Hi - just with regards to this, the issue of Windows Server 2003 allowing driver injection is only during initial Windows setup. Just to be clear the issue I was highlighting is a different beast, as it is every boot, with file system mounted. On 12 August 2015 at 18:33, Stefan Kanthak <stefan.kanthak@xxxxxxxx> wrote: > "Kevin Beaumont" <kevin.beaumont@xxxxxxxxx> wrote: > > [...] > >> Microsoft documented a feature in Windows 8 and above called Windows >> Platform Binary Table. > > Cf. <http://www.acpi.info/links.htm> where WPBT is linked to > <http://go.microsoft.com/fwlink/p/?LinkId=234840> alias > <https://msdn.microsoft.com/en-US/library/windows/hardware/dn550976> > >> Up until two days ago, this was a single Word >> document not referenced elsewhere on Google: >> >> > http://webcache.googleusercontent.com/search?q=cache:H-SSYRAB0usJ:download.microsoft.com/download/8/A/2/8A2FB72D-9B96-4E2D-A559-4A27CF905A80/windows-platform-binary-table.docx+&cd=1&hl=en&ct=clnk&gl=us >> >> This feature allows a BIOS to deliver the payload of an executable, >> which is run in memory, silently, each time a system is booted. The >> executable code is run under under Session Manager context (i.e. >> SYSTEM). > > This sort of feature is NOT new: with Windows 2003 Microsoft introduced > the loading of "virtual OEM device drivers" during Windows setup, see > <https://support.microsoft.com/en-us/kb/896453> > > AFAIK at least HP and Dell used this method to deploy [F6] drivers > embedded in their BIOS. > > [...] > > stay tuned > Stefan Kanthak >
