ASUS ROG Armoury Crate, Breach Status Full RGB Alert

Source: The Register ASUS ROG Armoury Crate, Breach Status Full RGB Alert

ASUS Wasted No Time Patching, So Get That Update Now

RGB lovers beware, for the ASUS ROG Armoury Crate app will happily load a DLL from a folder inside C:\ProgramData\, which anyone and their dog can write to.  That means that the DLL could be easily modified or replaced and suddenly you have some code running on your machine you didn’t want.

ASUS quickly patched the flaw, only 18 days elapsed between the vulnerability being revealed by “Federico” from Italian hacker collective APTortellini and the release of Armoury Crate 4.2.10.  If you are running an older version of the RGB controlling software you should definitely consider updating it ASAP.

If this sounds a little familiar, it is because a variety of other vendors have recently had similar security issues, including Dell’s Support Assist and everyone’s favourite orange icon from EA Games. 

The latest version of Armoury Crate, 4.2.10, fixed the flaw. The time to remediation was notably short: it took just 18 days between the vuln being reported and patched, with the fix being incorporated in the company's next scheduled update run for Armoury Crate.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!