News Gigabyte Driver Used to Disable Antivirus Software in RobbinHood Ransomware Scheme

Coolmeadow Kid

Distinguished
Jan 29, 2011
13
0
18,510
0
Which Gigabyte/Aorus boards or drivers are vulnerable? That's something I would have liked to see in the original story. Maybe a link to a list. I'm not very tech savvy, so would like to know what needs to be updated to secure my systems.
 
Last edited:

Chung Leong

Notable
Dec 6, 2019
386
131
860
0
Which Gigabyte/Aorus boards or drivers are vulnerable? That's something I would have liked to see in the original story. Maybe a link to a list. I'm not very tech savvy, so would like to know what needs to be updated to secure my systems.
All Windows PC are vulnerable to this. There's nothing you can do to secure your system, other than not running the executable.
 

Coolmeadow Kid

Distinguished
Jan 29, 2011
13
0
18,510
0
All Windows PC are vulnerable to this. There's nothing you can do to secure your system, other than not running the executable.
Thank you for the reply. But one thing doesn't make sense, that is if all the information in the article is correct. It states that Gigabyte stopped supporting that driver instead of patching it. So did they keep using it without blocking a hacker? The way it's written, my first thought is they came out with a new driver. If Gigabyte is still using the flawed driver, quit supporting it, and didn't issue a patch, then in my eyes, they are complicit with the hackers.
 
Which Gigabyte/Aorus boards or drivers are vulnerable? That's something I would have liked to see in the original story. Maybe a link to a list. I'm not very tech savvy, so would like to know what needs to be updated to secure my systems.
BleepingComputer lists these four apps as having the vulnerability:

GIGABYTE App Center (v1.05.21 and below)
AORUS Graphics Engine (v1.33 and below)
XTREME Engine utility (v1.25 and earlier)
OC Guru II (v2.08)
 

razor512

Distinguished
Jun 16, 2007
2,052
7
19,815
15
Was just about to post that, just found it crazy how the article lacked that info. The source article linked to the CVE that detailed the issue, but subsequent articles skipped it.
This gives the false impression that there is nothing you can do when in reality, it is a few applications that no one uses.
 

Chung Leong

Notable
Dec 6, 2019
386
131
860
0
If Gigabyte is still using the flawed driver, quit supporting it, and didn't issue a patch, then in my eyes, they are complicit with the hackers.
The vulnerability can't be eliminated by a patch. The crooks will just continue to bundle the vulnerable version of the driver. To stop the OS from trusting the driver, the key used to sign it has to be revoked. But that would render other drivers signed with the same key unusable as well.
 

Chung Leong

Notable
Dec 6, 2019
386
131
860
0
This gives the false impression that there is nothing you can do when in reality, it is a few applications that no one uses.
You're missing the point. In a ransomeware scenario, the victim is tricked into downloading and running the malware. The vulnerable driver doesn't need to be present prior to the attack. The malware itself can install it. Windows will ask for permission but the mildly worded warning won't defer people.
 

ASK THE COMMUNITY

TRENDING THREADS