Thunderspy Security Flaw

Hardware vulnerability discovered in Thunderbolt connected devices.

Vendor: Microsoft

Product: Windows 10

Component: Thunderbolt 3

Date: May 2020

What's New

It has been reported that Microsoft has now joined Intel in confirming a newly reported security vulnerability with Thunderbolt ports. This enables an attacker with physical access to a PC to modify the port’s controller firmware, disabling its security.

Discovered by Eindhoven University of Technology, they have warned that despite locking or suspending a PC, having a secure boot process, strong password or encryption “all an attacked needs is five minutes alone with the computer” to potentially compromise it.

Attacks like this are extremely rare as they are highly complex – but they do happen. They most likely would occur when you are staying away in a hotel and away from your room. Microsoft has confirmed the attack vector and stated “an attacker with physical access to a system can use Thunderspy to read and copy data even from systems that have encryption with password protection enabled.” The vulnerability is in hardware, and so cannot be patched.

How Does This Affect Me?

  • Thunderspy is pretty niche and will most likely be used to target high value or sensitive information so this put only a very small percentage of users at risk. Nonetheless, it is a security flaw and puts devices at risk. The way to mitigate this is to look at devices with Kernal DMA protection in place but this is limited to certain new devices.


  • New computers will be automatically patched.
  • Ensure that physical access to equipment is protected.
  • Datcom will check and enable Kernal DMA Protection for all Service Desk and Security Desk customers. Reference ticket for all customers is #420049.
  • For older computers there is no mitigation route, it is likely older computers will not be using a Thunberbolt connector.


Get in touch

Call us on 0333 000 3210 or Email us

Latest news...

What’s the most secure MFA method?

MFA stands for Multi-factor Authentication. It means users have to provide two or more verification factors to access a resource, such as an application, online account, or VPN. If you have MFA on all your business and personal online accounts, then you are already more secure than 85% of businesses. Let’s compare the various MFA methods available and see how we can make your account even more secure.

Read More