Created to facilitate the updating of Menkhoods and other components, ASUS DriverHub software has serious safety failures that allow the execution of remote attacks. According to Hot Hardware, a loophole in the app allows it to validate HTTP orders that are not sent directly by the manufacturer.
The site explains that, in theory, the software should only authenticate orders that came directly from the address driverhub.asus.com. In practice, any other address that uses this structure as a base also works – like driverhub.asus.com.virus.ameaca, for example. With this, criminals can cause him to perform codes that compromise the users’ machine.
For this, it would be enough for them to send an alternative version of Asus installers to the address, which were modified to bring malicious files inside. What enables this to happen is the fact that the driverhub validates the digital signature of an installer, but does not verify the integrity of the files that are being added to the system.
Asus recommends installing the most up -to -date version of DriverHub
Officially, Asus states that the problem has already been corrected and that Everyone who uses driverhub must update it as soon as possible to its latest version. However, Hot Hardware points out that the company took a considerable time to resolve the issue after being alerted by security experts.
In February this year, the researcher “Leonjza” had already described the failure to the company, which took no concrete attitude at the time. It was only after another researcher known as Mrbruh warned about the problem and detail it on her personal website that the manufacturer launched the update.
The update for the latest version of Asus DriverHub can be done through the application itself, or the company’s official website. Although not essential for those who have a component manufactured by the company, the software stands out for gathering in an easily accessible center updates and resources that can prove very useful.
Fonte: PC Gamer, Hot Hardware
Join the Adrenaline offers group
Check out the main offers of hardware, components and other electronics we find over the internet. Video card, motherboard, RAM and everything you need to set up your PC. By participating in our group, you receive daily promotions and have early access to discount coupons.
Enter the group and enjoy the promotions
Source: https://www.adrenaline.com.br/seguranca/asus-driverhub-traz-falha-de-seguranca-que-permite-ataques-remotos/
