This post has been republished via RSS; it originally appeared at: MSRC Security Update Guide.
[CVE-2025-2884](https://www.cve.org/CVERecord?id=CVE-2025-2884) is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. CERT/CC created this CVE on their behalf. The documented Windows updates incorporate updates in TCG TPM2.0 Reference implementation which address this vulnerability. Please see [CVE-2025-2884](https://www.cve.org/CVERecord?id=CVE-2025-2884) for more information.
Opinions, tips, and news orbiting Microsoft