Monday, April 15th 2019

ASUS Updates Security Certificates of Motherboards, Graphics Cards, Mini PCs, Workstations and Servers

ASUS is releasing this advisory to provide information related to the new implementation of a tiered certificate structure that upgrades the security infrastructure of our expanding software ecosystem. The upgrade requires the current code-signing certificate of several ASUS products to be revoked. This revocation can cause some existing software utilities to trigger a Windows Security dialog box, and may prevent legitimate ASUS programs, such as Aura, AI Suite III, GPU Tweak II and others, from running normally when users attempt to execute the associated 'Setup.exe' or 'AsusSetup.exe' file.

The new versions of each ASUS software update, code-signed with a new digital certificate are now available for download at the link provided below. Once the latest version of the respective software is downloaded, the relevant program can be installed and run normally. Further information can be found in the Advisory FAQ section below. Users who have any inquiries or concerns are welcome to contact ASUS Customer Service. ASUS apologizes for any inconvenience caused by this update.

Updated Software List
Download links for each software program can be found here.

Advisory FAQ
What is a code-signing certificate?

Many companies, including ASUS, use electronic certificates to digitally 'sign' software code. These unique signatures provide users with an assurance that the code is legitimate, and has not been modified since being signed by the developer.

For more information, please follow the link below: https://www.digicert.com/blog/ms-smartscreen-application-reputation/
Is my current ASUS software safe to use?

Yes. All previously released ASUS software obtained from official sources, such as the official ASUS support website, ASUS Q-Installer, ASUS Armoury Crate, or an ASUS support CD, is safe and does not contain any malicious code. However, to account for the growth of our software ecosystem, we have implemented a new certificate infrastructure that requires a software update. Please use the links above to download the latest software for your system.


How does this affect me as a user?
You may encounter one of four different scenarios:
Scenario 1: ASUS software (such as Aura, AI Suite III, GPU Tweak II etc.)

Because the aforementioned software operates at the driver and service level, Windows may perform regular checks on the validity of the certificate when trying to run the program normally. Once the certificate has been revoked, Windows may prevent you from running the program altogether. In this case, you will need to download the newest code-signed version from the support page link listed above.


Scenario 2: Third-party drivers and software packed with ASUS products
The source code for third-party drivers and software are not produced by ASUS. As such, they will be code-signed by the third-party provider, and therefore are not affected by the revocation of the ASUS certificate. If you have existing drivers installed, you can continue to use them safely.
However, if you are trying to install third-party drivers or software from an ASUS support CD then you may still encounter a warning dialog. This is because the ASUS support CD provides a setup file called 'AsusSetup.exe' that may act as a shortcut to a 'Setup.exe' file created by a third-party provider. Because 'AsusSetup.exe' is code-signed by ASUS, you may encounter a warning message preventing you from proceeding with installation.
To proceed, either download the latest code-signed drivers from the support page link listed above or directly execute the third-party provider's 'Setup.exe' file - as this will bypass the ASUS installation program - 'AsusSetup.exe'.


Scenario 3: Running an ASUS support CD
Windows may prevent you from running an ASUS support CD normally. Please use the links provided in this advisory notice to download the latest versions of the appropriate program files for your ASUS product.


Scenario 4: Starting (booting) your PC
this question is dedicated for motherboards with Armoury Crate or Q-installer
After starting (booting) your PC for the first time, you may encounter a warning message preventing you from installing and running ASUS Armoury Crate. If this occurs you will need to update the BIOS to the latest version or disable this feature.
You can access the BIOS and disable this feature to prevent this message from continually popping up. To do this, first restart your PC, and then press the Delete (Del) or F2 key when prompted during the startup process. Now navigate to the 'Tools' tab and then select the 'ASUS Armoury Crate' category. Then choose the 'Disable the Download & Install ARMOURY CRATE app' option. To save these changes and restart the system, press the F10 key, then press Y when prompted. Alternatively, navigate to the 'Save and Exit' option within the BIOS menu, press the Enter key, then press Y to save changes and restart.


How do I uninstall previous versions of Aura, AI Suite III, and LiveDash?
Windows may prevent you from uninstalling the related software due to the revoked certificates. In order to uninstall these programs, you will first have to disable Microsoft's User Account Control (UAC):
  • Type UAC in the search field of the Windows taskbar. (If the search field isn't visible, for Windows 10, right-click the Start button and choose Search; for Windows 7, left-click the Start button and choose Search)
  • Click 'Change User Account Control settings' in the search results.
  • To turn UAC off, drag the slider down to 'Never notify' and then click 'OK'.
  • You may be prompted to confirm your selection or enter an administrator password.
  • Reboot your computer for the change to take effect.
After disabling UAC, you can proceed with uninstallation. Remember to reset UAC settings to the previous level after the uninstallation completes.
Add your own comment

12 Comments on ASUS Updates Security Certificates of Motherboards, Graphics Cards, Mini PCs, Workstations and Servers

#1
TheLostSwede
Ah yes, all the bloatware I never installed in the first place anyhow.
At least they fixed it, for now...
Posted on Reply
#2
PrEzi
TheLostSwede said:
Ah yes, all the bloatware I never installed in the first place anyhow.
At least they fixed it, for now...
You know that ASUS also includes some payload already pre-integrated in the UEFI right?
Even after a clean install it gets installed (one exception is if you use Linux only).
Posted on Reply
#3
kastriot
Too complicated my head hurts! :P
Posted on Reply
#4
TheLostSwede
PrEzi said:
You know that ASUS also includes some payload already pre-integrated in the UEFI right?
Even after a clean install it gets installed (one exception is if you use Linux only).
Nope, not on my board, I don't have any Asus software running. Maybe I'm just lucky?
Posted on Reply
#5
silentbogo
kastriot said:
Too complicated my head hurts! :p
+1 toomanyletterz

PrEzi said:
one exception is if you use Linux only
Or if you are running anything but their Z390 boards, or if you have a CSM windows install.
Posted on Reply
#6
FreedomEclipse
~Technological Technocrat~
Can't certificates get overwritten by malicious code anyway? Updating it might stop it this time around unless there's some serious encryption going on
Posted on Reply
#7
R-T-B
FreedomEclipse said:
Can't certificates get overwritten by malicious code anyway? Updating it might stop it this time around unless there's some serious encryption going on
Overwriting the certificates wouldn't do anything for malware writers. They'd need ASUS's private keys...

Which aparently, were already leaked once, or they would not be revoking their old cert.
Posted on Reply
#8
PrEzi
silentbogo said:
+1 toomanyletterz


Or if you are running anything but their Z390 boards, or if you have a CSM windows install.
True to the first part, but who installs Windows in BIOS/Legacy/CSM mode these days... Faster boot FTW ! ;-)
Posted on Reply
#9
SoNic67
Not all devices can boot in Fastboot. RAID cards, some video cards (ATI)...

I am using GPU Tweak II.
Posted on Reply
#10
Shihabyooo
btarunr said:
Is my current ASUS software safe to use?
Yes. All previously released ASUS software obtained from official sources, such as the official ASUS support website, ASUS Q-Installer, ASUS Armoury Crate, or an ASUS support CD, is safe and does not contain any malicious code. However, to account for the growth of our software ecosystem, we have implemented a new certificate infrastructure that requires a software update.
I wonder if I'll ever read a marketing statement that isn't utter bs.
And heck, isn't this technically a lie? Supply chain attack means the official repos ARE the the source of malicious code! And if you were responcible enough to plug the hole (which is more that can be said than many other hardware vendors), why lie about the patch? :shadedshu:
Posted on Reply
#11
silentbogo
PrEzi said:
True to the first part, but who installs Windows in BIOS/Legacy/CSM mode these days... Faster boot FTW ! ;-)
Legacy mode is good for avoiding software/hardware issues, like the old-good bug with windows 10 getting stuck in S mode on 1809 or older versions on clean install (I believe MS fixed it last year), or GPU driver issues on some older non-UEFI cards.
Posted on Reply
#12
Vayra86
'Here, read this wall of text and jump through seven hoops to keep using our bloatware safely'

No, thanks.
Posted on Reply
Add your own comment