CVE-2018-16711

Name of the Vulnerable Software and Affected Versions IObit Advanced SystemCare versions 1.2.0.5 and possibly earlier

Description The issue is related to privilege management errors in the utility. It may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Specifically, the driver's subroutine executes a wrmsr instruction with user-defined content from a buffer sent via an IOCTL (0x9C402088).

Recommendations For versions 1.2.0.5 and possibly earlier, consider restricting access to the IOCTL (0x9C402088) to minimize the risk of exploitation. As a temporary workaround, avoid using the Monitor win10 x64.sys or Monitor win7 x64.sys drivers until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.