Security researchers at Quarkslab have identified a pair of serious security defects in the Trusted Platform Module (TPM) 2.0 reference library specification, prompting a massive cross-vendor effort to identify and patch vulnerable installations. The vulnerabilities, tracked as CVE-2023-1017 and CVE-2023-1018, provide pathways for an authenticated, local attacker to overwrite protected data in the TPM firmware…