ASUS Releases Security Update for Live Update Software

ASUS has released as ecurity update to address a vulnerability in their Live Update utility. A remote unauthenticated attacker could exploit this vulnerability to take control of an affected system.

Threat ID:: CC-2995
Category:
Threat Severity:: Low
Threat Vector:
Published:: 27 March 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

ASUS has released as ecurity update to address a vulnerability in their Live Update utility. A remote unauthenticated attacker could exploit this vulnerability to take control of an affected system.

Threat details

It is understood that this vulnerability was exploited as part of the Operation: Shadowhammer campaign.

Remediation steps

Type	Step
	ASUS have confirmed that an update should be applied automatically as it becomes available, users and administrators are encouraged to review the ASUS advisory and FAQ pages for further information and to confirm they have received the update. They have also produced a diagnostic tool that user may run on their devices to determine if they are affected, this can be downloaded from the advisory page.

Type

Step

ASUS have confirmed that an update should be applied automatically as it becomes available, users and administrators are encouraged to review the ASUS advisory and FAQ pages for further information and to confirm they have received the update. They have also produced a diagnostic tool that user may run on their devices to determine if they are affected, this can be downloaded from the advisory page.

Last edited: 14 February 2020 2:45 pm