Third party kernel drivers are often a headache for the consumer electronics vendors as the complete control on the integrity of the system can’t be ensured. The same applies to Microsoft and its Windows 10 operating system.
In an official blog post, Microsoft has outlined a massive security flaw present in a device management driver developed by China-based tech giant Huawei. The flaw has already been patched but it’s important to highlight how it allowed local privilege escalation of a massive scale.
Microsoft was able to spot the flaw in Huawei’s MateBook line of laptops with the help of its new kernel sensors that were implemented in the OS as a part of Windows 10 October 2018 Update; it’s also called Windows 10 Version 1809.
These sensors were chiefly put in place to prevent NSA-created backdoors like DOUBLEPULSAR, which was also exploited by WannaCry ransomware. The company found that Huawei’s PC Manager allowed an attacker to develop a notorious instance of MateBookService.exe and gain escalated privileges.
Moreover, the driver also allowed a low privilege code to gain read-write permissions and even modify kernel as well, resulting in complete compromise. While the first flaw was CVE-2019-5241, this second instance was assigned CVE-2019-5242.
You can know more about how Redmond reverse-engineered Huawei’s driver and unearthed this privilege escalation flaw.