Avid gamers with Asus gadgets must replace their techniques ASAP: A lately disclosed vulnerability in Armoury Crate permits hackers to realize low-level system privileges, doubtlessly compromising your OS.
How the Armoury Crate bug works
Armoury Crate is an Asus utility—typically preinstalled—that manages Asus and ROG software program and peripherals. This vulnerability, tracked as CVE-2025-3464, permits menace actors to skirt authentication necessities and procure SYSTEM privileges on Home windows machines. As Tech Radar stories, the flaw within the Armoury Crate kernel-mode driver verifies calls utilizing a hardcoded SHA-256 hash of AsusCertServices.exe and a PID allowlist moderately than OS-level entry checks.
If exploited, the bug would allow driver entry, which might lead to full OS takeover. That mentioned, attackers should already be in your system—the results of malware, phishing, or stolen credentials—to take benefit.
CVE-2025-3464 was reported by a researcher at Cisco Talos and is taken into account excessive severity (with a rating of 8.4 out of 10).
This is not the primary safety problem Asus has confronted in latest months. The corporate patched a distant code execution vulnerability in DriverHub in Might and has additionally been a goal for menace actors spreading malware. A marketing campaign referred to as CoffeeLoader—recognized earlier this yr—impersonated Armoury Crate to ship infostealers to person techniques.
What do you suppose thus far?
Replace Armoury Crate to the newest model
Whereas Asus says there is no indication that the vulnerability has been exploited within the wild, customers ought to nonetheless replace to the newest model of Armoury Crate. The flaw impacts all variations between 5.9.9.0 and 6.1.18.0.
To obtain and set up updates, open the Armoury Crate app and navigate to Settings > Replace Middle > Examine for Updates > Replace.
