[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
From: simon@xxxxxxxxxxxxx
Date: Thu, 13 Aug 2015 21:41:53 GMT

In reading the WPBT document from MS I think I see another problem; namely that 
the WPBT table can contain a 'command line' which is not signed (only checksum 
of table).

So on the assumption that you can insert the table into ACPI list that the BIOS 
present to OS (maybe with a flashed PCI perpheral), you could use a 'borrowed' 
signed app and control it with the command line.

I'd be interested in analysing the WPBT table or Lenovo's autochk/wpbbin exes.
Simon.

Prev by Date: BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities
Next by Date: [slackware-security] mozilla-thunderbird (SSA:2015-226-02)
Previous by thread: Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
Next by thread: bizidea Design CMS 2015Q3 - SQL Injection Vulnerability
Index(es):
- Date
- Thread