14 DAY TRIAL // Microsoft discovered two different security vulnerabilities in Huawei’s PC Manager Windows application, and patches are already available in the latest versions released in January.
The Redmond-based software giant says it came across the bugs thanks to Windows Defender Advanced Threat Protection (ATP), which helped it discover a local privilege escalation bug detailed in CVE-2019-5241.
Attackers only need to convince users on an unpatched system to run a malicious application, and this can be done via crafted websites or using attachments in emails or sent via instant messaging apps.
“We discovered such a driver while investigating an alert raised by Microsoft Defender Advanced Threat Protection’s kernel sensors. We traced the anomalous behavior to a device management driver developed by Huawei,” Microsoft says.
Additionally, the company reveals that while investigating the vulnerability, it also came across a second bug that could be used for local privilege escalation. Tracked in CVE-2019-5242, this flaw allows an attacker to execute malicious code and to read/write memory.
Security flaws already patched
Huawei says it has already resolved both flaws, and now users are recommended to update PCManager to version 9.0.1.70 in China and to 9.0.1.66 in overseas markets.
The patch was published on January 9, and users can download the latest version of PCManager for each Huawei model they own from the official site.
“Our discovery of the driver vulnerabilities also highlights the strength of Microsoft Defender ATP’s sensors. These sensors expose anomalous behavior and give SecOps personnel the intelligence and tools to investigate threats, as we did,” Microsoft explains.
The company further adds that Windows 10 users running Windows Defender ATP were protected against any exploits even before Huawei rolled out patches.
There are no specifics right now as to any possible successful attacks, but users should patch as soon as possible anyway.