Security News > 2021 > September > A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices.
"These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers from Eclypsium said in a report published on Monday.
WPBT, introduced with Windows 8 in 2012, is a feature that enables "Boot firmware to provide Windows with a platform binary that the operating system can execute."
Given the functionality's ability to have such software "Stick to the device indefinitely," Microsoft has warned of potential security risks that could arise from misuse of WPBT, including the possibility of deploying rootkits on Windows machines.
"Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions," the Windows maker notes in its documentation.
In response to the findings, Microsoft has recommended using a Windows Defender Application Control policy to tightly control what binaries can be permitted to run on the devices.
News URL
Related news
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Microsoft blocks Windows 11 24H2 on two ASUS models due to crashes (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)
- Microsoft delays Windows Recall again, now by December (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)