Sam Kim

**Name of the Vulnerable Software and Affected Versions** ASUS EC Tool driver (aka d.sys) versions prior to the fixed version asus armoury crate versions prior to 5.3.4.1 **Description** The issue concerns a driver that provides raw read and write access to port I/O and MSRs via unprivileged IOCTL calls, allowing local users to gain privileges. This has been exploited in real-world incidents, including attacks by the Lazarus group, which targeted security researchers and media companies in the US and Europe. The attackers used phishing schemes, including sending malicious documents, to deploy backdoors and gain control over targeted systems. The estimated number of potentially affected devices is not specified. **Recommendations** For ASUS EC Tool driver (aka d.sys) versions prior to the fixed version: Update to the latest version that contains the fix for this issue. For asus armoury crate versions prior to 5.3.4.1: Update to version 5.3.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable IOCTL handlers until a patch is available. Restrict access to the affected driver to minimize the risk of exploitation. Avoid using the affected driver in sensitive environments until the issue is resolved.