A high-seriousness in the Asus Armary Cret Software may allow vulnerability danger actors to increase their privileges to the system level on Windows machines.
Security issue has been tracked Cve-2025-3464 And obtained a serious score of 8.8 out of 10.
This can be exploited to bypass the authority and affects the ASIO3.sys of Armary crate system management software.
Armary Crate is the official system control software for Windows from ASUS, which provides a centralized interface to control RGB lighting (Abha Sink), adjusts the fan decrease, manages the performance profiles and asus perdits, as well as the driver and the firmware update.
To perform all these tasks and provide low-level system monitoring, software suits use kernel drivers to access and control hardware facilities.
Cisco Talos researcher Marsin “Icewall” Noga reported CVE -2025-3464 to Tech Company.
according to a Talos advisorThe issue lies in the driver, which verifies the callers based on a hardcode SHA-256 hash, instead of using proper OS-Level Access Control and a hardcode of a pid allowance.
Exploitation of defects involves creating a hard link for a fake executionable from a benign test app. The attacker launches the app, prevents it, and then swaps the hard link to indicate asuscertservice.exe.
When the driver examines the SHA-256 hash of the file, it now reads a reliable binary linked binary, allowing the test app to bypass the authority and get access to the driver.
This attacker gives a grant to the lower-level system privileges, providing them direct access to physical memory, I/O port, and model-specific registers (MSRS), which opens the path to compromise a full OS.
It is important to note that to take advantage of the attacker CVE-2015-3464, it must be on the system (malware infection, fishing, unexpected accounts).
However, wide deployment of software on computers worldwide can significantly represent an attack surface for exploitation to become attractive.
Cisco Tello recognized that the CVE-2025-3464 Armary Crete Edition affects 5.9.13.0, but Asas bulletin The defect of the note affects all versions between 5.9.0 and 6.1.18.0.
To reduce the safety problem, it is recommended to open the Armary Cret app and apply the latest updates for update by opening the Armary Cret app and “update center”> “update”> “update.
Cisco reported the blame to Asus in February, but so far no exploitation has been seen in the wild. However, “Asus strongly recommends that users update their Armary Cret Installations in the latest version.”
Windows kernel driver bugs that lead to increasing local privileges are popular among hackers, including ransomware actors, malware operations and threat to government agencies.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
