Security News > 2021 > September > ASUS patches ROG Armoury Crate app after researcher spots all-too-common flaw
A flaw in ASUS's ROG Armoury Crate hardware management app could have allowed low-privileged users to execute code as administrator.
Federico discovered the vuln after taking a close look at ROG Armoury Crate, finding a DLL hijacking vuln that allowed ordinary users to execute code with SYSTEM privileges after pasting a crafted file into a directory used by the app.
Analysing boot logs from Process Monitor allowed Federico to see that Armoury Crate version 4.2.8 was calling a DLL file from a folder inside C:ProgramData, a folder which ordinary users on a Windows 10 PC can write to without requiring an admin password or any other escalated privileges.
"This kind of software is usually poorly designed from a security perspective - not shaming ASUS here, it's just a matter of fact as gaming software is usually not designed with security in mind, it has to be flashy and eye-catching - so I ended up focusing my effort on this particular piece of software," commented Federico.
The latest version of Armoury Crate, 4.2.10, fixed the flaw.
The time to remediation was notably short: it took just 18 days between the vuln being reported and patched, with the fix being incorporated in the company's next scheduled update run for Armoury Crate.