Lately, three well-known players in the computer industry are in trouble over vulnerabilities discovered in their Windows OS applications by SafeBreach.
The trio composed of Intel, ASUS & Acer have these applications pre-installed and so leave all users vulnerable, not just selective ones who would have downloaded these as in the case of normally found software.
Firstly, Acer’s Quick Access program was found to be vulnerable to DLL hijacking through which attackers could obtain system rights allowing them to run malicious files.
See: New Linux vulnerability puts VPN connections at risk of hijacking
Caused due to a lack of digital certificate validation and an uncontrollable search part; this would be a move away from the traditional way of tricking the user to run such files. In this case, the attacker could just do it themselves making the process easier.
Furthermore, the attacker could also operate as NT AUTHORITY/ SYSTEM, the most powerful account privilege wise in Windows. Currently, the bug has infected versions 2.01.3000 to 2.01.3027 and 3.00.3000 to 3.00.3008 of the Quick Access app.
On the other hand, versions 2.01.3028 and 3.00.3009 have been patched. If you’re an Acer user, it is recommended that you check your app’s version through the “Uninstall programs” feature and proceed accordingly.
Coming to Intel, the most well known of the three thanks to its processors, its Rapid Store Technology program has been found vulnerable.
Just like in Acer’s case, this is also due to a DLL vulnerability with the only difference being that administrator privileges are required to obtain system rights. Users are recommended to proceed with any Intel updates at the moment as the firm released a patch recently on December 10.
Moving on to ASUS, their ASLDR service in the ASUS ATK package has been affected which can install malicious software through a process known as “Code Signing Abuse.”
Safebreach further elaborates by stating how “this vulnerability could have been exploited by an attacker during the post-exploitation phase, in order to achieve persistence and in some cases defense evasion.” Only version 1.0.0060 and those preceding it are affected though and hence users who have been regularly updating their software are safe.
In conclusion, it is recommended that if you happen to have one of the three aforementioned software, just update them and you’ll be safe.
See: Vulnerability expose Barco wireless presentation system to remote attacks
For these companies, it has mostly been and again is a question of their penetration testing abilities. But it is also wise to know that no matter how much testing is done, flaws will always be there, no code can be 100% secure.