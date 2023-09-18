major security vulnerability in MSI Afterburner

d3athf1sh

d3athf1sh

[H]ard|Gawd
Joined
Dec 16, 2015
Messages
1,111
So i noticed the version of afterburner i had installed was no longer applying the voltage tweak to my card, so i installed the latest version which tripped my virus program (ESET nod32) so after a little digging found out there's a big security hole that's been used for ransomware attacks that was discovered all the way back in 2019 and has never been patched. here's some info:

BlackByte ransomware abuses legit driver to disable security products​

The BlackByte ransomware gang is using a new technique that researchers are calling "Bring Your Own Driver," which enables bypassing protections by disabling more than 1,000 drivers used by various security solutions.
Recent attacks attributed to this group involved a version of the MSI Afterburner RTCore64.sys driver, which is vulnerable to a privilege escalation and code execution flaw tracked as CVE-2019-16098.

full article and more info here:
https://www.bleepingcomputer.com/ne...es-legit-driver-to-disable-security-products/
https://nvd.nist.gov/vuln/detail/CVE-2019-16098

**and in case anyone was wondering, i guess it's nvidia that has some how disabled voltage control with their newer drivers because I updated my graphics driver for the first time in a probably a year or more to get better performance with Baldurs Gate 3 (which worked) and voltage control always worked before that.
 
vegeta535 said:
I believe Afterburner is not being updated anymore?
Click to expand...
no it is. there was a point where they thought it wasn't going to be earlier this year because the russian guy that was doing it got his funding cut, but i guess they worked out a deal and version 4.6.5 came out a few weeks later. which was in April of this year.
 
im not seeing how you know its still affected, your info is old.

remove afterburner, run ddu, reinstall video drivers, reinstall AB.
 
Umm... I am pretty sure this is just not the case... The only thing I could find was for version 4.6.2

https://nvd.nist.gov/vuln/detail/CVE-2019-16098#VulnChangeHistorySection

Current version is 4.6.5 and microsoft defender found no issues with this download...

I have read that if you dl afterburn from other sites (malicious) you may get a compromised version but downloading it directly from MSI seems to be Fine...
 
You must log in or register to reply here.
Back
Top