ASUS System Analysis IO Improper Access Control Vulnerability in AsusSAIO.sys Driver

A vulnerability has been identified in the AsusSAIO.sys driver associated with ASUS System Analysis IO version 1.0.0. This vulnerability allows low-privileged users to bypass access controls and misuse driver functionalities by sending specially crafted IOCTL requests. The exploitation of this vulnerability could lead to privilege escalation, unauthorized code execution with elevated rights, and information disclosure. Additionally, because these drivers are signed, they could potentially be used to circumvent Microsoft's driver-signing policy to execute malicious code.

Impact

Exploitation of this vulnerability could result in privilege escalation, allowing low-privileged users to gain higher rights. It also enables unauthorized code execution with elevated privileges and could lead to information disclosure. Furthermore, according to the vulnerability source, this signed driver could be used to bypass the Microsoft driver-signing policy to deploy malicious code.

Reproduction

The vulnerability can be reproduced by sending crafted IOCTL requests to the AsusSAIO.sys driver. This can be done using a user-mode application that interacts with the driver through the DeviceIoControl function. The specific IOCTL codes used to exploit the vulnerability include 0x80102074 for memory mapping, 0x80102090, 0x80102084, 0x80102088 for writing to Model Specific Registers (MSRs), and 0x80102070 for reading from and writing to I/O ports. Low-privileged users can perform these actions, taking advantage of the driver's lack of proper privilege restrictions.