back to article ASUS patches ROG Armoury Crate app after researcher spots all-too-common flaw

A flaw in ASUS's ROG Armoury Crate hardware management app could have allowed low-privileged users to execute code as administrator. The now-patched privilege escalation vulnerability was uncovered by "Federico" from Italian hacker collective APTortellini. Federico discovered the vuln after taking a close look at ROG Armoury …

  1. Snake Silver badge

    But, but...

    RGB makes everything run faster!!!

  2. Slipoch

    Not the only problems

    They are using nahimic drivers which are essentially malware.

    The system also overrides your settings when new drivers are released and re-activates the drivers.

  3. david 12 Silver badge

    Program Data

    c:\ProgramData is the replacement for AllUser AppData. It has become the default installation folder for all kinds of content, exactly because it is unsecured.

    Other games put 50GB of content into user \ roaming \ appdata, either because they haven't noticed AllUser, or because they want a different 50GB for every user. Putting 50GB into 'roaming' even I can't explain.

    The problem is that for users, stuff that wants admin permission is another irritating popup. Unless they know enough to be scared of admin requests, in which case it's even worse. So developers look for someplace to drop content, and they find places where they /are/ permitted to drop content, and it's OK, because if it wasn't OK, then the OS wouldn't let you do that, right?

    1. Richard 12 Silver badge

      Re: Program Data

      Vectorworks (a CAD application) also stuffs multiple GB into Roaming.

      I can vaguely see why it's per-user, but as it's actually a cache for all the modules you downloaded it probably shouldn't roam - especially to another machine that won't have VWX installed.

  4. WonkoTheSane
    Linux

    There is another way

    Use open source, hardware agnostic, cross-platform OpenRGB instead.

  5. Anonymous Coward
    Anonymous Coward

    Thanks for the heads-up.

    I just updated but I'm still on 4.1.6.0, not 4.2.10.

    However "Armoury Crate lite service" is now showing 4.2.10 so you probably mean that. It might be worth confirming it and tweaking the article.

  6. Robert Helpmann??
    Childcatcher

    FTFY

    "This kind of software is usually poorly designed from a security perspective ... it's just a matter of fact as gaming almost no software is usually not designed with security in mind..."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022