Slashdot Mirror


Microsoft: Windows 10 Devices Open To 'Full Compromise' From Huawei PC Driver (zdnet.com)

According to ZDNet, researchers at Microsoft have discovered a buggy Huawei utility that could have given attackers a cheap way to undermine the security of the Windows kernel. From the report: Microsoft has now detailed how it found a severe local privilege escalation flaw in the Huawei PCManager driver software for its MateBook line of Windows 10 laptops. Thanks to Microsoft's work, the Chinese tech giant patched the flaw in January. As Microsoft researchers explain, third-party kernel drivers are becoming more attractive to attackers as a side-door to attacking the kernel without having to overcome its protections using an expensive zero-day kernel exploit in Windows. The flaw in Huawei's software was detected by new kernel sensors that were implemented in the Windows 10 October 2018 Update, aka version 1809.

The kernel sensors are meant to address the difficulty of detecting malicious code running in the kernel and are designed to detect user-space asynchronous procedure call (APC) code injection from the kernel. Microsoft Defender ATP anti-malware uses these sensors to detect actions caused by kernel code that may inject code into user-mode. Huawei's PCManager triggered Defender ATP alerts on multiple Windows 10 devices, prompting Microsoft to launch an investigation. [...] The investigation led the researcher to the executable MateBookService.exe. Due to a flaw in Huawei's 'watchdog' mechanism for HwOs2Ec10x64.sys, an attacker is able to create a malicious instance of MateBookService.exe to gain elevated privileges. The flaw can be used to make code running with low privileges read and write to other processes or to kernel space, leading to a "full machine compromise."
Long-time Slashdot reader shanen writes: Though the story features Huawei, there doesn't seem to be anything specific to that company there. Just innuendo that you can't trust Chinese companies, eh? "Don't throw your computer into that Chinese briar patch!" Anyway, the sordid reality is that Microsoft is the root of all evils in the Windows platform. If increasing security had been half as important as maximizing profits, then we'd be in a much better world today. All complicated software is buggy, but adding complexity for no good reason is just begging for more problems. Here's a crazy solution approach: Any OS feature that isn't used by a LARGE majority of the users should be REMOVED from the OS. Maybe that isn't strong enough. Maybe the OS should be strictly limited to what absolutely needs to be there. Guard those eggs carefully!

1 of 112 comments (clear)

  1. Re:Not sure if it’s a “flaw” by AmiMoJo · · Score: -1, Troll

    Problem is who are we going to buy hardware from now?

    All US hardware is banned because of the NSA. All Chinese hardware is banned because all Chinese companies are fronts for the government. All British hardware is banned because of GCHQ, and most European hardware is dubious because we know GCHQ is actively and sometimes successfully attacking it.

    Japanese hardware maybe? But some of that had to be banned too, e.g. Sony with its rootkits.

    So let's say we buy an NEC PC, with Hitachi hard drive... But the CPU is still a US design, doubtless backdoored and sending all your data directly to the NSA's servers. And what OS are you going to run on it? Linux? Linus lives in the US now, and has publicly admitted that he is working for the CIA.

    What about alternative computing platforms? The the abacus was invented in China and doubtless they weakened the crypto functions. Could go back to counting on our fingers but we all know that biometric security is a joke.

    Maybe it's time to buy a bag of sand and build our own computers from scratch.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC