Asus releases patch to fix Operation ShadowHammer vulnerability in Live Update Utility
In response to the media firestorm concerning Operation ShadowHammer, a major attack affecting tens of thousands of users, Asus has released a patch to fix a security flaw in their Live Update Utility software.
Several media outlets (including Notebookcheck) reported on a large-scale attack carried out by an advanced persistent threat (APT) that targeted Asus-made computers. The attack, named “Operation ShadowHammer,” used authentic Asus software certificates to install malware on at least 57,000 systems worldwide and passed undetected for months.
Security research firm Kaspersky Labs discovered the threat in January and notified Asus of the attack on January 31st and February 14th. Kaspersky said that Asus was “largely unresponsive.”
The media surge seems to have caught Asus’ attention. Earlier today, the Taiwanese OEM released a post stating that they have updated the Live Update Utility software to patch the security vulnerability used in Operation ShadowHammer. The fix is now included in version 3.6.8. Users can update the Live Update Utility by following the directions enumerated here.
Asus also released an online tool for users to check their system for any compromises. That tool can be found here.