The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops.
The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops.
The PCManager software included in some Huawei’s Matebook systems allows unprivileged users to create processes with superuser privileges, according to a 25 March Microsoft security post.
Upon investigation, researchers found a driver containing components that run with ring-0 privileges in the kernel.
“We traced the anomalous behaviour to a device management driver developed by Huawei,” researchers said in the post. “Digging deeper, we found a lapse in the design that led to a vulnerability that could allow local privilege escalation.”
This type of vulnerability is similar to a technique used in the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers. In 2017 hackers attacked scores of computers with malware inspired by the exploit following the NSA data leak.
Researchers who reported the vulnerability to Huawei said the company responded and cooperated quickly and professionally. A patch was released earlier this year on 19 January.
Last week, the European Union ignored recent calls from the US to ban Huawei products out of fear of Chinese cyber-espionage, as the EU rolled out its 5G security guidelines.