Microsoft found privilege escalation vulnerabilities in Huawei MateBook laptop
Microsoft’s security research department recently announced that Huawei’s MateBook laptop pre-installed management program, PCManager has two security vulnerabilities that can be escalated. This pre-installed software is mainly used to provide security detection for Huawei devices and to automatically detect and download the latest version of drivers or other firmware. Of course, if the user does not actively uninstall, this pre-installed program will accompany the user, of course, a program is naturally inevitable that there may be a security flaw.
According to a report released by Microsoft researchers, this vulnerability is mainly due to improper program calls. The different analysis also shows that Huawei does not have built-in malware. If you want to exploit this vulnerability, the attacker first needs to induce the user to install another malware, and then use the malware to reuse the privilege vulnerability. That is to say, malware running under normal permissions can obtain administrator rights after exploiting this vulnerability, and you can fully control the computer after obtaining administrator rights. Although the usage is slightly troublesome, it may be exploited by hackers. Therefore, Microsoft promptly disclosed it to Huawei security department after discovering the vulnerability.
Microsoft researchers did not disclose the discovery time of the specific vulnerability, but this was discovered when Microsoft checked WindowsDefender Advanced Threat Protection. Microsoft said that although WindowsDefender can intercept many attacks, there is a vulnerability in the kernel that will make the entire protection system crash and dangerous. After receiving Microsoft feedback, Huawei has fixed the vulnerability in the version at the beginning of the year. Most of the current users have been updated so Microsoft has now disclosed the vulnerability. If the user uses PCManager v9.0.1.70 and subsequent versions, it has been fixed, but if the version is still before this version, there is still a vulnerability.