- GIGABYTE and ASUS provide drivers that can give attackers full access to your system.
- The vulnerabilities allow the execution of code at the highest possible permissions level.
- Both companies were alerted of the bugs and did almost nothing to address them after many months.
As disclosed by SecureAuth, a security research company, GIGABYTE and ASUS distribute drivers that come with serious vulnerabilities that allow an attacker to seamlessly raise his/her permissions on the systems that use the drivers and execute arbitrary code. These vulnerabilities were found in four drivers, installed by the Aura Sync software, GIGABYTE App Center, AORUS Graphics Engine, XTREME Engine utility, and the OC Guru II.
Starting with GIGABYTE, the SecureAuth researchers have discovered that an attacker could potentially take full control of the system by using non-privileged low-integrity level user processes to communicate system calls to the drivers. Researchers have created a proof of concept that granted them read/write access to virtual memory, leading to a system crash. A second bug/security hole allowed the researchers to gain access to read/write data from and to input and output ports in the system. To demonstrate the bug severity once again, the researchers increased their user privileges and placed the system in a boot-loop. The possible elevation of the permissions level can reach up to “ring-0”, which is reserved for the OS kernel and is technically the highest. This means that an attacker could run code at the highest permissions level, having no limits on what can be achieved against the victim.
The bugs that SecureAuth found in ASUS’s Aura Sync drivers are similar from a technical perspective and equally severe in terms of the level of the permission elevation that can be achieved. The researchers have again discovered that the AsusGIO drivers allow code execution at the highest permission level, while this time, there was a number of ways to run malicious code. Researchers could do it through the model-specific registers, bypassing the kernel address space layout randomization (KASLR), or through reading/writing data from and to input/output ports again. Once again, and only for purposes of demonstration, SecureAuth wrote code that puts the system into crashes and reboots, but a person with more cruel intentions could do anything really.
SecureAuth informed both companies through separate advisories, sending the proof of concept code along with the technical details of their findings. To their surprise, GIGABYTE responded by claiming that according to their PM and engineers, its products are not affected by the reported vulnerabilities. ASUS. on the other side, did acknowledge the findings of SecureAuth and assured that they would address them in the next Aura Sync update. However, about four months later, a new version of ASUS’s utility tool only fixed one of the three bugs that were reported. Thus SecureAuth made a full disclosure of the bugs that plague the products of the two hardware manufacturers to the public.
Are you a GIGABYTE’s or ASUS’ products user, and do you trust your vendor’s software utilities and drivers? Let us know in the comments below, and don’t forget to like and share this story by visiting our socials on Facebook and Twitter.