ASUS Wasted No Time Patching, So Get That Update Now
RGB lovers beware, for the ASUS ROG Armoury Crate app will happily load a DLL from a folder inside C:\ProgramData\, which anyone and their dog can write to. That means that the DLL could be easily modified or replaced and suddenly you have some code running on your machine you didn’t want.
ASUS quickly patched the flaw, only 18 days elapsed between the vulnerability being revealed by “Federico” from Italian hacker collective APTortellini and the release of Armoury Crate 4.2.10. If you are running an older version of the RGB controlling software you should definitely consider updating it ASAP.
If this sounds a little familiar, it is because a variety of other vendors have recently had similar security issues, including Dell’s Support Assist and everyone’s favourite orange icon from EA Games.
The latest version of Armoury Crate, 4.2.10, fixed the flaw. The time to remediation was notably short: it took just 18 days between the vuln being reported and patched, with the fix being incorporated in the company's next scheduled update run for Armoury Crate.