Attackers could achieve escalated SYSTEM privileges on Windows machines through the exploitation of a high-severity ASUS Armoury Crate system management software vulnerability, tracked as CVE-2025-3464, BleepingComputer reports.
Such a flaw which stems from a driver's use of hardcoded SHA-256 hash of AsusCertService.exe and a PID allowlist for caller verification could be abused by linking a benign test app to a bogus executable and later replacing the hard link to redirect to AsusCertService.exe to facilitate subsequent driver access, according to an advisory from Cisco Talos, whose researcher Marcin Noga reported the bug. With driver access enabling low-level system privileges, threat actors could infiltrate I/O ports, physical memory, and model-specific registers for complete operating system compromise. Active exploitation of the issue has not been observed. However, all Windows users with ASUS Armoury Crate versions between 5.9.9.0 and 6.1.18.0 have been urged to immediately apply updates available within the Armoury Crate app.
Such a flaw which stems from a driver's use of hardcoded SHA-256 hash of AsusCertService.exe and a PID allowlist for caller verification could be abused by linking a benign test app to a bogus executable and later replacing the hard link to redirect to AsusCertService.exe to facilitate subsequent driver access, according to an advisory from Cisco Talos, whose researcher Marcin Noga reported the bug. With driver access enabling low-level system privileges, threat actors could infiltrate I/O ports, physical memory, and model-specific registers for complete operating system compromise. Active exploitation of the issue has not been observed. However, all Windows users with ASUS Armoury Crate versions between 5.9.9.0 and 6.1.18.0 have been urged to immediately apply updates available within the Armoury Crate app.
