Microsoft Discovers Scary Bugs in Huawei PC Driver (CVE-2019-5241)
CYBER NEWS

Microsoft Discovers Scary Bugs in Huawei PC Driver (CVE-2019-5241)

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Microsoft just discovered a troublesome Huawei PC product that could have granted attackers with an easy way to temper with Windows kernel.



According to Huawei’s advisory, “there is a privilege escalation vulnerability in Huawei PCManager product”. An attacker could trick a user to install and run a malicious application to exploit the bug and gain higher privileges.

However, that’s not the only vulnerability which was addressed. There is also a code execution vulnerability in Huawei PCManager product, which could have been abused by attackers to execute malicious code and read/write memory.

How Did Microsoft Discover the Vulnerabilities in Huawei?

Starting in Windows 10, version 1809, Windows’ kernel has new sensors (Microsoft Defender Advanced Threat Protection’s kernel sensors) designed to trace User APC code injection initiated by a kernel code, which are meant to detect kernel threats such as

Yatron is the name of a new ransomware-as-a-service currently being advertised on Twitter. The ransomware appends .yatron extension to encrypted files.
the DOUBLEPULSAR exploit. The DOUBLEPULSAR is a kernel backdoor used by the WannaCry ransomware to inject the main payload into user-space.

Related:
Microsoft announced their advances in cross-platform next-generation protection and endpoint detection with a new Microsoft solution for Mac.
Microsoft Defender ATP Now Available for Mac Users.

So, Microsoft Defender Research Team discovered a driver while investigating an alert raised by these sensors. The team traced the anomalous behavior to a device management driver developed by Huawei. Later on, they found a lapse in the design that led to a vulnerability that could allow local privilege escalation.

Microsoft promptly reported the vulnerability identified as CVE-2019-5241 to Huawei, who responded quickly and on January 9, 2019, a fix was released.

As for the other vulnerability, CVE-2019-5242, the researchers from Microsoft also discovered that “the driver provided a capability to map any physical page into user-mode with RW permissions”:

Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. This, of course, means a full machine compromise.

The two vulnerabilities discovered in a driver depict the importance of designing software and products with security in mind, Microsoft concluded.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...