Expert Commentary: Millions Of Windows 10 PCs Exposed By Nasty Security Vulnerability

BACKGROUND:

Security researchers have found a flaw in Microsoft’s implementation of the Microsoft Windows Platform Binary Table (WPBT) mechanism, which can be exploited to compromise computers running Windows 8 and Windows 10 operating systems.

Microsoft describes WPBT as a fixed firmware Advanced Configuration and Power Interface (ACPI) table that was introduced with Windows 8 to enable OEMs and vendors to execute programs every time the Windows device boots up.

“The Eclypsium research team has identified a weakness in Microsoft’s WPBT capability that can allow an attacker to run malicious code with kernel privileges when a device boots up,” note the researchers.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Hugo Van den Toorn
Hugo Van den Toorn , Manager, Offensive Security
InfoSec Expert
September 28, 2021 10:26 am

<p>This vulnerability highlights the importance of a layered security approach. In both the physical supply chain and the different layers of physical hardware and virtual operating systems, there is a multitude of attack vectors threat actors may exploit to thwart security. With a firmware attack such as the one discovered, attackers would be able to gain deep-rooted persistent access to a device. As we cannot rely on solely the operating system to identify and remediate such an attack after compromise. This calls for more in-depth defenses and security measures such as <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUdV3pAdrG82pKqP0kRJ-2BiHBXsbatXqJc1dh5A4MiresdqqNyTlEvmkDXMVr-2F1TTtsL6eULCJBCZ31D5fI7MqJccbZDbOaDd2EjSZ-2F-2FxsEminvmxk_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkY6ae354Eas3IUN-2BJ6z3tAKymBt6ougLP3Cr23OXZ6795v-2BxAUn3Wf-2FDqJQpUJt6fsyKMib8jkZ6mQM-2BBbWDtN-2FNc2lO1jOwgQzNc3xuf1HY-2BLf48lQZRuKzoL5PsGSJRgpgdIKXzJLyTnYJVwJsjFbR7EPT0h7kaZ6t1P9XJj-2FRw67CZ-2BcUhxTu5tv8S-2FkQqRGL6DbPqGoCFqfheumiKLZTC8AyPTpXKJzXidj3fQyT\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUdV3pAdrG82pKqP0kRJ-2BiHBXsbatXqJc1dh5A4MiresdqqNyTlEvmkDXMVr-2F1TTtsL6eULCJBCZ31D5fI7MqJccbZDbOaDd2EjSZ-2F-2FxsEminvmxk_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkY6ae354Eas3IUN-2BJ6z3tAKymBt6ougLP3Cr23OXZ6795v-2BxAUn3Wf-2FDqJQpUJt6fsyKMib8jkZ6mQM-2BBbWDtN-2FNc2lO1jOwgQzNc3xuf1HY-2BLf48lQZRuKzoL5PsGSJRgpgdIKXzJLyTnYJVwJsjFbR7EPT0h7kaZ6t1P9XJj-2FRw67CZ-2BcUhxTu5tv8S-2FkQqRGL6DbPqGoCFqfheumiKLZTC8AyPTpXKJzXidj3fQyT&source=gmail&ust=1632910651174000&usg=AFQjCNEXzT3MavDerLhQuv2571KbUXcUFg\">Microsoft Secured-core</a>.</p>

Last edited 1 year ago by Hugo Van den Toorn
1
0
Would love your thoughts, please comment.x
()
x