How Microsoft found a Huawei driver that opened systems to attack
By Peter Bright
Monitoring systems were looking for attacks using technique popularized by the NSA.
Huawei MateBook systems that are running the company's PCManager software included a driver that would let unprivileged users create processes with superuser privileges. The insecure driver was discovered by Microsoft using some of the new monitoring features added to Windows version 1809 that are monitored by the company's Microsoft Defender Advanced Threat Protection (ATP) service.
Comments
Post a Comment