科技回声

Looks like it's the WPBT ACPI table again. Lenovo was caught doing the same back in 2015: <a href="https://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/" rel="nofollow">https://www.theregister.co.uk/2015/08/12/lenovo_firmware_nas...</a>Windows will just blindly execute the binary from the WPBT table on boot. Specifically, it's done by the Session Manager, the first user-mode process (%SystemRoot%\System32\smss.exe).The WPBT table is dumped as %SystemRoot%\System32\wppbin.exe and then executed.This behavior can apparently be disabled by a registry setting:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]"DisableWpbtExecution"=dword:00000001The previous time this happened, didn't Microsoft promise to keep this behavior on by default only in a corporate setting? Or maybe I'm misremembering.(Edited to add more details.)

I would tolerate if the board exposed a small romdisk that's visible to the OS, but running stuff without my express consent is waaaaay too much.

Old article is old. Old news.

I would tolerate if the board exposed a small romdisk that's visible to the OS, but running stuff without my express consent is waaaaay too much.

Old article is old. Old news.

Asus Z390 Motherboards Automatically Push Software In2 Your Windows Installation

3 条评论

Asus Z390 Motherboards Automatically Push Software In2 Your Windows Installation

3 条评论