However, chances are that Asus may not be the only laptop maker with a PC utility that has been infected, at least temporarily and without getting caught by various sophisticated hacking groups.
#Asus live update utility drivers
The antivirus companies found Asus' update software to be vulnerable only for a limited period of time, but this may have been a strategy by the hacking group to minimize its exposure. ASUS Drivers Update Utility aims to help you by identifying the devices installed on your computer, reading the current driver version and checking for updates in an online database. In this case, not only did Asus ignore this issue for the past three years despite being warned about it by security researchers, but the company seemingly ignored it once again when existing attacks and not just theoretical ones, were showed to it by Kaspersky.ĭue to what seems to be mainly Kaspersky’s insistence on revealing the APT group’s attack to the public and fear of the press’ reaction, Asus was finally dragged kicking and screaming into updating its software with the proper modern security features that it should have used since at least 2016, after the aforementioned report came out. These vulnerabilities were detected in exploits in the wild. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. ASUS has released Live Update version 3.6.8. The chief of NSA’s TAO group also said in the past that exploiting OEMs’ software for notebooks is one of the easiest ways to hack a computer, because of how vulnerable these software tools tend to be and how little care laptop vendors tend to have for security in general. ASUS Releases Security Update for Live Update Software. Asus, one of the worst offenders among the vulnerable laptop makers, was guilty of not even using HTTPS encryption or signing or validating their software updates.Īt the time, the researchers that revealed this also found other critical vulnerabilities in these companies’ update tools that would have made it easy even for non-technical malicious hackers to infect targeted machines. Has Asus Learned Its Lesson?īack in 2016, a report came out that revealed how the top 5 notebook makers, including Asus, were ignoring security best practices for their devices that would have prevented this type of attack.
#Asus live update utility Patch
Now, Asus has released a patch for its software, as well as a diagnostic tool for Asus notebook customers that want to verify whether or not their Live Update software was infected with malware. The Intel® Driver & Support Assistant (Intel® DSA) can detect and offer updates for many of the drivers and software packages available on Download Center.There are, however, some drivers that are not supported by this tool. Kaspersky told Asus of the attack in January and published the story yesterday on Seclist and its blog.
0 kommentar(er)
