CYBER NEWS

Microsoft descobre bugs assustadores no driver do PC Huawei (CVE-2019-5241)

Microsoft just discovered a troublesome Huawei PC product that could have granted attackers with an easy way to temper with Windows kernel.



De acordo com Huawei’s advisory, “there is a privilege escalation vulnerability in Huawei PCManager product”. An attacker could trick a user to install and run a malicious application to exploit the bug and gain higher privileges.

Contudo, that’s not the only vulnerability which was addressed. There is also a code execution vulnerability in Huawei PCManager product, which could have been abused by attackers to execute malicious code and read/write memory.

How Did Microsoft Discover the Vulnerabilities in Huawei?

Starting in Windows 10, versão 1809, Windows’ kernel has new sensors (Microsoft Defender Advanced Threat Protection’s kernel sensors) designed to trace User APC code injection initiated by a kernel code, which are meant to detect kernel threats such as [wplinkpreview url =”https://sensorstechforum.com/yatron-raas-extension-eternalblue/”] the DOUBLEPULSAR exploit. The DOUBLEPULSAR is a kernel backdoor used by the WannaCry ransomware to inject the main payload into user-space.

relacionado: [wplinkpreview url =”https://sensorstechforum.com/microsoft-defender-atp-mac-users/”] Microsoft Defender ATP já está disponível para usuários do Mac.

assim, Microsoft Defender Research Team discovered a driver while investigating an alert raised by these sensors. The team traced the anomalous behavior to a device management driver developed by Huawei. Mais tarde, they found a lapse in the design that led to a vulnerability that could allow local privilege escalation.

Microsoft promptly reported the vulnerability identified as CVE-2019-5241 to Huawei, who responded quickly and on January 9, 2019, a fix was released.

As for the other vulnerability, CVE-2019-5242, the researchers from Microsoft also discovered that “the driver provided a capability to map any physical page into user-mode with RW permissions”:

Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. este, claro, means a full machine compromise.

The two vulnerabilities discovered in a driver depict the importance of designing software and products with security in mind, Microsoft concluded.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...