SIMonline

Service receive & sending SMS

Huawei Tool Security Errors

197   |     /   Security

Huawei Tool Security Errors
Microsoft researchers have identified a potentially serious vulnerability in privilege escalation and arbitrary code execution in a tool from Huawei. The vendor has released updates that should fix the flaws.



Get sms on a virtual number on the SIM website online. About your phone from spam.

Security errors were discovered after the kernel sensors in Microsoft Advanced Defender Advanced Threat Protection (ATP) detected abnormal behavior associated with the Huawei device control driver.

Further analysis showed that the Huawei PCManager tool, which the Chinese giant provides for its MateBook laptops, has a vulnerability that can be used to increase local privileges. The bug tracked as CVE-2019-5241 can be used to elevate privileges if an attacker could force the target user to execute a malicious application.

In analyzing this flaw, Microsoft researchers also discovered CVE-2019-5242, a flaw in Huawei PCManager that can be used to execute arbitrary code. According to Microsoft, the vulnerability "allowed low-privilege code to read and write outside processes — into other processes, or even into kernel space." The company claims that this could lead to a "complete compromise on the computer."

In January, Huawei fixed vulnerabilities, which she classified as "high severity." Users can install the update manually, but the vulnerable product also supports automatic updates.

On March 25, Microsoft posted a blog post that provided technical details and described how the flaws were discovered. Problems were also uncovered last month at the Microsoft Blue Hat conference in Israel.

“Two vulnerabilities that we found in the driver prove the importance of developing software and products with security in mind. Safety boundaries must be respected. The attack surface should be minimized as much as possible. In this case, the flaws could have been prevented if certain precautions had been taken, ”writes the Microsoft Defender research group on his blog.

Researchers often find vulnerabilities in tools provided by major equipment suppliers. Potentially serious flaws were discovered last year in applications from Intel, Dell, Lenovo, and LG.


Similar news


Many vulnerabilities discovered in Oracle Java Card technology

Oracle's Java Card technology is designed to provide a secure environment for applications that run on smart cards, SIM cards, embedded secure elements, and other trusted devices that have limited memory and processing capabilities. Oracle claims that technology is deployed on nearly six billion devices per year, including in the financial, telecommunications, and government sectors.

Facebook pays $ 10,000 for DoS error in Fizz TLS library

Although Facebook’s error reward program usually does not cover Denial of Service (DoS) vulnerabilities, the social media giant has decided to award a significant reward for a serious flaw related to Fizz, its open source TLS library.

Fire Control: API Automation Risks

Consider trends in API attacks, such as current (and failed) architectural solutions to secure these API transactions.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2020

All rights reserved