Ryan Warns

**Name of the Vulnerable Software and Affected Versions** AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility version 5.11.9.0 **Description** An issue was discovered in the atillk64.sys driver, which exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). This allows arbitrary MSR writes, leading to Ring-0 code execution and escalation of privileges. **Recommendations** For version 5.11.9.0, consider disabling the atillk64.sys driver until a patch is available to prevent arbitrary MSR writes and potential Ring-0 code execution. Restrict access to the vulnerable driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AMD OverDrive (affected versions not specified) **Description** An issue was discovered in AODDriver2.sys, where the vulnerable driver exposes a wrmsr instruction via IOCTL "0x81112ee0" and does not properly filter the Model Specific Register (MSR). This allows arbitrary MSR writes, which can lead to Ring-0 code execution and escalation of privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moo0 System Monitor version 1.83 **Description** An issue was discovered in the WinRing0x64.sys driver, which exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). This allows arbitrary MSR writes, leading to Ring-0 code execution and escalation of privileges. **Recommendations** For Moo0 System Monitor version 1.83, consider disabling the WinRing0x64.sys driver until a patch is available to prevent arbitrary MSR writes. Restrict access to the IOCTL 0x9C402088 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AIDA64 versions prior to 5.99 **Description** An issue was discovered in kerneld.sys. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. **Recommendations** For versions prior to 5.99, update to version 5.99 or later to resolve the issue. As a temporary workaround, consider restricting access to the kerneld.sys driver to minimize the risk of exploitation. Avoid using the IOCTL 0x80112084 instruction in the affected driver until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TechPowerUp GPU-Z versions prior to 2.23.0 **Description** An issue was discovered in the GPU-Z.sys driver, which exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). This allows arbitrary MSR writes, leading to Ring-0 code execution and escalation of privileges. **Recommendations** For versions prior to 2.23.0, update to version 2.23.0 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable driver until a patch is available. Restrict access to the IOCTL endpoint to minimize the risk of exploitation. Avoid using the `wrmsr` instruction in the affected driver until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Gigabyte APP Center version 19.0227.1 and earlier **Description** An issue was discovered in the gdrv.sys driver. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. **Recommendations** For Gigabyte APP Center version 19.0227.1 and earlier, update to version 19.0227.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL 0xC3502580 to minimize the risk of exploitation.