This one is even worse than the wireless issue. This came across an alias at work
“A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.
The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion.”
This flaw affects TPM chips used in laptops as well, requiring firmware updates. . Apparently you’d need to suspend BitLocker, apply the OS update, firmware update, clear TPM, re-enable BitLocker in order to fix the vuln.
Affected Lenovos: https://support.lenovo.com/us/en/product_security/len-15552
Surface Pro 4 is also affected.
Guidance from MSFT: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012