Driverhunter

**Name of the Vulnerable Software and Affected Versions** ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver version 5.30.20.0 **Description** An issue in the component AsUpIO64.sys allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. **Recommendations** For version 5.30.20.0, consider disabling the AsUpIO64.sys component until a patch is available to prevent privilege escalation and arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** ASUS BIOS Flash Driver version 3.2.12.0 **Description** An issue in the component AsusBSItf.sys allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. **Recommendations** For version 3.2.12.0, consider disabling the AsusBSItf.sys component until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wistron Corporation TBT Force Power Control version 1.0.0.0 **Description** An issue in the component Access64.sys allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. **Recommendations** For version 1.0.0.0, consider restricting access to the Access64.sys component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable component to send crafted IOCTL requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS GPU TweakII version 1.4.5.2 **Description** The issue is related to the component IOMap64.sys of ASUS GPU TweakII, which allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. This is due to insecure privilege management. The exploitation of this issue can enable an attacker to elevate their privileges. **Recommendations** For version 1.4.5.2, consider disabling the IOMap64.sys component until a patch is available to prevent potential privilege escalation and arbitrary code execution. Restrict access to the IOCTL requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.