Huawei MateBook laptops running the company's PCManager software included a backdoor that would let unprivileged users take over "superuser" privileges, according to a Microsoft report, which credit's Huawei assistance in finding and remediating the problem.
Huawei patched the software and issued an advisory in January.
Microsoft researchers say they spotted the flaw after investigating an alert raised by Microsoft Defender Advanced Threat Protection's kernel sensors. Microsoft reported the vulnerability to Huawei, "who responded and cooperated quickly and professionally," according to a Monday post by the Microsoft Defender Research Team, which goes into technical detail on how Microsoft discovered the source of the problem.
The vulnerability is similar to a backdoor technique used by the NSA, according to a report on SC Magazine.
News of the backdoor is a bad look for Huawei -- at least at first. The US is accusing Huawei of installing backdoors in its networking gear, at the behest of the Chinese government. Huawei denies the accusations; the US has never provided proof of the existence of the backdoors and its finger-pointing has been met by skepticism in other countries.
In this specific case, Huawei acted promptly to mitigate and disclose a possible security problem -- and Microsoft acknowledges its efforts. Also, this particular vulnerability doesn't look Chinese in origin; its inspiration is reportedly red, white and blue.
- With a Little Help From US, Huawei Is Morphing Into a Devices Business
- UK Security Report Piles Pressure on Huawei
- US Military Plans 5G Tests, Likely With Nokia, Ericsson Equipment
— Mitch Wagner Executive Editor, Light Reading