CVE-2022-36439

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface versions prior to 3.1.5.0 AsusSoftwareManager.exe versions prior to 1.0.53.0 AsusLiveUpdate.dll versions prior to 1.0.45.0

Description The issue is related to incorrect default permissions in the System Control Interface and AsusSwitch drivers, as well as the AsusLiveUpdate.dll library for Windows operating systems. This allows a local user to write into the Temp directory and delete other more privileged files via SYSTEM privileges.

Recommendations For ASUS System Control Interface versions prior to 3.1.5.0, update to version 3.1.5.0 or later. For AsusSoftwareManager.exe versions prior to 1.0.53.0, update to version 1.0.53.0 or later. For AsusLiveUpdate.dll versions prior to 1.0.45.0, update to version 1.0.45.0 or later. As a temporary workaround, consider restricting access to the Temp directory to minimize the risk of exploitation.