A naukri.com initiative
Tech Radar
3w
176
Image Credit: Tech Radar
A key Asus Windows tool has a worrying security flaw - here's how to stay safe
- Asus has released a patch for CVE-2025-3464, a high-severity authentication bypass flaw affecting Armoury Crate.
- The vulnerability could lead to full device compromise by allowing unauthorized driver access.
- A security researcher discovered that the driver authenticates requests using a hardcoded SHA-256 hash.
- Threat actors could exploit the flaw to obtain SYSTEM privileges on a Windows device.
- The vulnerability, tracked as CVE-2025-3464, has a severity score of 8.4/10.
- All versions between 5.9.9.0 and 6.1.18.0 of Armoury Crate were vulnerable.
- Asus recommends users update to the latest version of Armoury Crate to secure their devices.
- The flaw does not appear to have been exploited, but users are urged to update as a precaution.
- Armoury Crate is a centralized hub for managing Asus and ROG hardware, offering performance control and updates.
- Users can update Armoury Crate via Settings > Update Center > Check for Updates > Update.
- Asus found that a threat actor must have system access beforehand to exploit the vulnerability.
- Asus confirmed that the flaw has been patched to prevent unauthorized driver access.
- The authentication bypass flaw could allow threat actors to gain full device takeover.
- The vulnerability does not currently show signs of exploitation in the wild.
- Asus suggests immediate updating of Armoury Crate to protect against possible abuse.
Read Full Article
10 Likes
For uninterrupted reading, download the app