.png){kind=logo}
4 days ago
13
If you have an Asus PC, laptop, AIO, or mini PC, you might want to make sure your pre-installed apps are up-to-date. That's generally always good advice, but with the patching of a high-severity exploit in Asus' MyAsus app, it's particularly true right now.
As posted to the Asus security board, "An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent." With this, an attacker could mess with the app, "potentially resulting in arbitrary code execution". From here, the attacker could have a pretty serious level of access to your rig.
Asus warned users of its Intel motherboards just last month that they are potentially vulnerable to attacks that gain "unintended access to system memory" and would need to update. Like the latest vulnerability, it was of high severity but required local access to do the exploit. In this case, one could use a PCIe device to gain access to system memory between the first boot up and the OS managing DMA operations.
Just a month prior to that, Asus warned users to download updates for the MyAsus app and for its routers, as it had discovered and fixed new vulnerabilities present in both. The problem with issues in the MyAsus app is that potentially millions of users will just have it preinstalled without even thinking about it.
Naturally, flaws and exploits will be caught in software and hardware every day, so this is as good a chance as ever to go through your PC and make sure everything is up-to-date and looking good. You've likely got tonnes of apps that would never see an update if it weren't for automatic update tools, so it can't hurt to get ahead of the curve.
That reminds me, I need to… go do something.
English (US) ·