In my recent blog “Pre-Boot Authentication. Wisdom in Security” I wrote in conclusion:
Bottom Line: ‘No PBA’ is not a wise choice for enterprises
Microsoft’s reasoning that you don’t need PBA because the known memory attacks are difficult to pull off on most modern hardware is simply wrong because the threat is much more than just those attacks.”