Security News > 2021 > September > A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices.
"These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers from Eclypsium said in a report published on Monday.
WPBT, introduced with Windows 8 in 2012, is a feature that enables "Boot firmware to provide Windows with a platform binary that the operating system can execute."
Given the functionality's ability to have such software "Stick to the device indefinitely," Microsoft has warned of potential security risks that could arise from misuse of WPBT, including the possibility of deploying rootkits on Windows machines.
"Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions," the Windows maker notes in its documentation.
In response to the findings, Microsoft has recommended using a Windows Defender Application Control policy to tightly control what binaries can be permitted to run on the devices.
News URL
Related news
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Microsoft to rollout Windows Recall to Insiders in October (source)
- Microsoft to roll out Windows Recall to Insiders in October (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)