Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Privilege Escalation Flaws Found in Preinstalled Acer, ASUS Software

Vulnerabilities discovered in Acer and ASUS software preinstalled on most PCs from these companies could lead to privilege escalation and the execution of arbitrary payloads, SafeBreach warns.

Vulnerabilities discovered in Acer and ASUS software preinstalled on most PCs from these companies could lead to privilege escalation and the execution of arbitrary payloads, SafeBreach warns.

The first bug impacts Acer Quick Access, an application that allows users to toggle wireless devices on or off, to modify power-off USB charge settings and network sharing options, and more.

The issue, SafeBreach explains, is that part of the software runs with SYSTEM privileges, and it unsafely attempts to load three missing DLL files. An attacker with administrator privileges can plant malicious versions of these missing files and they would get executed with elevated permissions.

By exploiting this security hole, attackers can load and execute malicious payloads using a signed service, and can also achieve persistence — the payload would run every time the service is executed.

Reported to Acer in September 2019 and tracked as CVE-2019-18670, the vulnerability was addressed in Acer Quick Access versions 2.01.3028 and 3.00.3009.

The second flaw impacts ASUS ATK Package and can be exploited during the post-compromise phase of an attack, to achieve persistence and evade detection, SafeBreach says.

The researchers discovered that the application’s ASLDR Service (AsLdrSrv.exe), a signed process that runs at system startup with SYSTEM privileges, attempts to locate missing EXE files before loading the required executable.

Thus, an attacker could abuse the weakness to load and run an unsigned executable in the context of the privileged process. This could lead to defense evasion and persistence, as the payload would be run every time the service starts.

Advertisement. Scroll to continue reading.

Tracked as CVE-2019-19235, the vulnerability was found to impact ASUS ATK Package 1.0.0060 and all prior versions, and was addressed in November with the release of ATK Package 1.0.0061.

Related: Intel Patches Privilege Escalation Flaw in Rapid Storage Technology

Related: Flaw in HP Touchpoint Analytics Could Impact Many PCs

Related: Vulnerability Patched in Forcepoint VPN Client for Windows

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights