You don't need to load another OS. You can do pretty much anything with an insecure PXE.
"If you’ve ever run across insecure PXE boot deployments during
a pentest, you know that they can hold a wealth of
possibilities for escalation. Gaining access to PXE boot
images can provide an attacker with a domain joined system,
domain credentials, and lateral or vertical movement
opportunities. This blog outlines a number of different
methods to elevate privileges and retrieve passwords from PXE
boot images. These techniques are separated into three
sections: Backdoor attacks, Password Scraping attacks, and
Post Login Password Dumps."
https://www.netspi.com/blog/technical/network-penetration-testing/attacks-against-windows-pxe-boot-images/?print=pdf
They can even do this AFTER the voting is done. Just need to reset the machine. If the data is not properly secured (at this point who will image it is) they can change whatever they want. Having access to certificates they can even "fake results" and sign everything.
Of course, if you reset the machine at this late stage, the counting will be stopped... Oh wait!
You don't need to load another OS. You can do pretty much anything with an insecure PXE.
"If you’ve ever run across insecure PXE boot deployments during a pentest, you know that they can hold a wealth of possibilities for escalation. Gaining access to PXE boot images can provide an attacker with a domain joined system, domain credentials, and lateral or vertical movement opportunities. This blog outlines a number of different methods to elevate privileges and retrieve passwords from PXE boot images. These techniques are separated into three sections: Backdoor attacks, Password Scraping attacks, and Post Login Password Dumps." https://www.netspi.com/blog/technical/network-penetration-testing/attacks-against-windows-pxe-boot-images/?print=pdf
They can even do this AFTER the voting is done. Just need to reset the machine. If the data is not properly secured (at this point who will image it is) they can change whatever they want. Having access to certificates they can even "fake results" and sign everything.
Of course, if you reset the machine at this late stage, the counting will be stopped... Oh wait!