October 3, 2023

Security researchers have found a flaw in Microsoft’s implementation of the Microsoft Windows Platform Binary Table (WPBT) mechanism, which can be exploited to compromise computers running Windows 8 and Windows 10 operating systems.

Microsoft describes WPBT as a fixed firmware Advanced Configuration and Power Interface (ACPI) table that was introduced with Windows 8 to enable OEMs and vendors to execute programs every time the Windows device boots up.

WPBT has been adopted by popular vendors including Lenovo, ASUS, and others. The vulnerability in WPBT found while working on the BIOSDisconnect vulnerabilities which exposed Dell devices to remote execution attacks.

The WPBT issue stems from the fact that while Microsoft requires a WPBT binary to be signed, it will accept an expired or revoked certificate, giving attackers the opportunity to sign malicious binaries with any readily available expired certificate.

This weakness can be easily exploited via multiple vectors (e.g. physical access, remote, and supply chain, Poisoning attacks) and by multiple techniques (e.g. malicious bootloader, Rootkits DMA, etc),

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: