The Windows Platform Binary Table, and You

4 stars based on 36 reviews

Analysis Lenovo has sold laptops bundled with unremovable software that features a bonus exploitable security vulnerability. If the crapware is deleted, or the hard drive wiped and Windows reinstalled from scratch, the laptop's firmware will quietly and automatically reinstall Lenovo's software on the next boot-up.

The LSE makes sure C: The executable is run during startup, and is supposed windows platform binary table disable check the computer's file system to make sure it's free of any corruption. Lenovo's variant of this system file windows platform binary table disable LenovoUpdate. So if you uninstall or delete these programs, the LSE in the firmware will bring them back during the next power-on or reboot. LenovoCheck and LenovoUpdate are executed on startup with full administrator access.

Automatically, and rather rudely, they connect to the internet to download and install drivers, a system "optimizer"and whatever else Lenovo wants on your computer. Lenovo's software also phones home to the Chinese giant details of the running system. This allows PC manufacturers and corporate IT to inject drivers, programs and other files into the Windows operating system from the motherboard firmware. The WPBT is stored in the firmware, and tells Windows where in memory it can find an executable called a platform binary to run.

Said executable will take care of the job of installing files before the operating system starts. Windows will write the flat image to disk, and the Session Manager will launch the process. Not in this case: Two months later, in June, it pulled the whole thing: Lenovo has also pulled the LSE from new desktop machines.

These models phone home system data, but do not install any extra software, and do not suffer from the aforementioned privilege-escalation vulnerability. The PC maker's laptops definitely do, however. A tool quietly released on July 31 will uninstall the engine if it is present in your machine: On Tuesday this week, Lenovo published a full list of affected desktop and notebook models.

Desktop machines built between October 23, and April 10,with Windows windows platform binary table disable preinstalled, have the LSE inside them. The utility also sends non-personally identifiable system data to Lenovo servers," the Chinese goliath explained.

Microsoft has recently released updated security guidelines on how to best implement this feature. Without this climbdown, it would have been virtually impossible for users to remove the rootkit-like engine from the firmware.

Delete the file and it reappears on windows platform binary table disable. I've never seen anything like this before. Windows platform binary table disable to think about before buying Lenovo. What is worrying is that all of this is pretty much what Microsoft intended. Its WPBT is engineered to allow manufacturers to painlessly inject drivers and programs into the operating system. It's supposed to be used for things like anti-theft tools, so a system can be disabled via the internet if it's stolen.

But it also turns rootkit development and installation into a painting-by-the-numbers exercise. Lenovo got caught because its engine had crap security. And it sounds as though Microsoft pressured Lenovo to kill it. This comes on the back of Lenovo's Superfish scandalin which the PC maker shipped laptops with adware on them that opened up people to man-in-the-middle eavesdropping. Miscreants could exploit the bundled crapware to snoop on victims' encrypted connections to websites.

The Redmond giant was not available for immediate comment. Minds Mastering Machines - Call for papers now open. The Register - Independent news and views for the tech community. Part of Situation Publishing. Join our daily or weekly newsletters, subscribe to a specific section or set News alerts. The Register uses cookies. Twitter API overhaul threatens to seriously shaft apps Spring is all about new beginnings, but it could already be lights out for Windows' Fluent Design. T-Mobile Austria stores passwords as plain text, Outlook gets message crypto, and more Botched upgrade at Belgian bank Argenta sparks phishing frenzy Is it a bird?

Is it a plane? Intel, warning you to kill a buggy keyboard app. Now they can slurp info to their hearts' content What a Docker shocker: Windows platform binary table disable The Channel Hookup classifieds ad sheet Backpage. Tesco to kill free service We put Huawei's P20 triple-lens snapper through its paces Planning on forking out for the new iPad? Better take darn good care of it For some reason, you lot love 'em.

So here are the many ThinkPads of Geek's Guide Birds can feel Earth's magnetic fields? Yeah, that might fly. Bioboffins find vital sense proteins Ass-troplastic! Printing parts from p. Artificial Intelligence Internet of Things Googlers revolt over AI military tech contract, brainiacs boycott killer robots, and more US watchdog reckons blockchain bods Longfin were wrongfin, maybe this is their swansongfin AI can't help without your data, says Gartner, so share, share, share!

Verity Stob My Tibetan digital detox lasted one morning, how about yours? Danish Navy expert finds no trace of exhaust gas in private submarine. Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not windows platform binary table disable Windows users to exploitable conditions.

Owners of LSE-afflicted computers urged to update their firmware A tool quietly released on July 31 will uninstall the engine if it is present in your machine: The LSE functionality has been removed from newly windows platform binary table disable systems.

Windows platform binary table disable fallout Suffice to say, netizens who have discovered this creepy code windows platform binary table disable their machines are not happy. Most read They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender Intel admits a load of its CPUs have Spectre v2 flaw that windows platform binary table disable be fixed Cloudflare touts privacy-friendly 1.

Hmm, let's take a closer look at that Windows platform binary table disable gunwoman opens fire at YouTube HQ, three people shot 'Every little helps' Windows platform binary table disable to kill free service. More from The Register. Malware Engine needs, erm, malware protection Stop appreciating the irony and go install the patch now. Microsoft patched more Malware Protection Engine bugs last week Redmond's out-of-band advisory landed after the bugs were fixed.

Apple blocks comms-snooping malware Leaked developer certificate revoked, protection updated. Antivirus windows platform binary table disable resolve MitM vulnerability Attack loophole in Panda app sealed. MailChimp 'working' to stop hackers flinging malware-laced spam from accounts What can you do about it for now? They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender Rar!

That's a scary bug. By thinking proactively about DDoS defense, organizations can build a comprehensive strategy to mitigate attacks.

Sponsored links Get The Register's Headlines in your inbox daily - quick signup! About us Who we are Under the hood Contact us Advertise with us. Sign up to our Newsletters Join our daily or weekly newsletters, subscribe to a specific section or set News alerts Subscribe.

777 binary options system jame golestan review! zero risk high

  • Guarantee options trading successful for beginners pdf

    Tips bermain trading binary

  • Binary options false signals review

    Binare optionen dirk muller

Corredores de descuento de opciones

  • Bollinger band binary option strategies faxed

    Benefit of using binary pivot points

  • U binary options strategy for beginners

    Forexpros ng chart

  • Best online forex charting software

    Fx binary options scalper review get rich what is binary options trading

Which binary options brokers accept paypal deposits

46 comments Day trade options online christopher a farrell pdf

Online brokers for trading

Analysis Lenovo has sold laptops bundled with unremovable software that features a bonus exploitable security vulnerability. If the crapware is deleted, or the hard drive wiped and Windows reinstalled from scratch, the laptop's firmware will quietly and automatically reinstall Lenovo's software on the next boot-up.

The LSE makes sure C: The executable is run during startup, and is supposed to check the computer's file system to make sure it's free of any corruption. Lenovo's variant of this system file ensures LenovoUpdate.

So if you uninstall or delete these programs, the LSE in the firmware will bring them back during the next power-on or reboot. LenovoCheck and LenovoUpdate are executed on startup with full administrator access. Automatically, and rather rudely, they connect to the internet to download and install drivers, a system "optimizer" , and whatever else Lenovo wants on your computer.

Lenovo's software also phones home to the Chinese giant details of the running system. This allows PC manufacturers and corporate IT to inject drivers, programs and other files into the Windows operating system from the motherboard firmware. The WPBT is stored in the firmware, and tells Windows where in memory it can find an executable called a platform binary to run.

Said executable will take care of the job of installing files before the operating system starts. Windows will write the flat image to disk, and the Session Manager will launch the process. Not in this case: Two months later, in June, it pulled the whole thing: Lenovo has also pulled the LSE from new desktop machines. These models phone home system data, but do not install any extra software, and do not suffer from the aforementioned privilege-escalation vulnerability.

The PC maker's laptops definitely do, however. A tool quietly released on July 31 will uninstall the engine if it is present in your machine: On Tuesday this week, Lenovo published a full list of affected desktop and notebook models.

Desktop machines built between October 23, and April 10, , with Windows 8 preinstalled, have the LSE inside them. The utility also sends non-personally identifiable system data to Lenovo servers," the Chinese goliath explained. Microsoft has recently released updated security guidelines on how to best implement this feature. Without this climbdown, it would have been virtually impossible for users to remove the rootkit-like engine from the firmware.

Delete the file and it reappears on reboot. I've never seen anything like this before. Something to think about before buying Lenovo. What is worrying is that all of this is pretty much what Microsoft intended. Its WPBT is engineered to allow manufacturers to painlessly inject drivers and programs into the operating system.

It's supposed to be used for things like anti-theft tools, so a system can be disabled via the internet if it's stolen. But it also turns rootkit development and installation into a painting-by-the-numbers exercise. Lenovo got caught because its engine had crap security. And it sounds as though Microsoft pressured Lenovo to kill it. This comes on the back of Lenovo's Superfish scandal , in which the PC maker shipped laptops with adware on them that opened up people to man-in-the-middle eavesdropping.

Miscreants could exploit the bundled crapware to snoop on victims' encrypted connections to websites. The Redmond giant was not available for immediate comment. Minds Mastering Machines - Call for papers now open. The Register - Independent news and views for the tech community. Part of Situation Publishing. Join our daily or weekly newsletters, subscribe to a specific section or set News alerts.

The Register uses cookies. Uncle Sam serves Microsoft fresh warrant for Irish emails Citrix opens its third cloud region, this time in Australia Ahh, long weekend. Microsoft, Dynamics sandboxes walk with me. Microsoft's patch for a patch for a patch might need another patch Badmins: Magento shops brute-forced to scrape card deets and install cryptominers One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools Block blocked: Google to banish cryptominers from Chrome Web Store.

Now they can slurp info to their hearts' content What a Docker shocker: Relations between capital and labor don't matter Who had Intel in the 'discrimination lawsuit' pool? Planning on forking out for the new iPad? Better take darn good care of it Lenovo sends EMEA exec into metaphorical burning building For some reason, you lot love 'em.

So here are the many ThinkPads of Grindr: Yeah, we shared your HIV status info with other companies — but we didn't charge them! Geek's Guide Need a needle in an artery? Move over, doc, there's an app for that Indian comms satellite gives boffins back home the silent treatment Elon Musk's mighty erection fires sperm at orbiting space station No chance of flying too close to this: Icarus, the most distant star seen, is 9bn light years away. Artificial Intelligence Internet of Things Floyd Mayweather-endorsed cryptocoin startup knocked out by fraud allegations Doomed Chinese space lab Tiangong-1 crashes into watery Pacific grave Watchdog growls at Tesla for spilling death crash details: A Space Odyssey has haunted pop culture with anxiety about rogue AIs for half a century Super Cali goes ballistic, Starbucks is on notice: Expensive milky coffee is something quite cancerous Happy th birthday to the Royal Air Force.

Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions. Owners of LSE-afflicted computers urged to update their firmware A tool quietly released on July 31 will uninstall the engine if it is present in your machine: The LSE functionality has been removed from newly manufactured systems.

The fallout Suffice to say, netizens who have discovered this creepy code on their machines are not happy. Most read Cloudflare touts privacy-friendly 1. Hmm, let's take a closer look at that Intel outside: Apple 'prepping' non-Chipzilla Macs by stop us if you're having deja vu Watchdog growls at Tesla for spilling death crash details: Flood them with bogus info using browser tools.

More from The Register. Malware Engine needs, erm, malware protection Stop appreciating the irony and go install the patch now. Microsoft patched more Malware Protection Engine bugs last week Redmond's out-of-band advisory landed after the bugs were fixed. Apple blocks comms-snooping malware Leaked developer certificate revoked, protection updated.

Antivirus app-makers resolve MitM vulnerability Attack loophole in Panda app sealed. MailChimp 'working' to stop hackers flinging malware-laced spam from accounts What can you do about it for now? Lock down your software supply chain before the malware scum get in Stealthy attack code spotted going after payment systems.

Whitepapers Creating the data centre of the future with hyperconverged infrastructure Regardless of infrastructure model, the IT organisation will expect cloud-like benefits; for example, pay-as-you-go capacity.

Today that skills gap is around automation, orchestration, and DevOps methodologies—as well as how to apply them to cloud environments. This white paper describes the use of the platform to meet key business requirements.

Sponsored links Get The Register's Headlines in your inbox daily - quick signup! About us Who we are Under the hood Contact us Advertise with us. Sign up to our Newsletters Join our daily or weekly newsletters, subscribe to a specific section or set News alerts Subscribe.