CVE-2021-28685

Name of the Vulnerable Software and Affected Versions: ASUS GPUTweak II versions prior to 2.3.0.3

Description: The issue allows low-privileged users to interact directly with physical memory by calling certain driver routines that map physical memory into the virtual address space of the calling process. It also enables interaction with MSR registers, which could allow low-privileged users to achieve NT AUTHORITYSYSTEM privileges via a DeviceIoControl.

Recommendations: For versions prior to 2.3.0.3, update to version 2.3.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the AsIO2 64.sys and AsIO2 32.sys drivers to minimize the risk of exploitation.