Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Comments Off on Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Security research firm SecureAuth has discovered multiple serious vulnerabilities in drivers distributed with various Asus and Gigabyte hardware components, which could give remote attackers the ability to execute code on a victim’s PC. The drivers are used by software utilities to let users control various features that these manufacturers implement, including RGB LED lighting effects, overclocking, fan speed controls, and performance monitoring. SecureAuth researcher Diego Juarez is credited with discovering these problems. The company says it contacted both Asus and Gigabyte starting in November 2017 and April 2018 respectively, but the companies have not done enough to mitigate the problems in their software and drivers.

In the case of Asus, the flaws were discovered in the GLCKIo and Asusgio drivers which are part of the company’s Aura Sync software. This package is distributed with multiple Asus hardware components and lets users synchronise RGB LED colours and animation patterns. This has become a major feature of both PC components and peripherals over the past two years. SecureAuth has published proofs of concept for three separate problems that can be used to execute arbitrary code with elevated privileges.

Asus has reportedly fixed one of the bugs but the other two are still exploitable, but has claimed that all three have been addressed. A timeline published by SecureAuth shows that it logged a number of attempts to contact Asus, with little success.

Gigabyte’s vulnerabilities relate to the GPCIDrv and GDrv drivers that are installed by its desktop monitoring and overclocking software for motherboards and graphics cards. The affected programs are called Gigabyte App Center, Aorus Graphics Engine, Xtreme Gaming Engine, and OC Guru II. The low-level kernel drivers they install communicate with the hardware in question to monitor its status and implement configuration changes. In this case, SecureAuth found four problems including one that allows untrusted code to read or write to areas of system memory that are meant to be restricted to security-privileged processes.

The company’s communications log in this case shows that Gigabyte simply denied that its products are affected by these flaws. The proofs of concept supplied by SecureAuth were able to cause system crashes and reboots because they were not designed to be malicious, only illustrate how the flaws work.

The research firm has now published its knowledge of these flaws because enough time has passed since the companies stopped responding and it deemed a public advisory necessary. SecureAuth points out that it has not tested every version of all the software these companies release, or similar software from other vendors, which could also just as easily be insecure.

admin

Related Posts

HP Omen 15 Gaming Laptop, Spectre x360 15 With OLED Display Launched at CES 2019

Comments Off on HP Omen 15 Gaming Laptop, Spectre x360 15 With OLED Display Launched at CES 2019

LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Comments Off on LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

AMD Ryzen finally makes octo-core processors affordable

Comments Off on AMD Ryzen finally makes octo-core processors affordable

Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Comments Off on Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Asus VivoBook S15, VivoBook S14 launched in India: Price, specifications

Comments Off on Asus VivoBook S15, VivoBook S14 launched in India: Price, specifications

HP, Acer Launch the First Chromebook Laptops With AMD Processors at CES 2019

Comments Off on HP, Acer Launch the First Chromebook Laptops With AMD Processors at CES 2019

MSI GS75 Stealth, MSI PS63 Modern Laptops Announced at CES 2019

Comments Off on MSI GS75 Stealth, MSI PS63 Modern Laptops Announced at CES 2019

LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Comments Off on LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

CES 2019: HP Chromebook x360 14 G1 Launched, a Premium Offering for Business Users

Comments Off on CES 2019: HP Chromebook x360 14 G1 Launched, a Premium Offering for Business Users

HP Envy x360 With AMD Ryzen Processor Launched in India; New Notebooks, Desktop Also Launched

Comments Off on HP Envy x360 With AMD Ryzen Processor Launched in India; New Notebooks, Desktop Also Launched

HP Revenue Tops Estimates on Personal Systems Business

Comments Off on HP Revenue Tops Estimates on Personal Systems Business

Intel ‘Ice Lake’ 10nm CPUs, ‘Lakefield’ Hybrid CPU, Slim ‘Project Athena’ 5G Laptops Announced at CES 2019 Jamshed Avari, 08 January 2019

Comments Off on Intel ‘Ice Lake’ 10nm CPUs, ‘Lakefield’ Hybrid CPU, Slim ‘Project Athena’ 5G Laptops Announced at CES 2019 Jamshed Avari, 08 January 2019

Create Account



Log In Your Account