1. Forum
  2. tqwNet
  3. TQW GENTECH

  • ASUS DriverHub driver management tool targeted by RCE vulnerabili

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 13, 2025 14:45:08
    ASUS DriverHub driver management tool targeted by RCE vulnerability

    Date:
    Tue, 13 May 2025 13:30:00 +0000

    Description:
    ASUS patched a critical vulnerability in its driver management tool and is urging users to apply the fix.

    FULL STORY ======================================================================A security researcher discovered a major flaw in ASUS DriverHub The flaw allows users to run malicious code remotely A patch was already released

    DriverHub, ASUS official driver management tool, was carrying a critical vulnerability that allowed threat actors to execute malicious code on
    affected devices, remotely. It was recently discovered, and a patch was released, so users are urged to apply it as soon as possible to mitigate potential risks.

    ASUS DriverHub is a piece of software that automatically downloads and installs the latest drivers for ASUS devices including laptops, motherboards, and peripherals. Its goal is to keep the devices updated at all times,
    without needing too much manual intervention. According to BleepingComputer , DriverHub comes preinstalled on some devices, and constantly runs in the background (which makes sense if it is to keep software updated at all
    times).

    Now, a security researcher with the alias MrBruh said that DriverHub suffered from poor validation of commands. This allowed him to chain together two vulnerabilities, now tracked as CVE-2025-3462, and CVE-2025-3463, and get the tool to run malicious software.

    Save up to 68% on identity theft protection for Techradar readers

    TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

    Preferred partner ( What does this mean? ) View Deal Releasing the patch

    He reported his findings on April 8, and ASUS came back with a patch ten days later, on April 18. Although, the company says the disruptive potential of
    the flaw is somewhat limited: "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints," ASUS said, describing the CVE.

    It still strongly recommended users apply the patch. "This update includes important security updates and ASUS strongly recommends that users update their ASUS DriverHub installation to the latest version," the company said in a security advisory.

    "The latest Software Update can be accessed by opening ASUS DriverHub, then clicking the "Update Now" button." Ironically enough, the tool that handles all driver installs automatically needs to be patched - manually.

    According to CyberInsider , the vulnerability window has been open for an indeterminate period but since there are no reports of abuse in the wild, its safe to assume that MrBruh was the first one to spot the bug.

    Via BleepingComputer You might also like Asus patches security flaw which could have bricked servers Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/asus-driverhub-driver-management-tool-t argeted-by-rce-vulnerability


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)