Researchers demonstrate how to extract secure keys from an Intel Trusted Platform Module in 4 minutes

The Trusted Platform Module (or TPM) is a secure enclave within a computer that acts as a root of trust for the operating system and secure storage area for security keys. The TPM can be implemented either as a dedicated chip on the motherboard or run in firmware within a separate microprocessor within the Intel CPU.  Access to the TPM contents means an attacker could forge a digital signature or obtain the keys being used to encrypt the contents of a VPN.

Researchers have published a paper, naming the vulnerability TPM.Fail (http://tpm.fail ) which explains how the exploit works.  The flaw is in the implementation of ecliptic curve signature generation which allows information about the key to leak by minute variations in the calculation time.  If you give the TPM enough calculations, you can deduce the key by analysing the timing variations.

Intel have published a fix for their firmware based TPM CVE-2019-11090.  The vulnerable hardware TPM named in the paper from STMicroelectronics has its firmware patched via updates from the laptop manufacturers, details on their website.

Microsoft have confirmed that the vulnerable algorithm (ECDSA) is not used by Windows, but third party software you have installed may make use of it.