Microsoft Windows is no longer secure: A new bug can enable hackers to install Rootkit in your device

Sep 25, 2021 | Shaoni Ghosh

Microsoft Windows is no longer secure: A new bug can enable hackers to install Rootkit in your device title banner

The Findings

 

Researchers discovered an unfixed vulnerability in Microsoft's Windows Platform Binary Table (WPBT), which impacts all Windows-based devices since Windows 8, and may be used to install a rootkit and compromise device integrity.

 

Every OS is vulnerable to attacks that install fake vendor-specific tables due to loopholes in Windows. Because of the widespread use of ACPI and WPBT, these motherboard-level vulnerabilities may render projects like Secured-core obsolete.Experts claim that attackers with physical access or remote access can misuse these tables.

 

WPBT is a feature that was first introduced in Windows 8 in 2012 and allows boot firmware to supply Windows with a platform binary that the OS may process.

 

PC makers can use UEFI to point to certified portable executables or other vendor-specific drivers that are included in the UEFI firmware ROM image and can be loaded into physical memory during Windows boot-up. To put it another way, it enables users to pre-load any OS code before running it on a device.

 

WPBT is built to keep important functions like anti-theft software running even if the operating system is changed, formatted, or reinstalled.

 

(Recommended Blog: Security Analytics)

 

Misuse of the technology, according to Microsoft, might pose a security risk. It also allows the installation of rootkits on computers.

 

(Must Check: 7 Best Data Security Practices)

 

WPBT-based solutions must be as safe as feasible, with no vulnerable circumstances for Windows users. Microsoft warns that the Malware (malicious software or undesirable software) must not be deployed without the agreement of the user in WPBT solutions.

 

(Related Reading: Malware- one of the types of Cyber Threats)

 

According to TheHackerNews, the WPBT method can accept a signed binary with a revoked or expired certificate to entirely circumvent the integrity check, allowing an attacker to sign a malicious binary with an already accessible expired certificate and run arbitrary code with kernel privileges when the device starts up.

 

Microsoft has advised applying a Windows Defender Application Limit (WDAC) policy to strictly control what binaries can be allowed to execute on devices in response to the results.Researchers have discovered a second set of flaws in the boot process of devices that may be exploited to achieve remote execution. 

 

The current revelation comes after a different series of findings in June 2021 involving a group of four vulnerabilities known as BIOS Disconnects.

Tags #Technology
Advertisement

bronzemillie76c2fb3d4fe3e246bf

Sep 17, 2023

HOW TO SUCCESSFULLY RECOVER STOLEN CRYPTO FROM SCAMMERS. Before making any bitcoin investments, always exercise caution and undertake careful study. On the internet, I came across a post regarding a cryptocurrency trading platform. They had a pleasant conversation before investing and displaying early profits. After investing with the company I discovered there is no withdrawal option and that you must get their permission to make withdrawals after investing with the firm. On deciding to retire my profits, they provided multiple excuses which included paying huge taxes to activate my withdrawals. I promptly asked a buddy for advice, and she suggested Captain WebGenesis, a qualified professional that could assist me in recovering my money. In the end, Captain WebGenesis was successful in recovering 80% of my stolen Bitcoin. If by any means you're also a victim of online scam kindly send a message across to the Expert via: Mail Add; ; (captainwebgenesis@hackermail.com) Whatsapp; +1(205) 336-1020. Learn More; https://captainwebgenesis.com/

bronzemillie76c2fb3d4fe3e246bf

Sep 17, 2023

HOW TO SUCCESSFULLY RECOVER STOLEN CRYPTO FROM SCAMMERS. Before making any bitcoin investments, always exercise caution and undertake careful study. On the internet, I came across a post regarding a cryptocurrency trading platform. They had a pleasant conversation before investing and displaying early profits. After investing with the company I discovered there is no withdrawal option and that you must get their permission to make withdrawals after investing with the firm. On deciding to retire my profits, they provided multiple excuses which included paying huge taxes to activate my withdrawals. I promptly asked a buddy for advice, and she suggested Captain WebGenesis, a qualified professional that could assist me in recovering my money. In the end, Captain WebGenesis was successful in recovering 80% of my stolen Bitcoin. If by any means you're also a victim of online scam kindly send a message across to the Expert via: Mail Add; ; (captainwebgenesis@hackermail.com) Whatsapp; +1(205) 336-1020. Learn More; https://captainwebgenesis.com/

brownteddy05051447f67e3064c98

Sep 18, 2023

Please allow me to take this opportunity to thank you so much for everything you did for me, Lord Hacker Ultimate. I sincerely appreciate all of your effort in finding my misplaced Bitcoin and your positive outlook. I appreciate your willingness to go above and beyond and the fact that you and your staff members are always available to lend a hand. You are a great value to the Bitcoin community, and I consider myself fortunate to have you as their client. Lord Hacker Ultimate is really appreciated. Contact the support team on: Email: L.H.ULTIMATE@FASTSERVICE.COM, WhatsApp No: +19095063423, YouTube page: @lordhackerultimate

willc80983baeb722c5724451

Sep 21, 2023

OMEGA CRYPTOS SPECIALIST IS SIMPLY THE BEST TO RECOVER YOUR SCAMMED CRYPTOCURRENCIES Hello... My name is Will Chris I know people try to invest their money in cryptocurrencies in the hopes of making more money over time. This is not necessarily a bad thing, but scammers online take advantage of this opportunity to defraud people. I was a victim, but thanks to the OMEGA CRYPTOS SPECIALIST team, I was able to reclaim my money. Please be cautious; these scammers are not good people. The OMEGA team explained how they were able to successfully manipulate my investment, and I am now more cautious. Reach out to them right now because they are retrieving money from scammers. (Mail; Omegacryptos@consultant.com) (What'sApp +1-2-5-1-2-1-6-6-4-6-6)

willc80983baeb722c5724451

Sep 21, 2023

OMEGA CRYPTOS SPECIALIST IS SIMPLY THE BEST TO RECOVER YOUR SCAMMED CRYPTOCURRENCIES Hello... My name is Will Chris I know people try to invest their money in cryptocurrencies in the hopes of making more money over time. This is not necessarily a bad thing, but scammers online take advantage of this opportunity to defraud people. I was a victim, but thanks to the OMEGA CRYPTOS SPECIALIST team, I was able to reclaim my money. Please be cautious; these scammers are not good people. The OMEGA team explained how they were able to successfully manipulate my investment, and I am now more cautious. Reach out to them right now because they are retrieving money from scammers. (Mail; Omegacryptos@consultant.com) (What'sApp +1-2-5-1-2-1-6-6-4-6-6)

willc80983baeb722c5724451

Sep 21, 2023

OMEGA CRYPTOS SPECIALIST IS SIMPLY THE BEST TO RECOVER YOUR SCAMMED CRYPTOCURRENCIES Hello... My name is Will Chris I know people try to invest their money in cryptocurrencies in the hopes of making more money over time. This is not necessarily a bad thing, but scammers online take advantage of this opportunity to defraud people. I was a victim, but thanks to the OMEGA CRYPTOS SPECIALIST team, I was able to reclaim my money. Please be cautious; these scammers are not good people. The OMEGA team explained how they were able to successfully manipulate my investment, and I am now more cautious. Reach out to them right now because they are retrieving money from scammers. (Mail; Omegacryptos@consultant.com) (What'sApp +1-2-5-1-2-1-6-6-4-6-6)

willc80983baeb722c5724451

Sep 21, 2023

OMEGA CRYPTOS SPECIALIST IS SIMPLY THE BEST TO RECOVER YOUR SCAMMED CRYPTOCURRENCIES Hello... My name is Will Chris I know people try to invest their money in cryptocurrencies in the hopes of making more money over time. This is not necessarily a bad thing, but scammers online take advantage of this opportunity to defraud people. I was a victim, but thanks to the OMEGA CRYPTOS SPECIALIST team, I was able to reclaim my money. Please be cautious; these scammers are not good people. The OMEGA team explained how they were able to successfully manipulate my investment, and I am now more cautious. Reach out to them right now because they are retrieving money from scammers. (Mail; Omegacryptos@consultant.com) (What'sApp +1-2-5-1-2-1-6-6-4-6-6)

willc80983baeb722c5724451

Sep 21, 2023

OMEGA CRYPTOS SPECIALIST IS SIMPLY THE BEST TO RECOVER YOUR SCAMMED CRYPTOCURRENCIES Hello... My name is Will Chris I know people try to invest their money in cryptocurrencies in the hopes of making more money over time. This is not necessarily a bad thing, but scammers online take advantage of this opportunity to defraud people. I was a victim, but thanks to the OMEGA CRYPTOS SPECIALIST team, I was able to reclaim my money. Please be cautious; these scammers are not good people. The OMEGA team explained how they were able to successfully manipulate my investment, and I am now more cautious. Reach out to them right now because they are retrieving money from scammers. (Mail; Omegacryptos@consultant.com) (What'sApp +1-2-5-1-2-1-6-6-4-6-6)

willc80983baeb722c5724451

Sep 21, 2023

OMEGA CRYPTOS SPECIALIST IS SIMPLY THE BEST TO RECOVER YOUR SCAMMED CRYPTOCURRENCIES Hello... My name is Will Chris I know people try to invest their money in cryptocurrencies in the hopes of making more money over time. This is not necessarily a bad thing, but scammers online take advantage of this opportunity to defraud people. I was a victim, but thanks to the OMEGA CRYPTOS SPECIALIST team, I was able to reclaim my money. Please be cautious; these scammers are not good people. The OMEGA team explained how they were able to successfully manipulate my investment, and I am now more cautious. Reach out to them right now because they are retrieving money from scammers. (Mail; Omegacryptos@consultant.com) (What'sApp +1-2-5-1-2-1-6-6-4-6-6)

laicestereverlyn6ed6b64547274004

Sep 21, 2023

I am aware firsthand of the devastation that losing a Bitcoin can cause, particularly if its value has increased. I recently lost my Bitcoin due to a phishing assault. I was inconsolable and believed I would never see my money again. However, I then learned about Bitcoin recovery services. I was initially dubious, but I made the decision to give it a shot. I'm so happy I did. Within a few weeks, the Bitcoin recovery staff at Lord Hacker Ultimate Digital Assets Recovery was able to retrieve my Bitcoin. They were competent, skilled, and professional. I'm extremely appreciative of their support. To speak to a rep of Lord Hacker Ultimate Digital Recovery Assets, Email: L.H.ULTIMATE@FASTSERVICE.COM,  WhatsApp No: +19095063423, website: lordhackerultimatee.wixsite.com/hacker, YouTube page: @lordhackerultimate