Bugtraq mailing list archives
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
From: Pedro Ribeiro <pedrib () gmail com>
Date: Sat, 15 Aug 2015 20:06:29 +0100
On 12 August 2015 at 18:33, Stefan Kanthak <stefan.kanthak () nexgo de> wrote:
"Kevin Beaumont" <kevin.beaumont () gmail com> wrote: [...]Microsoft documented a feature in Windows 8 and above called Windows Platform Binary Table.Cf. <http://www.acpi.info/links.htm> where WPBT is linked to <http://go.microsoft.com/fwlink/p/?LinkId=234840> alias <https://msdn.microsoft.com/en-US/library/windows/hardware/dn550976>Up until two days ago, this was a single Word document not referenced elsewhere on Google:http://webcache.googleusercontent.com/search?q=cache:H-SSYRAB0usJ:download.microsoft.com/download/8/A/2/8A2FB72D-9B96-4E2D-A559-4A27CF905A80/windows-platform-binary-table.docx+&cd=1&hl=en&ct=clnk&gl=usThis feature allows a BIOS to deliver the payload of an executable, which is run in memory, silently, each time a system is booted. The executable code is run under under Session Manager context (i.e. SYSTEM).This sort of feature is NOT new: with Windows 2003 Microsoft introduced the loading of "virtual OEM device drivers" during Windows setup, see <https://support.microsoft.com/en-us/kb/896453> AFAIK at least HP and Dell used this method to deploy [F6] drivers embedded in their BIOS. [...] stay tuned Stefan Kanthak
One more reason to use Linux, although it sucks to have BIOS level backdoors like this. Looks like Lenovo issued updates for the affected systems, and thankfully no (business) Thinkpads are affected: https://support.lenovo.com/us/en/product_security/lse_bios_notebook Regards, Pedro
Current thread:
- Windows Platform Binary Table (WPBT) - BIOS PE backdoor Kevin Beaumont (Aug 12)
- RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Limanovski, Dimitri (Aug 13)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Kevin Beaumont (Aug 16)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Jerome Athias (Aug 13)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Kevin Beaumont (Aug 16)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Stefan Kanthak (Aug 13)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Kevin Beaumont (Aug 16)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Pedro Ribeiro (Aug 17)
- <Possible follow-ups>
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor simon (Aug 17)
- RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor Limanovski, Dimitri (Aug 13)