Just a couple of days after Asus was targeted, Microsoft has found a critical vulnerability inside Huawei laptop. The vulnerability has left Huawei users exposed to kernel-level attacks.
The vulnerability was found in Huawei PCManager software which comes pre-installed on almost all the Huawei laptops. Since the software communicates with Windows 10 on kernel-level, Microsoft noted (via The Inquirer) that this can be exploited to gain access to the Operating System without needing to go through the protections Windows 10 applies to its kernel.
An attacker-controlled instance of MateBookService.exe will still be granted access to the device \\.\HwOs2EcX64 and be able to call some of its IRP functions. Then, the attacker-controlled process could abuse this capability to talk with the device to register a watched executable of its own choice. Given the fact that a parent process has full permissions over its children, even a code with low privileges might spawn an infected MateBookService.exe and inject code into it.
While Huawei has already patched the issue in January of 2019, this just goes to show the risks that third-party softwares pose to the everyday user. No doubt the third-party softwares installed by OEMs are useful but make users vulnerable to attacks if not managed properly. Huawei and Asus are the perfect examples of the mismanaged of the security aspects of the third-party softwares.