A BUGGY HUAWEI TOOL left Windows 10 users open to hacks that could have compromised the security of the operating system's kernel.
Security boffins from Microsoft discovered a pretty nasty local privileged execution vulnerability in the Huawei PCManager driver software, found in machines like the MateBook X Pro, after new kernel sensors were brought into Windows 10 through the much-maligned October 2018 Update.
As the Huawei tool taps into Windows 10 at a kernel level, Redmond noted that the flaw could be exploited to gain access to the critical guts of the OS without needing to breach or bypass the protections Windows 10 applies to its kernel.
By exploiting the flaw, hackers could take code with low access privileges, run it in more critical processes and read and write it into kernel space. As such, the flaw could have facilitated a "full machine compromise".
For a hacker to do this they'd need direct access to a targeted machine, as they'd need to create a malicious instance of the MateBookService.exe in order to gain the privileges they'd need to then gain influence over the Windows 10 kernel.
"An attacker-controlled instance of MateBookService.exe will still be granted access to the device \\.\HwOs2EcX64 and be able to call some of its IRP functions," said Microsoft Defender's Amit Rapaport.
"Then, the attacker-controlled process could abuse this capability to talk with the device to register a watched executable of its own choice. Given the fact that a parent process has full permissions over its children, even a code with low privileges might spawn an infected MateBookService.exe and inject code into it."
Microsoft alerted Huawei to the flaw, which patched it in January, so there's no need to panic if you're using a Huawei laptop. But the bug is indicative of some of the dangers pre-installed, third-party software can pose if it's not robustly secured.
One way to avoid that is to get a computer with no third-party bits stuck onto Windows 10, and if we were to recommend one we'd give the Surface Laptop 2 the nod. µ
'Some of us like the misery'
That'll surely affect its credit score