lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <98F2E821C18D41E0B8789463FCC2A47F@W340> Date: Wed, 12 Aug 2015 19:33:43 +0200 From: "Stefan Kanthak" <stefan.kanthak@...go.de> To: "Kevin Beaumont" <kevin.beaumont@...il.com> Cc: <bugtraq@...urityfocus.com> Subject: Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor "Kevin Beaumont" <kevin.beaumont@...il.com> wrote: [...] > Microsoft documented a feature in Windows 8 and above called Windows > Platform Binary Table. Cf. <http://www.acpi.info/links.htm> where WPBT is linked to <http://go.microsoft.com/fwlink/p/?LinkId=234840> alias <https://msdn.microsoft.com/en-US/library/windows/hardware/dn550976> > Up until two days ago, this was a single Word > document not referenced elsewhere on Google: > > http://webcache.googleusercontent.com/search?q=cache:H-SSYRAB0usJ:download.microsoft.com/download/8/A/2/8A2FB72D-9B96-4E2D-A559-4A27CF905A80/windows-platform-binary-table.docx+&cd=1&hl=en&ct=clnk&gl=us > > This feature allows a BIOS to deliver the payload of an executable, > which is run in memory, silently, each time a system is booted. The > executable code is run under under Session Manager context (i.e. > SYSTEM). This sort of feature is NOT new: with Windows 2003 Microsoft introduced the loading of "virtual OEM device drivers" during Windows setup, see <https://support.microsoft.com/en-us/kb/896453> AFAIK at least HP and Dell used this method to deploy [F6] drivers embedded in their BIOS. [...] stay tuned Stefan Kanthak
Powered by blists - more mailing lists