Article Details
Scrape Timestamp (UTC): 2025-05-12 14:08:35.774
Source: https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html
Original Article Text
Click to Toggle View
ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files. ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a dedicated site hosted at "driverhub.asus[.]com." The flaws identified in the software are listed below - Security researcher MrBruh, who is credited with discovering and reporting the two vulnerabilities, said they could be exploited to achieve remote code execution as part of a one-click attack. The attack chain essentially involves tricking an unsuspecting user into visiting a sub-domain of driverhub.asus[.]com (e.g., driverhub.asus.com.<random string>.com) and then leveraging the DriverHub's UpdateApp endpoint to execute a legitimate version of the "AsusSetup.exe" binary with an option set to run any file hosted on the fake domain. "When executing AsusSetup.exe it first reads from AsusSetup.ini, which contains metadata about the driver," the researcher explained in a technical report. "If you run AsusSetup.exe with the -s flag (DriverHub calls it using this to do a silent install), it will execute whatever is specified in SilentInstallRun. In this case, the ini file specifies a cmd script that performs an automated headless install of the driver, but it could run anything." All an attacker needs to successfully pull off the exploit is to create a domain, and host three files, the malicious payload to be run, an altered version of AsusSetup.ini that has the "SilentInstallRun" property set to the malicious binary, and AsusSetup.exe, which then make use of the property to run the payload. Following responsible disclosure on April 8, 2025, the issues were fixed by ASUS on May 9. There is no evidence that the vulnerabilities have been exploited in the wild. "This update includes important security updates and ASUS strongly recommends that users update their ASUS DriverHub installation to the latest version," the company said in a bulletin. "The latest Software Update can be accessed by opening ASUS DriverHub, then clicking the 'Update Now' button."
Daily Brief Summary
ASUS has issued updates for its DriverHub software to fix two critical vulnerabilities allowing remote code execution.
The security flaws could enable attackers to execute arbitrary code by manipulating HTTP requests and modifying .ini files.
DriverHub, which assists in identifying and updating necessary drivers by connecting to a specific ASUS-hosted site, was the target of these vulnerabilities.
An attack involves deceiving a user into visiting a malicious sub-domain and executing altered "AsusSetup.exe" via the DriverHub's endpoint.
The attack chain includes a modified ".ini" file that triggers a script to install or execute potentially harmful content on the affected system.
Security researcher MrBruh discovered these vulnerabilities and reported them leading to their fix by ASUS after years of potential exposure.
ASUS has not detected any instances of the vulnerabilities being exploited in the wild but urges users to update their DriverHub software immediately.