Os investigadores da Microsoft descobriram duas vulnerabilidades, uma permite o escalonamento de privilégios e a outr execução arbitrária de código numa ferramenta da Huawei, ambas as falhas foram classificadas com “alta severidade”.
Os especialistas descobriram as falhas porque os sensores kernel do ATP (Microsoft Threater’s Advanced Threat Protection) detectaram um comportamento anormal associado a um driver de gestão de dispositivos da Huawei.
Uma análise mais detalhada revelou que a ferramenta PCManager da Huawei pré-instalada em laptops MateBook é afetada por uma vulnerabilidade (CVE-2019-5241) que pode ser explorada por um invasor para escalonamento de privilégios locais. Um invasor pode acionar a falha enganando as vítimas para que executem uma app maliciosa.
“We discovered such a driver while investigating an alert raised by Microsoft Defender Advanced Threat Protection’s kernel sensors. We traced the anomalous behavior to a device management driver developed by Huawei. Digging deeper, we found a lapse in the design that led to a vulnerability that could allow local privilege escalation.” reads the security advisory published by Microsoft.
“We reported the vulnerability (assigned to CVE-2019-5241) to Huawei, who responded and cooperated quickly and professionally. On January 9, 2019, Huawei released a fix.”
Os investigadores da Microsoft também descobriram outra falha no Huawei PCManager, identificada como CVE-2019-5242, que pode ser explorada para a execução arbitrária de código.
“Having been able to freely invoke IOCTL handlers of the driver from user-mode, we looked for other capabilities that can be abused. We found one: the driver provided a capability to map any physical page into user-mode with RW permissions.” continues Microsoft.
“Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. This, of course, means a full machine compromise.”
As duas vulnerabilidades foram divulgadas em fevereiro na conferência Blue Hat da Microsoft em Israel.
A gigante das telecomunicações chinesa corrigiu ambas as vulnerabilidades em janeiro.
“The two vulnerabilities we discovered in a driver prove the importance of designing software and products with security in mind. Security boundaries must be honored. Attack surface should be minimized as much as possible. In this case, the flaws could have been prevented if certain precautions were taken,” concludes Microsoft.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.