SecureAuth security researchers discovered a total of seven vulnerabilities affecting five pieces of software from ASUS and Gigabyte. In the case of ASUS, the vulnerable drivers are installed by the Aura Sync software, while in the case of Gigabyte the drivers are distributed with motherboards and video cards.
Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be exploited for local code execution.
The drivers from GIGABYTE are distributed with motherboards and graphics cards of the same brand as well as from the company's subsidiary, AORUS.
The vulnerabilities lead to privilege escalation via software like the GIGABYTE App Center (v1.05.21 and below), AORUS Graphics Engine (v1.33 and below), the XTREME Engine utility (v1.25 and earlier), and OC Guru II (v2.08).
Some of the flaws enable an attacker to take full control over your system. ASUS was first informed about the vulnerabilities in November 2017, the company claimed to have addressed the vulnerabilities in March 2018 but SecureAuth noticed the latest driver releases still contained two of the three problems.
Gigabyte was made aware of the vulnerabilities in April 2018, but its Technical support team replied in May 2018 "that Gigabyte is a hardware company and they are not specialized in software." More technical details were requested, and Gigabyte's last answer was a statement that its products are not affected by the reported vulnerabilities. Definitely a weird statement as exploitation code exists for some of the vulnerabilities. Full details at BleepingComputer.