

The vulnerable component also works with system privileges, allowing attackers to execute malicious code with a system level of access.Įxperts note that to use this bug attacker needs administrator rights. The ASLDR service, which is part of the Asus ATK Package, accesses nonexistent EXE files. The company assigned the bug identifier CVE-2019-18670 and fixed it in Acer Quick Access v./.Īnalysts have found a similar problem in Asus products. In September, experts told developers about the existing threat. This allows an attacker to replace libraries without having to authenticate them with a legitimate certificate. The second problem with Acer Quick Access is that the program does not specify the digital signature of the downloaded software. The vulnerable service uses the LoadLibraryW process for this operation – unlike LoadLibraryExW, it does not check the access path to the target files.

The vulnerable program is executed every time the system starts, so hackers can ensure a constant presence on the computer”, – experts of SafeBreach inform.Īs the experts explained, the developers made a mistake of an Uncontrolled Search Path Element, which caused the threat of unsafe loading of libraries.

Thus, if an attacker can inject his own files onto the computer, Acer Quick Access will open them and execute with maximum permissions. Further research showed that upon startup this utility accesses three non-existent libraries.
ACER UPDATE DECRYPTER EXECUTION DRIVER
Asus laptops were vulnerable due to an error in the Asus ATK Package, which includes a driver and several utilities for managing power and hot keys.Īnalysts pointed out that Acer Quick Access runs with system privileges and therefore may be of interest to hackers. It automates the configuration of frequently used functions, including interaction with wireless devices, network data exchange and USB ports. In the case of Acer, the problem is contained in the Acer Quick Access application.
ACER UPDATE DECRYPTER EXECUTION SOFTWARE
SafeBreach experts discovered vulnerabilities that allow execution of the third-party code on preinstalled software on Acer and Asus computers.
