回: 关键信息 漏洞编号: CVE-2017-15361 受影响的TPM固件版本: - 4.0 - 4.33 - 4.4 - 4.42 - 5.0 - 5.61 - 6.0 - 6.42 - 7.0 - 7.61 - 133.0 - 133.32 - 149.0 - 149.32 漏洞描述 这个漏洞涉及受影响的可信平台模块(TPM)系统,这些系统在使用RSA密钥生成时可能存在安全问题,从而影响到Windows和Linux系统。 提供的工具与脚本 Windows系统: - Nessus审计文件: - PowerShell脚本: Linux系统: - Nessus审计文件: - Bash脚本: 这些工具可以帮助DoD管理员检测网络中的系统是否受到影响。 相关链接 原始研究: https://crocs.fi.muni.cz/public/papers/rsa_ccs17 更多信息: - https://www.kb.cert.org/vuls/id/307015 - https://www.infineon.com/cms/en/product/promopages/rsa-update/ - https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-background - https://www.infineon.com/cms/en/product/promopages/tpm-update/ 操作系统补丁和TPM固件更新: - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012 - https://us.answers.acer.com/app/answers/detail/a_id/51137 - http://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html - https://support.hp.com/us-en/document/c05792935 - https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us - https://support.lenovo.com/us/en/product_security/LEN-15552 - https://support.toshiba.com/sscontent?contentId=4015874 - https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update 其他受影响设备: - https://www.yubico.com/support/security-advisories/ysa-2017-01/ - https://safenet.gemalto.com/technical-support/security-updates and https://gemalto.service-now.com/csm?id=kb_article&sys_id=19a55bdf4fb907c0873b69d18110c768 检查RSA密钥是否受影响的工具: - https://github.com/crocs-muni/roca - https://keychest.net/roca - https://keytester.cryptosense.com/ - https://www.tenable.com/plugins/index.php?view=single&id=103864