The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops.
The PCManager software included in some Huawei’s Matebook systems allows unprivileged users to create processes with superuser privileges, according to a March 25 Microsoft security post.
Upon investigation, researchers found a driver containing components that run with ring-0 privileges in the kernel.
“We traced the anomalous behavior to a device management driver developed by Huawei,” researchers said in the post. “Digging deeper, we found a lapse in the design that led to a vulnerability that could allow local privilege escalation.”
This type of vulnerability is similar to a technique used in the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers back. In 2017 hackers attacked scores of computers with malware inspired by the exploit following the NSA data leak.
Researchers who reported the vulnerability to Huawei said the company responded and cooperated quickly and professionally. A patch was released earlier this year on Jan. 19.
Earlier this week, the European Union ignored recent calls from the U.S. to ban Huawei products out of fear of Chinese cyberespionage, as the EU rolled out its 5G security guidelines.
