Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Privilege Escalation Flaws Found in Preinstalled Acer, ASUS Software

Vulnerabilities discovered in Acer and ASUS software preinstalled on most PCs from these companies could lead to privilege escalation and the execution of arbitrary payloads, SafeBreach warns.

Vulnerabilities discovered in Acer and ASUS software preinstalled on most PCs from these companies could lead to privilege escalation and the execution of arbitrary payloads, SafeBreach warns.

The first bug impacts Acer Quick Access, an application that allows users to toggle wireless devices on or off, to modify power-off USB charge settings and network sharing options, and more.

The issue, SafeBreach explains, is that part of the software runs with SYSTEM privileges, and it unsafely attempts to load three missing DLL files. An attacker with administrator privileges can plant malicious versions of these missing files and they would get executed with elevated permissions.

By exploiting this security hole, attackers can load and execute malicious payloads using a signed service, and can also achieve persistence — the payload would run every time the service is executed.

Reported to Acer in September 2019 and tracked as CVE-2019-18670, the vulnerability was addressed in Acer Quick Access versions 2.01.3028 and 3.00.3009.

The second flaw impacts ASUS ATK Package and can be exploited during the post-compromise phase of an attack, to achieve persistence and evade detection, SafeBreach says.

The researchers discovered that the application’s ASLDR Service (AsLdrSrv.exe), a signed process that runs at system startup with SYSTEM privileges, attempts to locate missing EXE files before loading the required executable.

Thus, an attacker could abuse the weakness to load and run an unsigned executable in the context of the privileged process. This could lead to defense evasion and persistence, as the payload would be run every time the service starts.

Advertisement. Scroll to continue reading.

Tracked as CVE-2019-19235, the vulnerability was found to impact ASUS ATK Package 1.0.0060 and all prior versions, and was addressed in November with the release of ATK Package 1.0.0061.

Related: Intel Patches Privilege Escalation Flaw in Rapid Storage Technology

Related: Flaw in HP Touchpoint Analytics Could Impact Many PCs

Related: Vulnerability Patched in Forcepoint VPN Client for Windows

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.