Skip to main content
NewsPatch Management

ASUS Patches Live Update Bug

By March 28, 2019June 22nd, 2022No Comments
|||

ASUS Patches Live Update Bug

ASUS Live Update software has been leveraged in a massive supply chain attack called "ShadowHammer" that has targeted up to a million users.
[vc_empty_space]
[vc_single_image image=”28807″ img_size=”full” alignment=”center”]

ASUS has rushed out a patch for a major vulnerability that’s infecting thousands of PCs. The bug has allowed an advanced persistent threat group to launch “Operation ShadowHammer,” a massive supply-chain attack.

This exploit has targeted a variety of ASUS PCs with a backdoor injection technique linked to a faulty software update system. Kaspersky security researchers first discovered that the software was used to distribute malware to users in January 2019.

Who is affected?

Users of the ASUS Live Update Utility were the main targets of the attack. ASUS Live Update is pre-installed on most ASUS computers and is used to automatically update certain components such as BIOS, UEFI, drivers and applications. According to researchers, more than a million worldwide may have been impacted.

Kaspersky Lab said that the attackers first launched the exploit via stolen digital certificates used by ASUS to sign legitimate binaries. They then altered older versions of ASUS software to inject their own malicious code.

[vc_single_image image=”28813″ img_size=”full”]
If users have impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings.
[vc_separator css=”.vc_custom_1553731283910{padding-top: 30px !important;padding-bottom: 30px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]

Leave a Reply