DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
August 8, 2020 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 99 people online.

 

Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
 

Follow us
RSS
 

Seven vulnerabilities discovered in ASUS and Gigabyte GPU/motherboard drivers

Posted on Thursday, December 20 2018 @ 18:29:22 CET by


SecureAuth security researchers discovered a total of seven vulnerabilities affecting five pieces of software from ASUS and Gigabyte. In the case of ASUS, the vulnerable drivers are installed by the Aura Sync software, while in the case of Gigabyte the drivers are distributed with motherboards and video cards.
Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be exploited for local code execution.

The drivers from GIGABYTE are distributed with motherboards and graphics cards of the same brand as well as from the company's subsidiary, AORUS.

The vulnerabilities lead to privilege escalation via software like the GIGABYTE App Center (v1.05.21 and below), AORUS Graphics Engine (v1.33 and below), the XTREME Engine utility (v1.25 and earlier), and OC Guru II (v2.08).
Some of the flaws enable an attacker to take full control over your system. ASUS was first informed about the vulnerabilities in November 2017, the company claimed to have addressed the vulnerabilities in March 2018 but SecureAuth noticed the latest driver releases still contained two of the three problems.

Gigabyte was made aware of the vulnerabilities in April 2018, but its Technical support team replied in May 2018 "that Gigabyte is a hardware company and they are not specialized in software." More technical details were requested, and Gigabyte's last answer was a statement that its products are not affected by the reported vulnerabilities. Definitely a weird statement as exploitation code exists for some of the vulnerabilities. Full details at BleepingComputer.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba