[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
Hi - just with regards to this, the issue of Windows Server 2003
allowing driver injection is only during initial Windows setup. Just
to be clear the issue I was highlighting is a different beast, as it
is every boot, with file system mounted.
On 12 August 2015 at 18:33, Stefan Kanthak <stefan.kanthak@xxxxxxxx> wrote:
> "Kevin Beaumont" <kevin.beaumont@xxxxxxxxx> wrote:
>> Microsoft documented a feature in Windows 8 and above called Windows
>> Platform Binary Table.
> Cf. <http://www.acpi.info/links.htm> where WPBT is linked to
> <http://go.microsoft.com/fwlink/p/?LinkId=234840> alias
>> Up until two days ago, this was a single Word
>> document not referenced elsewhere on Google:
>> This feature allows a BIOS to deliver the payload of an executable,
>> which is run in memory, silently, each time a system is booted. The
>> executable code is run under under Session Manager context (i.e.
> This sort of feature is NOT new: with Windows 2003 Microsoft introduced
> the loading of "virtual OEM device drivers" during Windows setup, see
> AFAIK at least HP and Dell used this method to deploy [F6] drivers
> embedded in their BIOS.
> stay tuned
> Stefan Kanthak