Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
A rootkit is a type of malicious tool that hackers create silently to take full control of the victim's system. More dangerous, rootkits can hide deep in the operating system to avoid detection.
WPBT is the ACPI (Advanced Configuration and Power Interface) fixed firmware board introduced by Microsoft since Windows 8. Its mission is to allow vendors to execute programs every time the device boots.
However, besides allowing OEMs to forcibly install critical software that cannot be bundled with WINdows installation, this mechanism also allows hackers to deploy malicious tools. Microsoft itself has warned about this in their support documents.
Affects all computers running Windows 8 and above
This vulnerability was discovered by security researchers of Eclypsium. To exploit the vulnerability, hackers can use other techniques such as allowing writes to the memory where ACPI tables (including WPBT) are located or using a bootloader containing malicious code.
Hackers can successfully attack by abusing the BootHole vulnerability that allows Secure Boot bypass or DMA attacks from peripheral devices or other vulnerable components.
Here is a video demo of Eclypsium's attack:
Remedies
After receiving the notice from Eclypsium, Microsoft recommended that users use the Windows Defender Application Control (WADC) policy to control which binaries can run on Windows devices. WDAC policies can only be created on clients running Windows 10 version 1903 or later, Windows 11 or Windows Server 2016 or later.
On older Windows computers, you can use AppLocker policies to control what applications are allowed to run on the Windows client.
According to Eclypsium statistics, the issue affects 129 consumer and enterprise latpop, desktop and tablet models, including devices protected by Secure Boot and Dell Secured- core. It is estimated that about 30 million personal devices are at risk of being attacked by this vulnerability.
David PacYou should read it
- New malware targets Windows 64-bit
- Moriya: An advanced and very dangerous 'stealth' Rootkit
- Microsoft admits a new zero-day vulnerability threatens millions of Windows users
- Steps to fix PrintNightmare vulnerability on Windows 10
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Detect a rare vulnerability that causes problems with the printer on Windows 10
- These Anti-Rootkit tools should and should be in the system
May be interested
- Microsoft admits a new zero-day vulnerability threatens millions of Windows users
according to microsoft, this new zero-day vulnerability affects all versions of windows from windows 7 to windows 10 and corresponding versions of windows server. - Risk of ransomware infection when downloading crack software onlineresearchers from cybersecurity firm sophos have discovered another malicious code distribution network hiding in the shadow of cracked software. because of wanting to use software without paying royalties, many people have become victims of cybercrime.
- Steps to enable WireGuard on ProtonVPNwireguard is a relatively new, lightweight and efficient protocol that improves your browsing experience. luckily, the developers have provided you with a way to manually switch between vpn protocols.
- Is a decentralized VPN more secure than a regular VPN?decentralized vpns provide better connection security and could change the way we browse the internet. commonly known as dvpn, a decentralized vpn provides a secure internet connection run by a network of nodes that can be servers, laptops, phones, or even desktop computers.
- How to use ZoneAlarm?zonealarm free firewall is one of the best and easiest to use programs to protect your computer from online threats. firewalls are an effective tool against bad guys trying to get into your computer and use your personal information.
- Beware of new email scamsexperts from the security company kaspersky warn about a new email scam, targeting people with expensive purchases.
Security solution
'Printer Catastrophe' Vulnerability Threatens All Versions of Windows- Microsoft admits a new zero-day vulnerability threatens millions of Windows users
- A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
- Serious vulnerability in OpenSSH threatens millions of servers
- Defender for Identity detects PrintNightmare vulnerability, reducing risk for Print Spooler
'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
Microsoft admits a new zero-day vulnerability threatens millions of Windows users
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Serious vulnerability in OpenSSH threatens millions of servers
Defender for Identity detects PrintNightmare vulnerability, reducing risk for Print Spooler