Security News > 2021 > September > Microsoft WPBT flaw lets hackers install rootkits on Windows devices
Security researchers have found a flaw in the Microsoft Windows Platform Binary Table that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012.
WPBT is a fixed firmware ACPI table introduced by Microsoft starting with Windows 8 to allow vendors to execute programs every time a device boots.
Besides enabling OEMs to force install critical software that can't be bundled with Windows installation media, this mechanism can also allow attackers to deploy malicious tools, as Microsoft warns in its own documentation.
The weakness found by Eclypsium researchers is present on Windows computers since 2012, when the feature was first introduced with Windows 8.
After Eclypsium informed Microsoft of the bug, the software giant recommended using a Windows Defender Application Control policy which allows controlling what binaries can run on a Windows device.
WDAC policies can only be created on client editions of Windows 10 1903 and later and Windows 11 or on Windows Server 2016 and above.
News URL
Related news
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Microsoft adds hotpatching support to Windows 11 Enterprise (source)
- Microsoft starts testing Windows 11 taskbar icon scaling (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)