One-Click RCE in ASUS’s Preinstalled Driver Software Part Two of this series on ASUS will be dropping by the end of (this) month (06), yes it somehow manages to get worse (Everyone who made an ASUS account may have their personal info exposed). Hi Low Level Fellas, Hope you enjoy my blog, there are a bunch more you can read on my homepage. I also have RSS and a new blog on the way so stay tuned!
  • priapus@piefed.socialEnglish
    2·
    1 day ago

    only applies to Windows (I think)

    Well yeah, its a vulnerability in the windows software. Nothing they said implied otherwise.

    and won’t work without a permissions escalation.

    I dont think thats true, could you explain why that would be? This article mentioned no need for a permissions escalation. In fact it seems that the RCE is automatically run as administrator by the driver process.

    • Cyberwolf@feddit.orgEnglish
      2·
      18 hours ago

      I love how on Lemmy Windows is not immediately assumed to be the default OS, lol.

      Are we all Linux users?

      • mic_check_one_two@lemmy.dbzer0.comEnglish
        1·
        1 hour ago

        Yeah, Lemmy has a VERY large Linux user base, which means Windows discussions tend to get mocked or dismissed. But the reality is that Windows is still the dominant OS for the vast majority of users, by leaps and bounds. Linux runs the world’s infrastructure, but Windows is what the average user boots up every day.

        “This exploit only works on the average user’s OS. And it only works if the user clicks the “yes” button to escalate permissions, which they have been conditioned to always do without question. Obviously this isn’t an exploit to worry about.”