Windows 10 security breach highlights third-party vulnerabilities
The latest Windows 10 security compromise may have been nipped in the bud by Microsoft, but it is still a lesson for IT admins to work with third-party software companies they trust.
A flaw was discovered in January on Windows 10 laptops from the Huawei PCManager driver software, which was developed by the Chinese tech company. Microsoft’s Defender Advanced Threat Protection (ATP) discovered the bug before any significant damage could be done.
Huawei Technologies has a checkered history in the U.S. Earlier this year, Congress introduced legislation banning Huawei and another Chinese software manufacturer, ZTE, from government systems.
“Microsoft is only as strong as its weakest third party,” said Wes Miller, analyst at Directions on Microsoft, an independent Microsoft consultancy in Kirkland, Wash. “This wasn’t a Microsoft issue per se, but it becomes one when it’s a Windows issue.”
The Windows 10 security compromise used a third-party kernel to infiltrate the devices. Miller said third-party kernels remain vulnerable because writing the code for drivers can be a difficult process, even for experienced coders. Oftentimes, organizations will start the process with an existing code or prototype, leaving it open to vulnerabilities, he said. ..Read More..