ASUS Patches Live Update Bug

ASUS Patches Live Update Bug

ASUS has rushed out a patch for a major vulnerability that’s infecting thousands of PCs. The bug has allowed an advanced persistent threat group to launch “Operation ShadowHammer,” a massive supply-chain attack.

This exploit has targeted a variety of ASUS PCs with a backdoor injection technique linked to a faulty software update system. Kaspersky security researchers first discovered that the software was used to distribute malware to users in January 2019.

Who is affected?

Users of the ASUS Live Update Utility were the main targets of the attack. ASUS Live Update is pre-installed on most ASUS computers and is used to automatically update certain components such as BIOS, UEFI, drivers and applications. According to researchers, more than a million worldwide may have been impacted.

Kaspersky Lab said that the attackers first launched the exploit via stolen digital certificates used by ASUS to sign legitimate binaries. They then altered older versions of ASUS software to inject their own malicious code.

If users have impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings.

Recent Posts

Topics

Related Posts

How to Protect Your Enterprise from BlackCat/ALPHV Ransomware

How to Protect Your Enterprise from BlackCat/ALPHV Ransomware

November 17, 2023
November 2023 Patch Tuesday: Microsoft releases 57 fixes this month including 3 Critical and 3 Weaponised Threats

November 2023 Patch Tuesday: Microsoft releases 57 fixes this month including 3 Critical and 3 Weaponised Threats

November 14, 2023
Elevate Your MSP Business

Elevate Your MSP Business

November 9, 2023
In the News: The Gately Report: Cybersecurity Shines at Channel Futures Leadership Summit

In the News: The Gately Report: Cybersecurity Shines at Channel Futures Leadership Summit

November 7, 2023