Published on: 09 November 2018
A local attacker could disclose the encrypted information on the vulnerable Solid State Drives (SSD) by altering the firmware through the debugging interface.
A group of security researchers published the following non-exhaustive list of SSD models that could disclose information protected by hardware encryption:
Windows systems with BitLocker running may also adopt hardware encryption on the affected SSD.
A successful attack could reveal the encrypted data from an affected system without the decryption key
System administrators should check whether hardware encryption is used for SSDs. If so, system administrators should take immediate actions to mitigate the risk by switching to software encryption.
For Microsoft BitLocker
Microsoft BitLocker would use hardware encryption by default if the feature is supported by the drives. System administrators may check the type of drive encryption being used (hardware or software):
1. Run "manage-bde.exe –status" from elevated command prompt.
2. If none of the drives listed report "Hardware Encryption" for the Encryption Method field, then this device is using software encryption and is not affected by the vulnerabilities.
Once a drive was encrypted using hardware encryption, the drive is required to be unencrypted first and re-encrypted using software encryption. Changing the Group Policy value to enforce software encryption alone is not sufficient to re-encrypt existing data.
For details, please refer to
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028
https://www.kb.cert.org/vuls/id/395981/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028
https://www.us-cert.gov/ncas/current-activity/2018/11/06/Self-Encrypting-Solid-State-Drive-Vulnerabilities
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12038