Alarming ASUS Armoury Crate Vulnerability Can Give Hackers Admin Access
The ASUS Armoury Crate software was designed to help users control and customize system settings like RGB lighting, fan speeds, and system configurations on ASUS PCs. However, the As103.sys functionality of the software has a flaw that could allow hackers to bypass authorization and gain direct access.
Here's how. The Armoury Crate suite uses a kernel driver to communicate directly with system hardware. But instead of using appropriate OS-level access controls to confirm callers before granting handle access, the kernel driver uses an embedded SHA-256 hash of AsusCertService.exe and a list of Process IDs.
The problem, however, is that hackers can find their way around this authorization mechanism by deploying sophisticated tactics to mislead the system. If they succeed, they could gain unwarranted access to systems' physical memory, I/O ports, and MSRs (model-specific registers), allowing full control over a victim's operating system and all its functions.
Image Credit: Talos Intelligence
However, to exploit this vulnerability, an attacker must already have some form of access to the system, usually through methods such as phishing, malware infection, or a compromised low-permission account.
Talos intelligence published a full report on this security flaw. ASUS recommends updating your Armory Crate installation to the latest version to reduce your chances of falling victim to a successful exploit. You can do this under Settings > Update Center > Check For Updates > Update.
