Microsoft Windows is no longer secure: A new bug can enable hackers to install Rootkit in your device

Sep 25, 2021 | Shaoni Ghosh

Microsoft Windows is no longer secure: A new bug can enable hackers to install Rootkit in your device title banner

The Findings

 

Researchers discovered an unfixed vulnerability in Microsoft's Windows Platform Binary Table (WPBT), which impacts all Windows-based devices since Windows 8, and may be used to install a rootkit and compromise device integrity.

 

Every OS is vulnerable to attacks that install fake vendor-specific tables due to loopholes in Windows. Because of the widespread use of ACPI and WPBT, these motherboard-level vulnerabilities may render projects like Secured-core obsolete.Experts claim that attackers with physical access or remote access can misuse these tables.

 

WPBT is a feature that was first introduced in Windows 8 in 2012 and allows boot firmware to supply Windows with a platform binary that the OS may process.

 

PC makers can use UEFI to point to certified portable executables or other vendor-specific drivers that are included in the UEFI firmware ROM image and can be loaded into physical memory during Windows boot-up. To put it another way, it enables users to pre-load any OS code before running it on a device.

 

WPBT is built to keep important functions like anti-theft software running even if the operating system is changed, formatted, or reinstalled.

 

(Recommended Blog: Security Analytics)

 

Misuse of the technology, according to Microsoft, might pose a security risk. It also allows the installation of rootkits on computers.

 

(Must Check: 7 Best Data Security Practices)

 

WPBT-based solutions must be as safe as feasible, with no vulnerable circumstances for Windows users. Microsoft warns that the Malware (malicious software or undesirable software) must not be deployed without the agreement of the user in WPBT solutions.

 

(Related Reading: Malware- one of the types of Cyber Threats)

 

According to TheHackerNews, the WPBT method can accept a signed binary with a revoked or expired certificate to entirely circumvent the integrity check, allowing an attacker to sign a malicious binary with an already accessible expired certificate and run arbitrary code with kernel privileges when the device starts up.

 

Microsoft has advised applying a Windows Defender Application Limit (WDAC) policy to strictly control what binaries can be allowed to execute on devices in response to the results.Researchers have discovered a second set of flaws in the boot process of devices that may be exploited to achieve remote execution. 

 

The current revelation comes after a different series of findings in June 2021 involving a group of four vulnerabilities known as BIOS Disconnects.

Tags #Technology
Advertisement

harperjacklinef06494c96ac64335

Jul 30, 2024

The Hack Angels; Qualified and Licensed Recovery Experts For Stolen Cryptocurrency. Despite the common belief that lost or stolen bitcoin is irretrievable, the advancements in blockchain forensics have made the recovery process more accessible than ever before. While only a select few professional recovery experts and hackers possess the skills necessary to accomplish such complex tasks, they can offer a lifeline to victims who have lost significant amounts of cryptocurrency, ranging from 300k to 700k. To increase your chances of successful recovery, it is crucial to open a detailed case with the smart contract audit experts THE HACK ANGELS.  Take the first step towards reclaiming your stolen funds by reaching out to them via; Web: https://thehackangels.com  , Whats Ap; +1 520) - 200, 23  20 ,Or Mail Box; support@thehackangels. com

mayconlewis85d9493981f0a4c1d

Aug 05, 2024

How to Recover lost Bitcoin and USDT from scammers / By Captain WebGenesis. Attempting to recover your funds independently can often lead to further complications and potential loss of valuable time and resources. By consulting crypto recovery experts like Captain WebGenesis, you equip yourself with a dedicated team that will work tirelessly on your behalf towards reclaiming what rightfully belongs to you. I got into a cryptocurrency investment setback where I invested over $343,000 of which I couldn’t gain access after some weeks of dealing with these so-called crypto investment websites. I was lucky enough to get in touch with Captain WebGenesis who was able to recover a significant amount of my lost funds. Email: (Captainwebgenesis@hackermail. com) or Visit (www. captainwebgenesis. com) for more information. WhatsApp; +1 (501) 436 9362.

mayconlewis85d9493981f0a4c1d

Aug 05, 2024

How to Recover lost Bitcoin and USDT from scammers / By Captain WebGenesis. Attempting to recover your funds independently can often lead to further complications and potential loss of valuable time and resources. By consulting crypto recovery experts like Captain WebGenesis, you equip yourself with a dedicated team that will work tirelessly on your behalf towards reclaiming what rightfully belongs to you. I got into a cryptocurrency investment setback where I invested over $343,000 of which I couldn’t gain access after some weeks of dealing with these so-called crypto investment websites. I was lucky enough to get in touch with Captain WebGenesis who was able to recover a significant amount of my lost funds. Email: (Captainwebgenesis@hackermail. com) or Visit (www. captainwebgenesis. com) for more information. WhatsApp; +1 (501) 436 9362.

jacobfrancis1011abb1ccdcba554b1c

Aug 06, 2024

HOW DO I RECOVER MY FUNDS FROM A CRYPTO SCAM / Go Through ULTIMATE HACKER JERRY I am a victim of stolen cryptocurrency, and this is how ULTIMATE HACKER JERRY Recovered MY CRYPTO FUNDS. Their comprehensive research of the blockchain, as well as their competence in crypto recovery, convinced me. This company has successfully retrieved stolen cryptocurrency, including bitcoin, from compromised wallets.  I was astounded at how quickly my crypto wallet was secured and my crypto cash restored to me; I wholeheartedly endorse the services of this reputable crypto recovery business. Contact ULTIMATE HACKER JERRY and be confident that your cryptocurrency/bitcoin funds will be successfully recovered and safeguarded. Homepage; ultimatehackarjerry. co m  Text /Call ; + 1 (458) 308 (08 25  E-mail; contact@ ultimatehackarjerry .c om

franklew9947d49b2ca4cae4a17

Aug 12, 2024

I’m very grateful for the services of FIRMWALL CYBER SECURITY who was able to help me in the recovery of my lost crypto funds. I contacted the Firmwall cyber security team a week ago to tell them about my lost crypto and how I was hacked into by conmen pretending to be crypto investors. Luckily for me, the Firmwall cyber security team was able to detect the scam and helped me recover all my crypto assets within 42 hours. I’m very grateful for their service and I highly recommend their services for the recovery of your crypto funds. They are very professional and ethical, with a high success rate. E-MAIL: FIRMWALLCYBER@TECHIE.COM WEB: firmwallcyber. wixsite. com / firmwall WHATS APP: +1 430   422-5166

franklew9947d49b2ca4cae4a17

Aug 12, 2024

I’m very grateful for the services of FIRMWALL CYBER SECURITY who was able to help me in the recovery of my lost crypto funds. I contacted the Firmwall cyber security team a week ago to tell them about my lost crypto and how I was hacked into by conmen pretending to be crypto investors. Luckily for me, the Firmwall cyber security team was able to detect the scam and helped me recover all my crypto assets within 42 hours. I’m very grateful for their service and I highly recommend their services for the recovery of your crypto funds. They are very professional and ethical, with a high success rate. E-MAIL: FIRMWALLCYBER@TECHIE.COM WEB: firmwallcyber. wixsite. com / firmwall WHATS APP: +1 430   422-5166

franklew9947d49b2ca4cae4a17

Aug 12, 2024

I’m very grateful for the services of FIRMWALL CYBER SECURITY who was able to help me in the recovery of my lost crypto funds. I contacted the Firmwall cyber security team a week ago to tell them about my lost crypto and how I was hacked into by conmen pretending to be crypto investors. Luckily for me, the Firmwall cyber security team was able to detect the scam and helped me recover all my crypto assets within 42 hours. I’m very grateful for their service and I highly recommend their services for the recovery of your crypto funds. They are very professional and ethical, with a high success rate. E-MAIL: FIRMWALLCYBER@TECHIE.COM WEB: firmwallcyber. wixsite. com / firmwall WHATS APP: +1 430   422-5166

franklew9947d49b2ca4cae4a17

Aug 12, 2024

I’m very grateful for the services of FIRMWALL CYBER SECURITY who was able to help me in the recovery of my lost crypto funds. I contacted the Firmwall cyber security team a week ago to tell them about my lost crypto and how I was hacked into by conmen pretending to be crypto investors. Luckily for me, the Firmwall cyber security team was able to detect the scam and helped me recover all my crypto assets within 42 hours. I’m very grateful for their service and I highly recommend their services for the recovery of your crypto funds. They are very professional and ethical, with a high success rate. E-MAIL: FIRMWALLCYBER@TECHIE.COM WEB: firmwallcyber. wixsite. com / firmwall WHATS APP: +1 430   422-5166

wernersharon28a2712991f4434f8d

Aug 26, 2024

What to do if You’ve Been a Victim of a Cryptocurrency Scam. Captain WebGenesis Recovery is a team of experienced professionals well versed with blockchain technology and forensic analysis enabling them play a huge role in helping scam victims reclaim their stolen funds back. If you have been the victim of cryptocurrency fraud, it is vital that you seek their help as soon as possible. The crypto recovery process can be extremely complex, but Captain WebGenesis will help you navigate the complex world of crypto recovery and shine a light on the best path towards recovering your hard-earned assets.you can contact the team through WhatsApp; +1(501)436-9362. Alternatively, email them at (Captainwebgenesis@hackermail.com).

wernersharon28a2712991f4434f8d

Aug 26, 2024

What to do if You’ve Been a Victim of a Cryptocurrency Scam. Captain WebGenesis Recovery is a team of experienced professionals well versed with blockchain technology and forensic analysis enabling them play a huge role in helping scam victims reclaim their stolen funds back. If you have been the victim of cryptocurrency fraud, it is vital that you seek their help as soon as possible. The crypto recovery process can be extremely complex, but Captain WebGenesis will help you navigate the complex world of crypto recovery and shine a light on the best path towards recovering your hard-earned assets.you can contact the team through WhatsApp; +1(501)436-9362. Alternatively, email them at (Captainwebgenesis@hackermail.com).