The compromised Asus Live Update utility was signed with an older but still legitimate Asus digital signature. It was later disclosed that mainly Asus laptops were affected by this incident.Īn older version of the Asus Live Update utility was compromised by unknown attackers so that it would inject a backdoor within the Asus Live Update utility when it was running. While primarily users in Asia and Russia were targeted a graph of victim’s distribution by country shows users within South America, Europe and the US. This number was later revised to possibly affecting just over a million users. This incident took place from June to November 2018 and was initially thought to have affected approximately 60,000 users. When did this attack take place and what was affected? If you are affected, contact Kaspersky, contact Asus or use the anti-malware tools to try attempt removal of the backdoor ( defined) yourself.
If you know how to obtain the MAC address of your network card manually you can use the online tool.
TL DR: If you own or use any Asus laptop or desktop system, please check if your device is affected using the downloadable tool from Kaspersky (which checks the MAC address ( defined) of your network card). Responding to the Asus Live Update Supply Chain CompromiseĮarlier last week the security vendor Kaspersky detailed their initial findings from the compromised supply chain of the Taiwanese hardware vendor Asus. This entry was posted in Malware, Security Advice, Security Vulnerabilities and tagged Acer, Acer Quick Acces, Asus, Asus ATK Package, Intel Optane Memory Accelerator, Intel RST, SafeBreach on Decemby JimC_Security. Intel Rapid Storage Technology Service – DLL Preloading and Potential Abuses CVE-2019-14568 Intel Optane Memory Accelerator Patched DriverĪcer Quick Access – DLL Search-Order Hijacking and Potential Abuses (CVE-2019-18670)ĪSUS ATK Package – Unquoted Search Path and Potential Abuses (CVE-2019-19235)
Intel Rapid Storage Technology (RST) Driver (also affects Intel Optane Memory Accelerator drivers): To check the installed version of ATK Package and to download the latest version, visit Īcer Quick Access (pre-installed on most Acer systems):Īcer Quick Access Security Vulnerability information If you use any of the above products, please update them using the download links provided below. How can I protect my organisation or myself from these vulnerabilities? I later found that my Intel Optane Memory Accelerator fitted to my Intel X299 motherboard is also vulnerable to the Intel RST driver vulnerability. These issues are made more serious by the widespread nature of these products. Why should these vulnerabilities be considered important?Īll of the vulnerabilities could allow an attacker to download a malicious payload, load persistent malware at system start-up and bypass Application Whitelisting and escalate to the highest level of privilege on Windows system namely that of kernel model. In late December a team of security researchers with the security firm SafeBreach published security advisory for Asus, Acer and Intel products that are pre-loaded on many devices from those manufacturers.
If you have any of the following applications or drivers are installed on your personal systems, please consider updating your drivers using the links below to resolve the reported security vulnerabilities.