Home > Cyber News > Microsoft Discovers Scary Bugs in Huawei PC Driver (CVE-2019-5241)

Microsoft Discovers Scary Bugs in Huawei PC Driver (CVE-2019-5241)

Microsoft just discovered a troublesome Huawei PC product that could have granted attackers with an easy way to temper with Windows kernel.

According to Huawei’s advisory, “there is a privilege escalation vulnerability in Huawei PCManager product”. An attacker could trick a user to install and run a malicious application to exploit the bug and gain higher privileges.

However, that’s not the only vulnerability which was addressed. There is also a code execution vulnerability in Huawei PCManager product, which could have been abused by attackers to execute malicious code and read/write memory.

How Did Microsoft Discover the Vulnerabilities in Huawei?

Starting in Windows 10, version 1809, Windows’ kernel has new sensors (Microsoft Defender Advanced Threat Protection’s kernel sensors) designed to trace User APC code injection initiated by a kernel code, which are meant to detect kernel threats such as [wplinkpreview url=”https://sensorstechforum.com/yatron-raas-extension-eternalblue/”] the DOUBLEPULSAR exploit. The DOUBLEPULSAR is a kernel backdoor used by the WannaCry ransomware to inject the main payload into user-space.

Related: [wplinkpreview url=”https://sensorstechforum.com/microsoft-defender-atp-mac-users/”] Microsoft Defender ATP Now Available for Mac Users.

So, Microsoft Defender Research Team discovered a driver while investigating an alert raised by these sensors. The team traced the anomalous behavior to a device management driver developed by Huawei. Later on, they found a lapse in the design that led to a vulnerability that could allow local privilege escalation.

Microsoft promptly reported the vulnerability identified as CVE-2019-5241 to Huawei, who responded quickly and on January 9, 2019, a fix was released.

As for the other vulnerability, CVE-2019-5242, the researchers from Microsoft also discovered that “the driver provided a capability to map any physical page into user-mode with RW permissions”:

Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. This, of course, means a full machine compromise.

The two vulnerabilities discovered in a driver depict the importance of designing software and products with security in mind, Microsoft concluded.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree