bssunilreddy
Luminary
Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities
In the case of Asus, the flaws were discovered in the GLCKIo and Asusgio drivers which are part of the company's Aura Sync software. This package is distributed with multiple Asus hardware components and lets users synchronise RGB LED colours and animation patterns. This has become a major feature of both PC components and peripherals over the past two years. SecureAuth has published proofs of concept for three separate problems that can be used to execute arbitrary code with elevated privileges.
Asus has reportedly fixed one of the bugs but the other two are still exploitable, but has claimed that all three have been addressed. A timeline published by SecureAuth shows that it logged a number of attempts to contact Asus, with little success.
Gigabyte's vulnerabilities relate to the GPCIDrv and GDrv drivers that are installed by its desktop monitoring and overclocking software for motherboards and graphics cards. The affected programs are called Gigabyte App Center, Aorus Graphics Engine, Xtreme Gaming Engine, and OC Guru II. The low-level kernel drivers they install communicate with the hardware in question to monitor its status and implement configuration changes. In this case, SecureAuth found four problems including one that allows untrusted code to read or write to areas of system memory that are meant to be restricted to security-privileged processes.
The company's communications log in this case shows that Gigabyte simply denied that its products are affected by these flaws. The proofs of concept supplied by SecureAuth were able to cause system crashes and reboots because they were not designed to be malicious, only illustrate how the flaws work.
The research firm has now published its knowledge of these flaws because enough time has passed since the companies stopped responding and it deemed a public advisory necessary. SecureAuth points out that it has not tested every version of all the software these companies release, or similar software from other vendors, which could also just as easily be insecure but pointed out that MSI is the only company which has its software or drivers to be secure which follow either Intels or AMDs recommendations regularly by updating its drivers accordingly.
PS: SecureAuth also found same vulnerabilities in drivers of Asrock motherboards but Asrock provided updated drivers that fixed the said vulnerabilities.
Advisories | SecureAuth
Please follow the links given below:
Asus:ASUS Drivers Elevation of Privilege Vulnerabilities | SecureAuthGIGABYTE Drivers Elevation of Privilege Vulnerabilities | SecureAuth
Gigabyte:
Asrock(with updated or fixed drivers included):ASRock Drivers Elevation of Privilege Vulnerabilities | SecureAuth
Source:RGB LEDs Could Let Attackers Take Control of Your PC
- A security research firm has found flaws in Asus and Gigabyte's drivers
- Utilities to control RGB LEDs, overclocking and performance are affected
- Neither company took adequate steps to fix the problems despite warnings
- MSI is found to be the only vendor with secure or up to date driver updates
In the case of Asus, the flaws were discovered in the GLCKIo and Asusgio drivers which are part of the company's Aura Sync software. This package is distributed with multiple Asus hardware components and lets users synchronise RGB LED colours and animation patterns. This has become a major feature of both PC components and peripherals over the past two years. SecureAuth has published proofs of concept for three separate problems that can be used to execute arbitrary code with elevated privileges.
Asus has reportedly fixed one of the bugs but the other two are still exploitable, but has claimed that all three have been addressed. A timeline published by SecureAuth shows that it logged a number of attempts to contact Asus, with little success.
Gigabyte's vulnerabilities relate to the GPCIDrv and GDrv drivers that are installed by its desktop monitoring and overclocking software for motherboards and graphics cards. The affected programs are called Gigabyte App Center, Aorus Graphics Engine, Xtreme Gaming Engine, and OC Guru II. The low-level kernel drivers they install communicate with the hardware in question to monitor its status and implement configuration changes. In this case, SecureAuth found four problems including one that allows untrusted code to read or write to areas of system memory that are meant to be restricted to security-privileged processes.
The company's communications log in this case shows that Gigabyte simply denied that its products are affected by these flaws. The proofs of concept supplied by SecureAuth were able to cause system crashes and reboots because they were not designed to be malicious, only illustrate how the flaws work.
The research firm has now published its knowledge of these flaws because enough time has passed since the companies stopped responding and it deemed a public advisory necessary. SecureAuth points out that it has not tested every version of all the software these companies release, or similar software from other vendors, which could also just as easily be insecure but pointed out that MSI is the only company which has its software or drivers to be secure which follow either Intels or AMDs recommendations regularly by updating its drivers accordingly.
PS: SecureAuth also found same vulnerabilities in drivers of Asrock motherboards but Asrock provided updated drivers that fixed the said vulnerabilities.
Advisories | SecureAuth
Please follow the links given below:
Asus:ASUS Drivers Elevation of Privilege Vulnerabilities | SecureAuthGIGABYTE Drivers Elevation of Privilege Vulnerabilities | SecureAuth
Gigabyte:
Asrock(with updated or fixed drivers included):ASRock Drivers Elevation of Privilege Vulnerabilities | SecureAuth
Source:RGB LEDs Could Let Attackers Take Control of Your PC