1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Millions of Windows 10 PCs exposed by nasty security vulnerabilit

    From TechnologyDaily@1337:1/100 to All on Mon Sep 27 16:15:04 2021
    Millions of Windows 10 PCs exposed by nasty security vulnerability

    Date:
    Mon, 27 Sep 2021 15:04:52 +0000

    Description:
    Microsoft wrongly implemented a critical firmware mechanism to work even with expired and revoked certificates.

    FULL STORY ======================================================================

    Security researchers have found a flaw in Microsofts implementation of the Microsoft Windows Platform Binary Table (WPBT) mechanism, which can be exploited to compromise computers running Windows 8 and Windows 10 operating systems.

    Microsoft describes WPBT as a fixed firmware Advanced Configuration and Power Interface (ACPI) table that was introduced with Windows 8 to enable OEMs and vendors to execute programs every time the Windows device boots up.

    The Eclypsium research team has identified a weakness in Microsofts WPBT capability that can allow an attacker to run malicious code with kernel privileges when a device boots up, note the researchers. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << Protect your devices
    with these best antivirus software Here's our choice of the best malware removal software on the market These are the best ransomware protection tools

    The researchers backed their claims with a video demonstrating the attacks on a secured-core PC running the latest boot protections. OEM rootkit

    The researchers claim that while WPBT has been adopted by popular vendors including Lenovo , ASUS , and several others, security researcher and co-author of Windows Internals , Alex Ionescu has flagged the dangers of WPBT as a rootkit as early as 2012.

    Eclypsium found the vulnerability in WPBT while working on the BIOSDisconnect vulnerabilities it reported earlier this year in June, which exposed Dell devices to remote execution attacks.

    The WPBT issue stems from the fact that while Microsoft requires a WPBT
    binary to be signed, it will accept an expired or revoked certificate, giving attackers the opportunity to sign malicious binaries with any readily available expired certificate.

    This weakness can be potentially exploited via multiple vectors (e.g.
    physical access, remote, and supply chain) and by multiple techniques (e.g. malicious bootloader, DMA, etc), the researchers reason. These are the best endpoint protection tools



    ======================================================================
    Link to news story: https://www.techradar.com/news/nasty-security-vulnerability-exposes-millions-o f-windows-10-pcs/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)