Allele Security Alert
ASA-2018-00097, CORE-2017-0012, CVE-2018-18535
Driver allows non-privileged user access to MSR register
ASUS Aura Sync
ASUS Aura Sync v1.07.22 and previous versions
Proof of concept
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges.
Asusgio exposes a functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
Diego Juarez (SecureAuth) and Leandro Cuozzo (SecureAuth)
ASUS Drivers Elevation of Privilege Vulnerabilities
[CORE-2017-0012] – ASUS Drivers Elevation of Privilege Vulnerabilities
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 3, 2019