ASUS Z390 Motherboards Automatically Push Software into Windows

The ASUS UEFI firmware exposes an ACPI table to Windows 10, called “WPBT” or “Windows Platform Binary Table”. WPBT is used in the pre-built OEM industry, and is referred to as “the Vendor’s Rootkit.” Put simply, it is a script that makes Windows copy data from the BIOS to the System32 folder on the machine and execute it during Windows startup – every single time the system is booted. According to the Microsoft WPBT reference, which describes this feature as useful for “anti-theft software”, this binary is a “native, user-mode application that is executed by the Windows Session Manager during operating system initialization.”, which means “before all other programs, with administrative privileges”. This gives pretty much full control over everything, including protected folders and the registry.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s