fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft WPBT Flaw Lets Hackers Install Rootkits on Windows Devices

Microsoft WPBT Flaw Lets Hackers Install Rootkits on Windows Devices

Security researchers have found a flaw in the Microsoft Windows Platform Binary Table (WPBT) that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012.

Rootkits are malicious tools threat actors create to evade detection by burying deep into the OS and used to fully take over compromised systems while evading detection.

WPBT is a fixed firmware ACPI (Advanced Configuration and Power Interface) table introduced by Microsoft starting with Windows 8 to allow vendors to execute programs every time a device boots.

However, besides enabling OEMs to force install critical software that can’t be bundled with Windows installation media, this mechanism can also allow attackers to deploy malicious tools, as Microsoft warns in its own documentation.

“Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions,” Microsoft explains.

Also Read: How To Secure Your WiFi Camera: 4 Points To Consider

“In particular, WPBT solutions must not include malware (i.e., malicious software or unwanted software installed without adequate user consent).”

Impacts all computers running Windows 8 or later

The weakness found by Eclypsium researchers is present on Windows computers since 2012, when the feature was first introduced with Windows 8.

These attacks can use various techniques that allow writing to memory where ACPI tables (including WPBT) are located or by using a malicious bootloader.

This can be by abusing the BootHole vulnerability that bypasses Secure Boot or via DMA attacks from vulnerable peripherals or components.

“The Eclypsium research team has identified a weakness in Microsoft’s WPBT capability that can allow an attacker to run malicious code with kernel privileges when a device boots up,” Eclypsium researchers said.

“This weakness can be potentially exploited via multiple vectors (e.g. physical access, remote, and supply chain) and by multiple techniques (e.g. malicious bootloader, DMA, etc).”

Eclypsium has shared the following demo video that demonstrates how this security flaw can be exploited.

Mitigation measures include using WDAC policies

After Eclypsium informed Microsoft of the bug, the software giant recommended using a Windows Defender Application Control policy which allows controlling what binaries can run on a Windows device.

“WDAC policy is also enforced for binaries included in the WPBT and should mitigate this issue,” Microsoft states in the support document.

WDAC policies can only be created on client editions of Windows 10 1903 and later and Windows 11 or on Windows Server 2016 and above.

On systems running older Windows releases, you can use AppLocker policies to control what apps are allowed to run on a Windows client.

“These motherboard-level flaws can obviate initiatives like Secured-core because of the ubiquitous usage of ACPI and WPBT,” Eclypsium researchers added.

“Security professionals need to identify, verify and fortify the firmware used in their Windows systems. Organizations will need to consider these vectors, and employ a layered approach to security to ensure that all available fixes are applied and identify any potential compromises to devices.”

Eclypsium found another vector of attack allowing threat actors to take control of a targeted device’s boot process and break OS-level security controls in the BIOSConnect feature of Dell SupportAssist, a software that comes preinstalled on most Dell Windows devices.

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

As the researchers revealed, the issue “affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs,” with roughly 30 million individual devices being exposed to attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us