Hjem > Cyber ​​Nyheder > Microsoft Discovers Scary Bugs in Huawei PC Driver (CVE-2019-5241)
CYBER NEWS

Microsoft opdager Scary Bugs i Huawei PC driver (CVE-2019-5241)

Microsoft har lige opdaget en besværlig Huawei PC produkt, der kunne have givet angribere med en nem måde at temperere med Windows-kernen.



Ifølge Huawei’s advisory, "there is a privilege escalation vulnerability in Huawei PCManager product". An attacker could trick a user to install and run a malicious application to exploit the bug and gain higher privileges.

Men, that’s not the only vulnerability which was addressed. There is also a code execution vulnerability in Huawei PCManager product, which could have been abused by attackers to execute malicious code and read/write memory.

How Did Microsoft Discover the Vulnerabilities in Huawei?

Starting in Windows 10, udgave 1809, Windows’ kernel has new sensors (Microsoft Defender Advanced Threat Protection’s kernel sensors) designed to trace User APC code injection initiated by a kernel code, which are meant to detect kernel threats such as [wplinkpreview url =”https://sensorstechforum.com/yatron-raas-extension-eternalblue/”] the DOUBLEPULSAR exploit. The DOUBLEPULSAR is a kernel backdoor used by the WannaCry ransomware to inject the main payload into user-space.

Relaterede: [wplinkpreview url =”https://sensorstechforum.com/microsoft-defender-atp-mac-users/”] Microsoft Defender ATP nu tilgængelig for Mac-brugere.

Så, Microsoft Defender Research Team discovered a driver while investigating an alert raised by these sensors. The team traced the anomalous behavior to a device management driver developed by Huawei. Senere, they found a lapse in the design that led to a vulnerability that could allow local privilege escalation.

Microsoft promptly reported the vulnerability identified as CVE-2019-5241 to Huawei, who responded quickly and on January 9, 2019, a fix was released.

As for the other vulnerability, CVE-2019-5242, the researchers from Microsoft also discovered that “the driver provided a capability to map any physical page into user-mode with RW permissions":

Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. Dette, selvfølgelig, means a full machine compromise.

The two vulnerabilities discovered in a driver depict the importance of designing software and products with security in mind, Microsoft concluded.

Milena Dimitrova

Milena Dimitrova

En inspireret forfatter og indholdschef, der har været hos SensorsTechForum siden projektets start. En professionel med 10+ års erfaring med at skabe engagerende indhold. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler! Følg Milena @Milenyim

Flere indlæg

Følg mig:
Twitter

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...