Security Advisory: SED Management with Persistent Key Transfer Vulnerability
| Date Discovered
April 25, 2019
Official Fix Version
8.3 SR1
Description
Through continued development of our SecureDoc solutions, WinMagic has discovered a vulnerability affecting devices using SecureDoc to manage Self-Encrypting Drives (SEDs) under specific conditions (see below).
There is no evidence that the vulnerability has yet been exploited to steal sensitive information stored on an SED.
Products/Solutions Affected
For this vulnerability to apply, devices must meet the following 3 conditions: - SecureDoc v8.3 or earlier for Windows
- Self-encrypting Drives (SEDs)
- Transfer key to OS using Persistent Storage is enabled *
* Persistent Storage mode can be enabled in the following ways: - Windows Profiles in SES -> under Boot Configuration -> Advanced Options: “Transfer Key to OS using Persistent Storage”
- Persistent Storage can be applied automatically to devices if configured in the KnownConfig.XML file. Please see HERE for the most current Known Config XML file to determine if your devices may be affected.
Recommendations
WinMagic recommends affected devices be upgraded to SecureDoc v8.3 SR1 upon release - tentatively targeted for mid-May. |