Microsoft Windows is no longer secure: A new bug can enable hackers to install Rootkit in your device

Sep 25, 2021 | Shaoni Ghosh

Microsoft Windows is no longer secure: A new bug can enable hackers to install Rootkit in your device title banner

The Findings

 

Researchers discovered an unfixed vulnerability in Microsoft's Windows Platform Binary Table (WPBT), which impacts all Windows-based devices since Windows 8, and may be used to install a rootkit and compromise device integrity.

 

Every OS is vulnerable to attacks that install fake vendor-specific tables due to loopholes in Windows. Because of the widespread use of ACPI and WPBT, these motherboard-level vulnerabilities may render projects like Secured-core obsolete.Experts claim that attackers with physical access or remote access can misuse these tables.

 

WPBT is a feature that was first introduced in Windows 8 in 2012 and allows boot firmware to supply Windows with a platform binary that the OS may process.

 

PC makers can use UEFI to point to certified portable executables or other vendor-specific drivers that are included in the UEFI firmware ROM image and can be loaded into physical memory during Windows boot-up. To put it another way, it enables users to pre-load any OS code before running it on a device.

 

WPBT is built to keep important functions like anti-theft software running even if the operating system is changed, formatted, or reinstalled.

 

(Recommended Blog: Security Analytics)

 

Misuse of the technology, according to Microsoft, might pose a security risk. It also allows the installation of rootkits on computers.

 

(Must Check: 7 Best Data Security Practices)

 

WPBT-based solutions must be as safe as feasible, with no vulnerable circumstances for Windows users. Microsoft warns that the Malware (malicious software or undesirable software) must not be deployed without the agreement of the user in WPBT solutions.

 

(Related Reading: Malware- one of the types of Cyber Threats)

 

According to TheHackerNews, the WPBT method can accept a signed binary with a revoked or expired certificate to entirely circumvent the integrity check, allowing an attacker to sign a malicious binary with an already accessible expired certificate and run arbitrary code with kernel privileges when the device starts up.

 

Microsoft has advised applying a Windows Defender Application Limit (WDAC) policy to strictly control what binaries can be allowed to execute on devices in response to the results.Researchers have discovered a second set of flaws in the boot process of devices that may be exploited to achieve remote execution. 

 

The current revelation comes after a different series of findings in June 2021 involving a group of four vulnerabilities known as BIOS Disconnects.

Tags #Technology

lauravivian612

Nov 22, 2021

I could definitely Recall and Remember when I first contacted Mr Roland Richard, an outstanding skillful Forex/Binary expert broker that’s well known world-wide. I won’t lie folks. I was so skeptical, scared and doubtful about Forex/Binary Trades but Billy proved me wrong as I made a successful unexpected withdrawal of $13,000 after 7 days by investing on the standard plan of $1,000 on his legitimate platform/company. Indeed Roland really assisted me to achieve so much in life financially and I’ve cleared all my debts and bills thanks to you Sir. Contact Roland Richard at What’s-app: ‪+16316188855 Email: mikeforextrading453@gmail.com