diff --git a/windows/disable-windows-platform-binary-table.reg b/windows/disable-windows-platform-binary-table.reg
new file mode 100644
index 0000000..1b234f5
--- /dev/null
+++ b/windows/disable-windows-platform-binary-table.reg
@@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
+"DisableWpbtExecution"=dword:00000001
diff --git a/windows/readme.md b/windows/readme.md
index 0fe7fa7..fcfb21f 100644
--- a/windows/readme.md
+++ b/windows/readme.md
@@ -1,6 +1,15 @@
 # Windows Setup
 
-* Make a system restore point after a fresh install
+* Make a system restore point after a fresh install.
+
+* Disable Windows Platform Binary Table
+    * This is a system Windows made for hardware vendors to inject firmware to the OS drive, running it at boot time.
+      It's a huge security hole! Vendors can do things like download software, auto update the mobo firmware, etc.
+      In 2023, Gigabyte was caught using this to download exe's from their server over an http connection! (keep in mind
+      that they're corporate systems have been hacked multiple times in the last year). Anyway, this feature is fucking
+      dumb and you can be sure that all mobo vendors are using this stupid shit. I don't blame them though since Microsoft
+      built this for them. There's no way to stop this from happening other than to disable the platform entirely.
+    * Run `disable-windows-platform-binary-table.reg` and reboot.
 
 * Change PC name and reboot
     * Open settings -> System -> About -> Rename this PC