How Microsoft found a Huawei driver that opened systems to attack

By Peter Bright

Monitoring systems were looking for attacks using technique popularized by the NSA.

Huawei MateBook systems that are running the company's PCManager software included a driver that would let unprivileged users create processes with superuser privileges. The insecure driver was discovered by Microsoft using some of the new monitoring features added to Windows version 1809 that are monitored by the company's Microsoft Defender Advanced Threat Protection (ATP) service.

Read more at Ars Technica