|
|
BugTraq
Windows Platform Binary Table (WPBT) - BIOS PE backdoor Aug 12 2015 11:44AM Kevin Beaumont (kevin beaumont gmail com) (3 replies) RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Aug 13 2015 01:33PM Limanovski, Dimitri (dimitri limanovski blackrock com) (1 replies) Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Aug 13 2015 06:48PM Kevin Beaumont (kevin beaumont gmail com) Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Aug 13 2015 06:47AM Jerome Athias (athiasjerome gmail com) (1 replies) Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Aug 13 2015 06:44PM Kevin Beaumont (kevin beaumont gmail com) |
|
Privacy Statement |
[...]
> Microsoft documented a feature in Windows 8 and above called Windows
> Platform Binary Table.
Cf. <http://www.acpi.info/links.htm> where WPBT is linked to
<http://go.microsoft.com/fwlink/p/?LinkId=234840> alias
<https://msdn.microsoft.com/en-US/library/windows/hardware/dn550976>
> Up until two days ago, this was a single Word
> document not referenced elsewhere on Google:
>
>
http://webcache.googleusercontent.com/search?q=cache:H-SSYRAB0usJ:downlo
ad.microsoft.com/download/8/A/2/8A2FB72D-9B96-4E2D-A559-4A27CF905A80/win
dows-platform-binary-table.docx+&cd=1&hl=en&ct=clnk&gl=us
>
> This feature allows a BIOS to deliver the payload of an executable,
> which is run in memory, silently, each time a system is booted. The
> executable code is run under under Session Manager context (i.e.
> SYSTEM).
This sort of feature is NOT new: with Windows 2003 Microsoft introduced
the loading of "virtual OEM device drivers" during Windows setup, see
<https://support.microsoft.com/en-us/kb/896453>
AFAIK at least HP and Dell used this method to deploy [F6] drivers
embedded in their BIOS.
[...]
stay tuned
Stefan Kanthak
[ reply ]