how do I find that my TPM is vulnerable? is there some xml/json with list of versions and models? if I understand correctly, correct way is to flash new firmware, wipe and initialize TPM and reissue WHfB identity?
If you deployed Windows Hello for Business, you should definitely read Microsoft's Security Advisory ADV190026.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190026 …
And I am not saying it just because I reported that issue and had a talk about it at Black Hat Europe. 
https://www.blackhat.com/eu-19/briefings/schedule/index.html#exploiting-windows-hello-for-business-17260 … #BHEUpic.twitter.com/BUKgzAc33b
-
-
-
Additionally, you have to manually delete those vulnerable public keys from AD, which is not obvious at all. There is a script for local checking of vulnerable TPMs, or you can check event logs, see https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012 … There is also an undocumented ADFS key auditing option.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.