Azure File Sync Agent v4.2 Release – December 2018 (KB4459990)

Update for Azure File Sync agent version 4.2.0.0. For more details, see the associated Microsoft Knowledge Base article...

Rust: Multiple vulnerabilities

Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact A remote attacker able to control the val...

CVE-2018-18536

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges...

CVE-2018-18537

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address...

CVE-2018-18536

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges...

CVE-2018-18535

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-0 code...

CVE-2018-18537

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address...

CVE-2018-18535

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-0 code...

Path traversal

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address...

Code injection

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges...

Code injection

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-0 code...

CVE-2018-18537

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address...

CVE-2018-18535

CVE-2018-18535 affects the Asusgio low-level driver in ASUS Aura Sync versions 1.07.22 and earlier. The driver exposes functionality to read and write Machine Specific Registers (MSRs), which can be leveraged to execute arbitrary ring-0 code via local access. The vulnerability is described as a l...

CVE-2018-18536

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges...

CVE-2018-18537

CVE-2018-18537 affects the GLCKIo low-level driver in ASUS Aura Sync prior to v1.07.22, where an exposed IOCTL path permits writing an arbitrary DWORD to an arbitrary address due to insufficient access control. This enables local privilege escalation by manipulating kernel memory. Documented impa...

CVE-2018-18536

The CVE-2018-18536 issue concerns ASUS Aura Sync’s GLCKIo and Asusgio low-level drivers (version 1.07.22 and earlier). The drivers expose functionality to read/write data from/to IO ports, which can be leveraged on a local system to run code with elevated privileges. Documented impact is local co...

CVE-2018-18535

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-0 code...

ASUS Aura Sync Arbitrary Code Execution Vulnerability

ASUS Aura Sync is a suite of lighting management software from ASUS. An arbitrary code execution vulnerability exists in ASUS Aura Sync version 1.07.22. A local attacker can exploit this vulnerability to execute arbitrary ring-0 code...

ASUS Aura Sync Arbitrary Code Execution Vulnerability

ASUS Aura Sync is a suite of lighting management software from ASUS. An arbitrary code execution vulnerability exists in ASUS Aura Sync version 1.07.22. A local attacker can exploit this vulnerability to write an arbitrary DWORD to an arbitrary address...

ASUS Aura Sync versions 1.07.22 Driver Privilege Escalation Exploit

Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected. ASUS Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title:...