• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

CPUID Exploited

mysticsniper

mysticsniper

mysticsniper

Soldato
Joined
1 May 2003
Posts
11,196
Anyone noticed that there is an ongoing exploit for CPUID (CPU-Z), all versions up to V1.81?

I was quite surprised how many 3rd party applications/tools are using this as part of their CPU monitoring tools.

https://www.cvedetails.com/cve/CVE-2017-15302/

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behaviour (for ACPI scan functionality); the security issue is the lack of an ACL.
Click to expand...

Exploit: https://github.com/shareef12/cpuz

If affects all Windows OS from Win XP - to Win 10 v1609 which I think is the equivalent to Windows server 2016.

For example Corsair iCUE uses CPUID version 1.50 which is affected. Users need to stop this corsair service in services.msc to remove cpuz150_x64.sys from the temp folder.

:)
 
Good find, hopefully it will be patched in future releases as well as those manufactures like Corsair who also use the software.
 
dannywaugh1 said:
Good find, hopefully it will be patched in future releases as well as those manufactures like Corsair who also use the software.
Click to expand...

The latest version 1.95, which everyone should be using, as well as making sure to install the latest OS updates. ;)

Corsair are aware, although no updates yet. I'm sure there are more companies unaware that they are using an exploited version.
 
Last edited:
mysticsniper said:
Anyone noticed that there is an ongoing exploit for CPUID (CPU-Z), all versions up to V1.81?

I was quite surprised how many 3rd party applications/tools are using this as part of their CPU monitoring tools.

https://www.cvedetails.com/cve/CVE-2017-15302/



Exploit: https://github.com/shareef12/cpuz

If affects all Windows OS from Win XP - to Win 10 v1609 which I think is the equivalent to Windows server 2016.

For example Corsair iCUE uses CPUID version 1.50 which is affected. Users need to stop this corsair service in services.msc to remove cpuz150_x64.sys from the temp folder.

:)
Click to expand...

Good info thanks for posting :)

For example Corsair iCUE uses CPUID version 1.50 which is affected. Users need to stop this corsair service in services.msc to remove cpuz150_x64.sys from the temp folder.
Click to expand...

The problem is when you restart iQUE it puts the cpuz150_x64.sys right back again.

The only way to stop it is to uninstall iCUE, then remove the folder and never use iCUE again, if like me you have a K70 Keyboard or anyother RGB Keyboard from Corsair you can't set any custom keybinds or colour.
 
humbug said:
Good info thanks for posting :)



The problem is when you restart iQUE it puts the cpuz150_x64.sys right back again.

The only way to stop it is to uninstall iCUE, then remove the folder and never use iCUE again, if like me you have a K70 Keyboard or anyother RGB Keyboard from Corsair you can't set any custom keybinds or colour.
Click to expand...

Wait i figured it out....

In task manager click on the services tab, click on open services, find services.msc, click on properties, in start up type set disabled, in service status click stop, in the temp folder the cpuz150 should disappear, if not delete it.

3dutnqd.png


5Aq1Kz2.png
 
Was software/programmers/testers ever as this bad in the 2000s or did people get smarter at exploiting? In the 00s I don't ever remember the amount of exploits that you see today.
 
It's always been here, for example Microsoft have never released a completed software version of anything ever!

However the way the internet has evolved and how the threat landscape has changed, its been brought to the forefront more through media etc..

Plus there is a lot of money in bug bounties, finding exploits and vulnerabilities ;)
 
humbug said:
Good info thanks for posting :)



The problem is when you restart iQUE it puts the cpuz150_x64.sys right back again.

The only way to stop it is to uninstall iCUE, then remove the folder and never use iCUE again, if like me you have a K70 Keyboard or anyother RGB Keyboard from Corsair you can't set any custom keybinds or colour.
Click to expand...

iCUE is a bloody nightmare, 250MB of memory usage and 3-5% cpu usage, ridiculous. I have the K70, something I learned is if you set a colour scheme, save, then unplug the keyboard and uninstall iCUE, the colour scheme stays saved on the memory. I doubt that works for keybinds though unfortunately :(.
 
Jarrod said:
iCUE is a bloody nightmare, 250MB of memory usage and 3-5% cpu usage, ridiculous. I have the K70, something I learned is if you set a colour scheme, save, then unplug the keyboard and uninstall iCUE, the colour scheme stays saved on the memory. I doubt that works for keybinds though unfortunately :(.
Click to expand...

I'll do that, i can live without the keybinds.

Thanks.
 
Jarrod said:
iCUE is a bloody nightmare, 250MB of memory usage and 3-5% cpu usage, ridiculous. I have the K70, something I learned is if you set a colour scheme, save, then unplug the keyboard and uninstall iCUE, the colour scheme stays saved on the memory. I doubt that works for keybinds though unfortunately :(.
Click to expand...

Same for their memory modules. Had to install it to switch off the RGB.

Is there anything else decent that doesn't require iCUE?
 
Nice! ^^

That's what has been really cheesing me off with this stuff. It's like game launchers for RGB for all this crap.

One of the biggest complaints about RGB is the software ecosystem surrounding it. Every manufacturer has their own app, their own brand, their own style. If you want to mix and match devices, you end up with a ton of conflicting, functionally identical apps competing for your background resources. On top of that, these apps are proprietary and Windows-only. Some even require online accounts. What if there was a way to control all of your RGB devices from a single app, on both Windows and Linux, without any nonsense? That is what OpenRGB sets out to achieve. One app to rule them all.
Click to expand...


I also don't understand why Corsair installs virtual mouse and keyboard entries when you don't own their peripherals. A lot of complaints I've read regarding that's messing with their hardware inputs.
 
Most motherboard bundled software is effectively spy ware, they all record your computer and internet use and pone it it home to their servers, that data is then sold in bulk.

And they will use your computers resources to do it, that's the worst thing about it, you pay £200 for a Motherboard, they force you to run their software to use the features you paid for, that software then steals your computers resources to profit from your personal data.

Its diabolical and there should be laws against it.
 
Razer Synapse 3 has to be amongst the worst for all the added needless garbage. I quite liked Synapse 2 back then. It was very minimal and basic but ever since I now prefer mice without software required. Even Steelseries for their Pro keyboards, you can control things from the hardware without having to install anything.

I despise these companies where you've to install 5+ programs to change a couple of simple things.
 
You must log in or register to reply here.
Back
Top Bottom