Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-17 Thread Pedro Ribeiro
On 12 August 2015 at 18:33, Stefan Kanthak wrote: > "Kevin Beaumont" wrote: > > [...] > >> Microsoft documented a feature in Windows 8 and above called Windows >> Platform Binary Table. > > Cf. where WPBT is linked to >

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-17 Thread simon
In reading the WPBT document from MS I think I see another problem; namely that the WPBT table can contain a 'command line' which is not signed (only checksum of table). So on the assumption that you can insert the table into ACPI list that the BIOS present to OS (maybe with a flashed PCI perph

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-16 Thread Kevin Beaumont
Hi - just with regards to this, the issue of Windows Server 2003 allowing driver injection is only during initial Windows setup. Just to be clear the issue I was highlighting is a different beast, as it is every boot, with file system mounted. On 12 August 2015 at 18:33, Stefan Kanthak wrote: >

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-16 Thread Kevin Beaumont
ted" OEM apps that are allowed to do so. > > Dimitri > > -Original Message- > From: Kevin Beaumont [mailto:kevin.beaum...@gmail.com] > Sent: Wednesday, August 12, 2015 7:45 AM > To: bugtraq@securityfocus.com > Subject: Windows Platform Binary Table (WPBT) - BIOS PE

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-16 Thread Kevin Beaumont
Hi - just with regards to this, the CERT advisory is for a slightly different issue. The software Lenovo were delivering in this case has known security issues (including updating purely over http).. But it just goes to show, bundling software into the BIOS/UEFI firmware can go wrong, pretty much

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-13 Thread Stefan Kanthak
"Kevin Beaumont" wrote: [...] > Microsoft documented a feature in Windows 8 and above called Windows > Platform Binary Table. Cf. where WPBT is linked to alias

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-13 Thread Jerome Athias
Some more info https://www.us-cert.gov/ncas/current-activity/2015/08/12/Lenovo-Service-Engine-LSE-BIOS-Vulnerability 2015-08-12 14:44 GMT+03:00 Kevin Beaumont : > PRECURSOR > > There will be debate about if this is a vulnerability. It affects a > majority of user PCs -- including all Enterprise

RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-13 Thread Limanovski, Dimitri
do so. Dimitri -Original Message- From: Kevin Beaumont [mailto:kevin.beaum...@gmail.com] Sent: Wednesday, August 12, 2015 7:45 AM To: bugtraq@securityfocus.com Subject: Windows Platform Binary Table (WPBT) - BIOS PE backdoor PRECURSOR There will be debate about if this is a vulnerability.

Windows Platform Binary Table (WPBT) - BIOS PE backdoor

2015-08-12 Thread Kevin Beaumont
PRECURSOR There will be debate about if this is a vulnerability. It affects a majority of user PCs -- including all Enterprise editions of Windows, there is no way to disable it, and allows direct code execution into secure boot sequences. I believe it is worth discussing. SCOPE Microsoft docu