Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
A rootkit is a type of malicious tool that hackers create silently to take full control of the victim's system. More dangerous, rootkits can hide deep in the operating system to avoid detection.
WPBT is the ACPI (Advanced Configuration and Power Interface) fixed firmware board introduced by Microsoft since Windows 8. Its mission is to allow vendors to execute programs every time the device boots.
However, besides allowing OEMs to forcibly install critical software that cannot be bundled with WINdows installation, this mechanism also allows hackers to deploy malicious tools. Microsoft itself has warned about this in their support documents.
Affects all computers running Windows 8 and above
This vulnerability was discovered by security researchers of Eclypsium. To exploit the vulnerability, hackers can use other techniques such as allowing writes to the memory where ACPI tables (including WPBT) are located or using a bootloader containing malicious code.
Hackers can successfully attack by abusing the BootHole vulnerability that allows Secure Boot bypass or DMA attacks from peripheral devices or other vulnerable components.
Here is a video demo of Eclypsium's attack:
Remedies
After receiving the notice from Eclypsium, Microsoft recommended that users use the Windows Defender Application Control (WADC) policy to control which binaries can run on Windows devices. WDAC policies can only be created on clients running Windows 10 version 1903 or later, Windows 11 or Windows Server 2016 or later.
On older Windows computers, you can use AppLocker policies to control what applications are allowed to run on the Windows client.
According to Eclypsium statistics, the issue affects 129 consumer and enterprise latpop, desktop and tablet models, including devices protected by Secure Boot and Dell Secured- core. It is estimated that about 30 million personal devices are at risk of being attacked by this vulnerability.
David PacYou should read it
- New malware targets Windows 64-bit
- Moriya: An advanced and very dangerous 'stealth' Rootkit
- Microsoft admits a new zero-day vulnerability threatens millions of Windows users
- Steps to fix PrintNightmare vulnerability on Windows 10
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Detect a rare vulnerability that causes problems with the printer on Windows 10
- These Anti-Rootkit tools should and should be in the system
May be interested
- The amount of PC shipped in 2013 decreased significantly
this year is probably not a lucky year for pc makers as they continue to witness a rapidly declining number of products shipped. - Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!a group of free security researchers recently announced the zero-day vulnerability in the dropbox version of the windows app.
- The first batch of Raspberry Pi computers shippedafter a lot of obstacles, finally the raspberry pi 'tiny' computer has also begun to be shipped, with the first series having just landed a school on april 13.
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge itmicrosoft has just released security updates to fix a high-severity zero-day vulnerability in windows.
- How to Run Windows Defender Offlinewindows defender offline is a specialized tool that detects and removes persistent malware such as rootkits. windows defender offline is used in the event that windows defender or microsoft security essentials detects an anomaly that...
- In the second quarter of 2009, 38 million netbooks were shippedaccording to market research firm displaysearch, more than 38 million netbooks shipped in the second quarter of 2009 and accounted for 22.2% of the market for mobile computers.
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Serverthe vulnerability has tracking code cve-2020-1350 and its official name is sigred. it has been in windows dns server for nearly two decades and has only recently been successfully handled by the efforts of microsoft experts with help from the checkpoint security security team.
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows serversthis is a vulnerability that exists in the cryptographic authentication scheme used by the netlogon remote protocol.
- Microsoft urges Admin to patch PowerShell vulnerability on Windowsmicrosoft has just asked for it admins of organizations and businesses to immediately patch the vulnerability in powershell 7. the reason is that this vulnerability allows hackers to bypass windows defender application control (wdac) enforcement measures.
- Serious warning about Windows WMF vulnerabilitysymantec announced an alert 3 for windows' unpatched wmf security vulnerability. this is the second time in the last 18 months an alarm has appeared. because the official patch will not be available before january 10, 2006, for n & ecir
Microsoft admits a new zero-day vulnerability threatens millions of Windows users
Risk of ransomware infection when downloading crack software online
Steps to enable WireGuard on ProtonVPN
Is a decentralized VPN more secure than a regular VPN?
How to use ZoneAlarm?
Beware of new email scams