Security News > 2021 > September > Microsoft WPBT flaw lets hackers install rootkits on Windows devices
Security researchers have found a flaw in the Microsoft Windows Platform Binary Table that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012.
WPBT is a fixed firmware ACPI table introduced by Microsoft starting with Windows 8 to allow vendors to execute programs every time a device boots.
Besides enabling OEMs to force install critical software that can't be bundled with Windows installation media, this mechanism can also allow attackers to deploy malicious tools, as Microsoft warns in its own documentation.
The weakness found by Eclypsium researchers is present on Windows computers since 2012, when the feature was first introduced with Windows 8.
After Eclypsium informed Microsoft of the bug, the software giant recommended using a Windows Defender Application Control policy which allows controlling what binaries can run on a Windows device.
WDAC policies can only be created on client editions of Windows 10 1903 and later and Windows 11 or on Windows Server 2016 and above.
News URL
Related news
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Microsoft fixes Windows Server bug causing crashes, NTLM auth failures (source)
- Microsoft fixes VPN failures caused by April Windows updates (source)
- Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors (source)
- Microsoft's new Windows 11 Recall is a privacy nightmare (source)
- Microsoft pushes emergency fix for Windows Server 2019 update errors (source)
- Microsoft: Windows 24H2 will remove Cortana and WordPad apps (source)
- Microsoft links North Korean hackers to new FakePenny ransomware (source)
- Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group (source)
- Microsoft: Windows 11 preview update causes taskbar crashes (source)