maxkabakov - Fotolia

Windows 10 security breach highlights third-party vulnerabilities

The recent Windows 10 PC security breach brought on by third-party software from a Chinese tech company raises concern about the security strength of third-party providers.

The latest Windows 10 security compromise may have been nipped in the bud by Microsoft, but it is still a lesson for IT admins to work with third-party software companies they trust.

A flaw was discovered in January on Windows 10 laptops from the Huawei PCManager driver software, which was developed by the Chinese tech company. Microsoft's Defender Advanced Threat Protection (ATP) discovered the bug before any significant damage could be done.

Huawei Technologies has a checkered history in the U.S. Earlier this year, Congress introduced legislation banning Huawei and another Chinese software manufacturer, ZTE, from government systems.

"Microsoft is only as strong as its weakest third party," said Wes Miller, analyst at Directions on Microsoft, an independent Microsoft consultancy in Kirkland, Wash. "This wasn't a Microsoft issue per se, but it becomes one when it's a Windows issue."

The Windows 10 security compromise used a third-party kernel to infiltrate the devices. Miller said third-party kernels remain vulnerable because writing the code for drivers can be a difficult process, even for experienced coders. Oftentimes, organizations will start the process with an existing code or prototype, leaving it open to vulnerabilities, he said.

"If it were designed to be secure, the code that was compromised would have had some checks and balances that it did not have," Miller said.

In response, Microsoft has put significant emphasis into Microsoft Defender ATP, which ultimately discovered the breach. Microsoft recently upgraded its Defender ATP product, adding tamper protection to prevent malware from turning off antivirus programs, as well as extending support to macOS, resulting in the rebranding from Windows Defender ATP to Microsoft Defender ATP.

The sensors within Windows 10 that triggered Microsoft Defender ATP were put in place in response to the WannaCry security breach in 2017, which infected roughly 200,000 Windows PCs and caused a brief panic for the U.K.'s National Health Service.

This back and forth between improving malware protection and the sophistication of the malware itself is ongoing, according to Steve Wilson, analyst at Constellation Research.

Microsoft is only as strong as its weakest third party.
Wes MillerAnalyst, Directions on Microsoft

"It's a vivid arms race. These sorts of hacks on the drivers were followed by the retrofitting of sensors to monitor the kernel," Wilson said. "Now, the attackers are working around the sensors."

Wilson added that because the kernels have third-party components, it's becoming more difficult for IT admins to keep them under control.

"The big software companies effectively lost control of their OSes over time," Wilson said.

And with the migration toward embedding OSes into IoT devices that could span industries from healthcare to automotive, securing these devices will be an increasingly important priority, according to Wilson.

"It's unconscionable that flabby, untestable, multiauthor operating systems are being foisted on the public -- not just in personal computers, but across day-to-day devices," Wilson said. "It would be expensive to call a halt and take the time to properly reintegrate secure kernels into commercial software, but we can't afford not to."

The news of this January Windows 10 security breach comes just a week after Microsoft announced it will stop updating Windows 7 for security flaws and vulnerabilities on Jan. 14, 2020. Beginning April 18, Windows 7 users will begin receiving warnings about the impending cutoff.

Dig Deeper on Windows OS and management

Virtual Desktop