Security News > 2021 > September > Microsoft WPBT flaw lets hackers install rootkits on Windows devices
Security researchers have found a flaw in the Microsoft Windows Platform Binary Table that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012.
WPBT is a fixed firmware ACPI table introduced by Microsoft starting with Windows 8 to allow vendors to execute programs every time a device boots.
Besides enabling OEMs to force install critical software that can't be bundled with Windows installation media, this mechanism can also allow attackers to deploy malicious tools, as Microsoft warns in its own documentation.
The weakness found by Eclypsium researchers is present on Windows computers since 2012, when the feature was first introduced with Windows 8.
After Eclypsium informed Microsoft of the bug, the software giant recommended using a Windows Defender Application Control policy which allows controlling what binaries can run on a Windows device.
WDAC policies can only be created on client editions of Windows 10 1903 and later and Windows 11 or on Windows Server 2016 and above.
News URL
Related news
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)