Category: Microsoft|Sep 25, 2021 | Author: Admin

All versions of Windows are exposed

• windows
• microsoft
• defender
• rootkit
• permalink

Share on

 Facebook |  Twitter |  LinkedIn |  Reddit

A bug in the "Windows Platform Binary Table" allows attackers to install rootkits on Windows 8 and later.

Microsoft's solution does not seem to be optimal for maximum security

The error can be exploited with physical, remote access, or via distribution chains.

 

Microsoft now recommends enabling the "Windows Defender Application Control" rule in companies.

 

This enables stricter control over which code runs on the machine and opens insecure content in a closed environment.

 

The problem is that the WPBT check (the security mechanism was introduced in 2012 with Windows 8, and delivers as Microsoft explains the "boot firmware to deliver to Windows a boot file that the OS can run") can be tricked into accepting an expired security Certificate

 

- This allows attackers to run dangerous code with a certificate that is already available.

 

Much of the point of WPBT is to defend security software if one were to be hacked, but because these can be installed on the machine indefinitely, it is important that the holes are sealed, and that has not happened now.

 

 

WPBT is not secure unless updated

According to the security experts at "Eclypsium", it is very easy to exploit the error.

 

"These errors make all Windows systems vulnerable to attacks that can easily put the same thing and install malicious code in selected tables.

 

These tables can be used by attackers with direct physical access, via the web or via distribution channels.

 

More importantly, the errors in the motherboards eliminate the "Secured" core due to the ubiquitous use of ACPI ("Advanced Configuration and Power Interface") and WPBT.

 

Comments: