Expert Comments

Expert Commentary: Millions Of Windows 10 PCs Exposed By Nasty Security Vulnerability

Expert(s): ISBuzz Staff
Expert(s): ISBuzz Staff

BACKGROUND:

Security researchers have found a flaw in Microsoft’s implementation of the Microsoft Windows Platform Binary Table (WPBT) mechanism, which can be exploited to compromise computers running Windows 8 and Windows 10 operating systems.

Microsoft describes WPBT as a fixed firmware Advanced Configuration and Power Interface (ACPI) table that was introduced with Windows 8 to enable OEMs and vendors to execute programs every time the Windows device boots up.

“The Eclypsium research team has identified a weakness in Microsoft’s WPBT capability that can allow an attacker to run malicious code with kernel privileges when a device boots up,” note the researchers.

Experts Comments

September 28, 2021
Hugo Van den Toorn
Manager, Offensive Security
Outpost24

This vulnerability highlights the importance of a layered security approach. In both the physical supply chain and the different layers of physical hardware and virtual operating systems, there is a multitude of attack vectors threat actors may exploit to thwart security. With a firmware attack such as the one discovered, attackers would be able to gain deep-rooted persistent access to a device. As we cannot rely on solely the operating system to identify and remediate such an attack after

.....Read More

This vulnerability highlights the importance of a layered security approach. In both the physical supply chain and the different layers of physical hardware and virtual operating systems, there is a multitude of attack vectors threat actors may exploit to thwart security. With a firmware attack such as the one discovered, attackers would be able to gain deep-rooted persistent access to a device. As we cannot rely on solely the operating system to identify and remediate such an attack after compromise. This calls for more in-depth defenses and security measures such as Microsoft Secured-core.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Comment: Contactless Limit Of £100 Is Logical But A Huge...

Cyberattack Response Takes Over 2 Days, Industry Survey Reports

Comment: New Group Can Breach Organisation, Steal Sensitive Data Without...

Quest-owned Fertility Clinic Announces Data Breach After August Ransomware Attack

On Hackers ‘Password Spraying’ Office 365 Accounts

Patch Tuesday Addresses 74 CVEs | Commentary

MysterySnail RAT Uses MSoft Zero-day – 3 Experts Comment

University Of Sunderland Hit With Major Cyber Attack

You Should Update Your iPhone Right Now

Weir Group Suffers Ransomware Attack – Security Expert Comments

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy