Microsoft Windows is no longer secure: A new bug can enable hackers to install Rootkit in your device

Sep 25, 2021 | Shaoni Ghosh

Microsoft Windows is no longer secure: A new bug can enable hackers to install Rootkit in your device title banner

The Findings

 

Researchers discovered an unfixed vulnerability in Microsoft's Windows Platform Binary Table (WPBT), which impacts all Windows-based devices since Windows 8, and may be used to install a rootkit and compromise device integrity.

 

Every OS is vulnerable to attacks that install fake vendor-specific tables due to loopholes in Windows. Because of the widespread use of ACPI and WPBT, these motherboard-level vulnerabilities may render projects like Secured-core obsolete.Experts claim that attackers with physical access or remote access can misuse these tables.

 

WPBT is a feature that was first introduced in Windows 8 in 2012 and allows boot firmware to supply Windows with a platform binary that the OS may process.

 

PC makers can use UEFI to point to certified portable executables or other vendor-specific drivers that are included in the UEFI firmware ROM image and can be loaded into physical memory during Windows boot-up. To put it another way, it enables users to pre-load any OS code before running it on a device.

 

WPBT is built to keep important functions like anti-theft software running even if the operating system is changed, formatted, or reinstalled.

 

(Recommended Blog: Security Analytics)

 

Misuse of the technology, according to Microsoft, might pose a security risk. It also allows the installation of rootkits on computers.

 

(Must Check: 7 Best Data Security Practices)

 

WPBT-based solutions must be as safe as feasible, with no vulnerable circumstances for Windows users. Microsoft warns that the Malware (malicious software or undesirable software) must not be deployed without the agreement of the user in WPBT solutions.

 

(Related Reading: Malware- one of the types of Cyber Threats)

 

According to TheHackerNews, the WPBT method can accept a signed binary with a revoked or expired certificate to entirely circumvent the integrity check, allowing an attacker to sign a malicious binary with an already accessible expired certificate and run arbitrary code with kernel privileges when the device starts up.

 

Microsoft has advised applying a Windows Defender Application Limit (WDAC) policy to strictly control what binaries can be allowed to execute on devices in response to the results.Researchers have discovered a second set of flaws in the boot process of devices that may be exploited to achieve remote execution. 

 

The current revelation comes after a different series of findings in June 2021 involving a group of four vulnerabilities known as BIOS Disconnects.

Tags #Technology
Advertisement

dolorisbesseluls73da461416920e4aee

Nov 28, 2023

Crypto Currency’s has been the general direction of the economic development which individuals like to save up with instead of banks. I lost my bitcoin to fake blockchain impostors on Facebook when they contacted me as blockchain official support and I fell for their mischievous act. Whatever information I gave them, made them gain access into my blockchain wallet and made away with my $955,000. I lost it and almost in a comma because this were all my savings waiting for bitcoin rate to improve. I wrote directly to the specialist whom I was referred to by my sister-in-law ( century@cyberservices.com ) explaining my loss. He helped me recover my crypto in just after 8hours and he as well helped me launch the recovery program all thanks to his expertise. I believe that someone out there will need his great services that is why I am referring him to someone. Reach out to Century Hackers to recover you lost funds from any form online. You can also email them via website: https://centurycyberhacker.pro/ Telegram @Marvels109

bohachsalmafca9d9c65b224197

Nov 28, 2023

Recovering Scammed Crypto; How Captain WebGenesis can help Reclaim Stolen Funds. What to do If you are a victim of Crypto Scam? Can you recover stolen or scammed Crypto? Can you recover funds after a scam? Crypto Investment Gone Wrong. How To Hire A Hacker To Get Back Stolen Crypto Coins // Hire A Hacker To Recover Lost Or Stolen Bitcoin/Nft // Help I Can't Access My USDT Account, Seems I Got Hacked // Bitcoin Recovery Expert Needed// Cryptocurrency Scam Recovery // Recover Lost Funds Captain WebGenesis Recovery is a team of experienced professionals well versed with blockchain technology and forensic analysis enabling them play a huge role in helping scam victims reclaim their stolen funds back. Email; Captainwebgenesis@hackermail.com Visit ; https://captainwebgenesis.com

bohachsalmafca9d9c65b224197

Nov 28, 2023

Recovering Scammed Crypto; How Captain WebGenesis can help Reclaim Stolen Funds. What to do If you are a victim of Crypto Scam? Can you recover stolen or scammed Crypto? Can you recover funds after a scam? Crypto Investment Gone Wrong. How To Hire A Hacker To Get Back Stolen Crypto Coins // Hire A Hacker To Recover Lost Or Stolen Bitcoin/Nft // Help I Can't Access My USDT Account, Seems I Got Hacked // Bitcoin Recovery Expert Needed// Cryptocurrency Scam Recovery // Recover Lost Funds Captain WebGenesis Recovery is a team of experienced professionals well versed with blockchain technology and forensic analysis enabling them play a huge role in helping scam victims reclaim their stolen funds back. Email; Captainwebgenesis@hackermail.com Visit ; https://captainwebgenesis.com

michaelshellenb0ce0ba6742ed484b

Jan 03, 2024

Mi nombre es Michael. Si soy honesto, algunas de estas personas en línea que publican sobre la imposibilidad de recuperar criptomonedas (Bitcoin) también podrían ser estafadores. ¡Los mismos que no quieren que les arrebaten sus recursos adquiridos ilegalmente! Piénsalo. Mucha gente ha recuperado su riqueza, pero un número casi igual de personas intenta demostrar que esto es imposible: un complot bastante agradable e inteligente. Dos amigos y yo recuperamos nuestras criptomonedas. Considero que compartir los detalles de la cantidad involucrada y la historia más profunda es bastante excesivo, pero mi punto y mensaje es que logré recuperar mi Bitcoin a través de un hacker. Se llaman Exner Pro Hacker. Comparten un correo electrónico similar, Exnerprohacker@protonmail.com. No se desanime por los rumores en línea, pruébelo usted mismo. Lo bueno es que siempre tienes el control y la ventaja durante todo el proceso.

manonsofia62e1a964bc855f4af6

Jan 11, 2024

Need Help To Recover Lost Crypto funds? Contact Captain WebGenesis. When I started the process of investing in Cryptocurrency assets , I never imagined that it would lead me to scam companies that defraud investors of their hard-earned money. I had deposited my entire life savings into a cryptocurrency investment company only to discover after 2 weeks that it was a scam. I Completely felt hopeless and totally demoralized. Captain WebGenesis was responsive, knowledgeable, and helpful from the moment I got in touch with them. The entire recovery process was carried out in a way that provided me with realistic expectations, which I required. I thank you immensely Captain WebGenesis, for helping me recover my Lost cryptocurrency. As promised, I'm recommending your services. Contact Captain WebGenesis Via; E-mail; Captainwebgenesis @hackermail. com Learn More; https://captainwebgenesis.com

manonsofia62e1a964bc855f4af6

Jan 11, 2024

Need Help To Recover Lost Crypto funds? Contact Captain WebGenesis. When I started the process of investing in Cryptocurrency assets , I never imagined that it would lead me to scam companies that defraud investors of their hard-earned money. I had deposited my entire life savings into a cryptocurrency investment company only to discover after 2 weeks that it was a scam. I Completely felt hopeless and totally demoralized. Captain WebGenesis was responsive, knowledgeable, and helpful from the moment I got in touch with them. The entire recovery process was carried out in a way that provided me with realistic expectations, which I required. I thank you immensely Captain WebGenesis, for helping me recover my Lost cryptocurrency. As promised, I'm recommending your services. Contact Captain WebGenesis Via; E-mail; Captainwebgenesis @hackermail. com Learn More; https://captainwebgenesis.com

Mercy Cole

Jan 25, 2024

Blessed day to anyone reading this article i'm Zoya Ali, I really want to gives thanks to Mr James & his team for his expertise in crypto currency recovery prowess. At first I had my doubts about him because not everything online is real these days due to several s,c,a,m,.s. But Mr James assured me that I would get my money back within few hours I mean all the money that had been taken from me through fraudulent bitcoin investments and money that was stolen from my wallets, I had lost all hope and trust that i'll ever get my money back, I was at the lowest point of my life, i was almost rendered homeless, but just like magic i came across an article on facebook on how Mr James had once showed his skills and helped them recover back their money lost through online scams and fake love romance scam. In which i also had to give trust a try low and behold my insticnt didn't fail me. he made sure i got all the money after giving him all the details on how i made transactions and also all the wallet details i used and he did a great Job and put smiles on my face and made me bounce back to my life, i can still recall all the pains and heart break i expireced i almost killed my self but mr james did a miracle in my life. So i sincerely want to appreciate this Genius Hacker (jamesmckaywizard) for his help and assistance and professionalism in making sure I got my money back. feel free to reach out to him and trust him aswell for the job Email: jamesmckaywizard@gmail.com or whats'sapp : +44 7826 613094

matisraphael1ecc345a5ed544ec9

Feb 22, 2024

How to Recover Lost Coins from Hacked Crypto Wallet / By Captain WebGenesis. A phishing scam was used by an imposter pretending to be a celebrity artist to steal $204,700 worth of cryptocurrency from my Trust wallet. I was helpless, depressed, and ready to do anything to get my money back. I used all essential methods, but to no avail. I came across numerous glowing testimonials for Captain WebGenesis, a company that helps most victims of financial fraud recover their money. I took action and made contact with the professional. Fortunately, all of my misplaced money was found and returned to my wallet. I wholeheartedly recommend Captain WebGenesis to all victims of scam who want their money returned. WhatsaPP; +1(701) 314)-2729. Email address.; (captainwebgenesis@hackermail.com) Web;https://captainwebgenesis.com

matisraphael1ecc345a5ed544ec9

Feb 22, 2024

How to Recover Lost Coins from Hacked Crypto Wallet / By Captain WebGenesis. A phishing scam was used by an imposter pretending to be a celebrity artist to steal $204,700 worth of cryptocurrency from my Trust wallet. I was helpless, depressed, and ready to do anything to get my money back. I used all essential methods, but to no avail. I came across numerous glowing testimonials for Captain WebGenesis, a company that helps most victims of financial fraud recover their money. I took action and made contact with the professional. Fortunately, all of my misplaced money was found and returned to my wallet. I wholeheartedly recommend Captain WebGenesis to all victims of scam who want their money returned. WhatsaPP; +1(701) 314)-2729. Email address.; (captainwebgenesis@hackermail.com) Web;https://captainwebgenesis.com

mary james

Feb 28, 2024

LEGIT AND FAST WAY TO RECOVER YOUR BITCOIN/CRYPTO 2024 I was scammed over ( $345,000 ) by someone I met online on a fake investment project. I started searching for help legally to recover my money and I came across a lot of Testimonies about ETHICREFINANCE Recovery Expects. I contacted them providing the necessary information's and it took the experts about 27hours to locate and help recover my stolen funds. I am so relieved and the best part was, the scammer was located and arrested by local authorities in his region. I hope this help as many out there who are victims and have lost to these fake online investment scammers. I strongly recommend their professional services for assistance with swift and efficient recovery. They can reached through the link below. Email Address: ethicsrefinance @gmail com Telegram: @ethicsrefinance