Asus releases patch to fix Operation ShadowHammer vulnerability in Live Update Utility

In response to the massive media attention around Operation ShadowHammer yesterday, Asus has released a fix for the affected software (Asus Live Update Utility) to patch the security holes used in the attack. The company also released a tool that allows users to check their systems for any traces of the malware. Links to both the online tool and instructions on updating the Live Update Utility are included below.

Sam Medley, Published 03/26/2019

In response to the media firestorm concerning Operation ShadowHammer, a major attack affecting tens of thousands of users, Asus has released a patch to fix a security flaw in their Live Update Utility software.

Several media outlets (including Notebookcheck) reported on a large-scale attack carried out by an advanced persistent threat (APT) that targeted Asus-made computers. The attack, named “Operation ShadowHammer,” used authentic Asus software certificates to install malware on at least 57,000 systems worldwide and passed undetected for months.

Security research firm Kaspersky Labs discovered the threat in January and notified Asus of the attack on January 31st and February 14th. Kaspersky said that Asus was “largely unresponsive.”

The media surge seems to have caught Asus’ attention. Earlier today, the Taiwanese OEM released a post stating that they have updated the Live Update Utility software to patch the security vulnerability used in Operation ShadowHammer. The fix is now included in version 3.6.8. Users can update the Live Update Utility by following the directions enumerated here.

Asus also released an online tool for users to check their system for any compromises. That tool can be found here.

Source(s)

Asus

If any of these app icons are on your iPhone or iPad, uninstall them immediately. (Image via Wandera)

Trojan malware found in 17 apps on Apple App Store 10/25/2019

The older 0-day exploit allows hackers to gain full control of the affected smartphone through pieces of code hidden in an untrusted app. (Source: Portal GDA)

Older zero-day Android exploit still affects Google Pixel, Samsung Galaxy and other handhelds 10/04/2019

PC-Doctor Tool For Windows is also believed to be vulnerable to cyber attacks. (Image source: Lifewire)

Cybersecurity company finds worrying vulnerability affecting millions of Dell laptops and desktops 06/22/2019

Dell has really dropped the ball here. (Image source: Dell)

Dell laptops confirmed to be affected by serious SupportAssist security flaw 05/03/2019

Six Android apps on Google's Play Store found to secretively harvest data from users 04/27/2019

Hero to villain: Security researcher responsible for stopping WannaCry pleads guilty to malicious hacking charges 04/23/2019

Purism partners with Private Internet Access to develop a tracker-free VPN for PureOS and Librem 5 smartphone 04/04/2019

The new ASUS ROG Swift PG349Q. (Source: ASUS)

The latest ASUS ROG ultra-wide gaming monitor is overclockable to 120Hz 04/04/2019

Operation ShadowHammer: Tens of thousands of computers had a security backdoor installed via Asus' Live Update Utility 03/25/2019

Users are complaining of PBO issues in the latest AGESA firmware on AMD 400-series motherboards. (Source: Amazon)

Latest AGESA firmware can brick Precision Boost Overdrive on AMD 400-series motherboards 03/24/2019

In plain sight: Hundreds of millions of Facebook user passwords were stored in plain text 03/21/2019

Hilsenteger with his S10+, a Pixel 3 and the video that apparently hacked Face Unlock. (Source: YouTube)

Face Unlock fails again? YouTuber highlights a possible flaw in Galaxy S10+ security 03/09/2019

Ghidra, the NSA's homegrown decompiler tool, is now open source 03/06/2019

Expensive Windows 7 support: In 2022, Microsoft will charge US$200 02/07/2019

The US DoJ may move to extradite a detained Huawei official soon. (Source: Wikipedia)

US Justice Department reportedly ready to request Huawei CFO's extradition from Canada 01/23/2019

The new Librem 15 is packing a 4K display. (Source: Purism)

Purism updates the Librem laptop line with gen 7 Intel ULV CPUs 01/15/2019

At least 20 popular Android apps are still sending user data to Facebook without consent, study finds

Huawei and ZTE could be facing further commercial bans in the US. (Source: Pocket Now)

Potential executive order could ban US companies from using Huawei or ZTE hardware 12/28/2018

Apparently, these models would not need much work to be able to unlock the Androids of their human counterparts. (Source: Wikimedia Commons)

A 3D-printed head created for news report could fool Android's Face Unlock, but not Apple's Face ID 12/19/2018

"123456" and "password" are officially 2018's worst passwords 12/16/2018

Facebook has admitted to yet another form of data breach. (Source: Picryl)

Facebook discloses info on "bug" that allowed apps access to 6.8 million users' non-posted photos 12/14/2018

The Starwood hackers used the same cloud hosting service that previous Chinese hackers had used. (Source: TechSpot)

Chinese hackers believed to be behind massive Marriott data breach 12/12/2018

The reported tiny Chinese spy chip in question was smaller than a pencil tip. (Source: Debuglies via Bloomberg)

No Chinese spy chips found in Supermicro internal investigation 12/11/2018

Loading Comments

Comment on this article

Show your Fortnite and Apex Legends...

Meet Huawei's latest accessories: t...

Sam Medley - Senior Tech Writer - 1345 articles published on Notebookcheck since 2016

I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 03 > Asus releases patch to fix Operation ShadowHammer vulnerability in Live Update Utility

Sam Medley, 2019-03-26 (Update: 2019-03-26)

Asus releases patch to fix Operation ShadowHammer vulnerability in Live Update Utility

Source(s)

Related Articles