this post was submitted on 13 Jun 2025
26 points (88.2% liked)

Technology

71492 readers
3565 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
26
One-Click RCE in ASUS's Preinstalled Driver Software (mrbruh.com)
submitted 2 days ago by CaptainBasculin@lemmy.bascul.in to c/technology@lemmy.world
8 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] just_another_person@lemmy.world 1 points 2 days ago* (last edited 2 days ago) (4 children)

This person is getting to be fucking annoying.

The title is definitely not as described, only applies to Windows (I think), and won't work without a permissions escalation.

The only reason it's classified as a CVE is because they requested it be such.

There are no payload attacks proven here, or PoC attack code. This person has been posting pretty basic "hacks" for a few years, and makes a mountain out of an anthill every damn time.

🙄 Ugh

[–] priapus@piefed.social 2 points 2 days ago (1 children)

only applies to Windows (I think)

Well yeah, its a vulnerability in the windows software. Nothing they said implied otherwise.

and won't work without a permissions escalation.

I dont think thats true, could you explain why that would be? This article mentioned no need for a permissions escalation. In fact it seems that the RCE is automatically run as administrator by the driver process.

[–] Pirate@feddit.org 2 points 1 day ago (1 children)

I love how on Lemmy Windows is not immediately assumed to be the default OS, lol.

Are we all Linux users?

[–] mic_check_one_two@lemmy.dbzer0.com 2 points 19 hours ago* (last edited 19 hours ago)

Yeah, Lemmy has a VERY large Linux user base, which means Windows discussions tend to get mocked or dismissed. But the reality is that Windows is still the dominant OS for the vast majority of users, by leaps and bounds. Linux runs the world’s infrastructure, but Windows is what the average user boots up every day.

“This exploit only works on the average user’s OS. And it only works if the user clicks the “yes” button to escalate permissions, which they have been conditioned to always do without question. Obviously this isn’t an exploit to worry about.”

[–] ryannathans@aussie.zone 7 points 2 days ago (1 children)

How could it apply to any other operating system than Windows? Pre installed drivers, in a pre installed OS? They probably don't even write drivers for other OS

[–] just_another_person@lemmy.world -3 points 2 days ago

Wine or compatibility layers.

[–] lupusblackfur@lemmy.world 3 points 2 days ago

This person is getting to be fucking annoying.

🤷‍♂️ Sounds like a job for the "block user" feature... 🤔

[–] JackbyDev@programming.dev 0 points 2 days ago

"This only applies to the most widely used OS and won't work without someone clicking grant admin permissions which most people probably do blindly."

🙄 Ugh