Millions of Windows 10 PCs exposed by nasty security vulnerability

Flaw allows attacks even on secured-core PCs

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have found a flaw inMicrosoft’s implementation of the Microsoft Windows Platform Binary Table (WPBT) mechanism, which can be exploited to compromise computers runningWindows 8andWindows 10operating systems.

Microsoft describes WPBT as a fixed firmware Advanced Configuration and Power Interface (ACPI) table that was introduced withWindows 8to enable OEMs and vendors to execute programs every time the Windows device boots up.

“The Eclypsium research team has identified a weakness in Microsoft’s WPBT capability that can allow an attacker to run malicious code with kernel privileges when a device boots up,”notethe researchers.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

The researchers backed their claims with a video demonstrating the attacks on asecured-core PCrunning the latest boot protections.

OEM rootkit

The researchers claim that while WPBT has been adopted by popular vendors includingLenovo,ASUS, and several others, security researcher and co-author ofWindows Internals, Alex Ionescu has flagged the dangers of WPBT as a rootkit as early as 2012.

Eclypsium found the vulnerability in WPBT while working on theBIOSDisconnect vulnerabilitiesit reported earlier this year in June, which exposedDell devicesto remote execution attacks.

The WPBT issue stems from the fact that while Microsoft requires a WPBT binary to be signed, it will accept an expired or revoked certificate, giving attackers the opportunity to sign malicious binaries with “any readily available expired certificate.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“This weakness can be potentially exploited via multiple vectors (e.g. physical access, remote, and supply chain) and by multiple techniques (e.g. malicious bootloader, DMA, etc),” the researchers reason.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

Scammers are using fake copyright infringement claims to hack businesses