Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices.
“These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables,” researchers from Eclypsium said in a report published on Monday. “These tables can be exploited by attackers with direct physical access, with remote access, or through manufacturer supply chains. More importantly, these motherboard-level flaws can obviate initiatives like Secured-core because of the ubiquitous usage of ACPI [Advanced Configuration and Power Interface] and WPBT.”
WPBT, introduced with Windows 8 in 2012, is a feature that enables “boot firmware to provide Windows with a platform binary that the operating system can execute.”
In other words, it allows PC manufacturers to point to a signed portable executables or other vendor-specific drivers that come as part of the UEFI firmware ROM image in such a manner that it can be loaded into physical memory during Windows initialization and…