- Asus launched a patch for CVE-2025-3464, a high-severity authentication bypass flaw
- The difficulty impacts Armoury Crate, a centralized hub for managing ASUS and ROG {hardware}
- The flaw might presumably result in full system takeover
Asus says it has fastened a high-severity vulnerability that might have allowed menace actors to bypass authentication necessities and procure SYSTEM privileges on a Home windows system.
Lately, a safety researcher from Cisco Talos found an Armoury Crate kernel-mode driver doesn’t depend on correct OS-level checks, however as an alternative authenticates requests utilizing a hardcoded SHA-256 hash of AsusCertServices.exe and a PID allowlist.
Because of this a menace actor can create a tough hyperlink from a benign executable to a placeholder file, launch the app, after which swap the hyperlink to level to the trusted Asus binary. When the driving force verifies the hash, it should acknowledge a trusted signature, regardless that the attacker’s course of is now utilizing that context.
Fastened with updates
The top result’s unauthorized driver entry, which might result in full system compromise. The excellent news is that with a purpose to abuse this vulnerability, the menace actor should acquire system entry beforehand (both by means of stolen/bought credentials, or a backdoor).
The vulnerability was present in Armoury Crate, an Asus utility generally pre-installed on ROG and TUF laptops and desktops.
It serves as a centralized hub for managing Asus and ROG {hardware}, together with RGB lighting, fan curves, and the efficiency of various peripherals – and may also be used to handle driver and firmware updates.
The difficulty is now tracked as CVE-2025-3464, and has a severity rating of 8.4/10 (excessive), as per NVD.
All variations between 5.9.9.0 and 6.1.18.0 have been mentioned to be weak, and to safe their gadgets, customers ought to replace to the most recent model of Armoury Crate: That may be accomplished by navigating to Settings > Replace Middle > Examine for Updates > Replace.
Asus mentioned it discovered no proof that the flaw is being abused within the wild, however nonetheless “strongly recommends” customers replace their installations as quickly as attainable.
Through BleepingComputer
