[ad_1]
Microsoft announces "fatal weakness" in Huawei's program
Microsoft Corp. revealed a security flaw in software produced by Huawei, a Chinese company called PC Manager, preloaded on Huawei laptops and tablet PCs in an unprecedented incident between the two companies.
Microsoft has described the "fatal" vulnerability as opening a slot in Windows 10 that gives attackers the opportunity to exercise absolute control over computers where the program is located.
A statement to Microsoft said that Windows 10 devices, especially the 1809 version, could become vulnerable to total control of attackers who manage to exploit and exploit this vulnerability. Microsoft has confirmed that it has discovered the gap since January 2019 and coordinated its activities with Huawei, which in turn had reviewed and developed security updates to avoid it.
According to the release, members of the Microsoft Information security team working on a software package called Microsoft Defender ATP have discovered the flaw in security checks to locate and search for malware to search for new strains of virus file encryption. The famous ransom known as Wana Krai, which has shown signs of emergence and spread again after the first wave of large-scale attacks in 2017, has infected more than 300,000 people around the world. the British health sector has been a major victim.
Information security experts at Microsoft have estimated the vulnerability at 7.3 degrees under 10 on the Windows operating system.
Amit Rappaport, researcher at the ATP security team, said the team had developed new software tools to capture unusual activities indicating malware or malware that could affect the Windows operating system. and the computers running them. In preparation for the expected attack "Wana Krai".
"During testing, the sensors indicated that there was a flaw in Huawei's PC Manager program and that this flaw could give attackers an inexpensive and effective way of undermining the core software's core security. Windows 10, "he said.
Microsoft has confirmed that the new detection tools were part of its response to the detection and detection of malware, designed to solve the problem of detecting malicious code running in the software kernel, as well as for the detection of the software injected under the name of "asynchronous procedure call code". And then, follow this harmful software such as the "Double Bolcher" program, which is secretly implanted in devices, a hacker product of the US National Security Agency, and which was leaked by a group of hackers to the US. outside the agency known as 'ghost brokers', and the tool The President to Shen Gang Wana Carey in 2017.
For its part, began to 'Huawei' move to circle this loophole and eliminate, and published the section of the security guidelines on its official website details of the incident.
Huawei said that he was determined to best protect the ultimate interests of users, the principle of responsible disclosure and the handling of product safety issues through its response mechanism.
The vulnerability has been described as an "escalation of excellence in the PC management product", which could cause the attacker to mislead the user to install and execute a malicious application aimed at exploiting the vulnerability.
The company pointed out that she had carried out security updates to address this deficiency, as well as device users, tablet "MetBock" and mobile access to these links updates identified, confirming that the program would receive assistance and automatic updates after this time. All users are required to install the update and uninstall the version on devices. They must also obtain all the updates on the official website of Huawei Business or via the links you have specified. They should not use links or other sites claiming to have these updates.
Source link
