A serious security vulnerability has been discovered in the popular ASUS Armoury Crate software, leaving millions of Windows users at risk of having their administrator privileges compromised. This bug, if exploited, could give attackers full control over a victim’s system and all of their data.
The ASUS Armoury Crate software is a one-stop shop for ASUS hardware customization and performance tuning. It is commonly used by gamers and PC enthusiasts to optimize their systems for the best gaming experience. However, security researchers found that the software also comes with a critical flaw that hackers can exploit to elevate their privileges on a Windows system.
This vulnerability, tracked as CVE-2021-27670, works by taking advantage of a weak point in the Armoury Crate’s SecureUpdate component. This particular component is responsible for downloading and installing updates for the software and other ASUS applications. By using a specially crafted attack, an attacker can trick the SecureUpdate feature into executing arbitrary code with admin privileges, giving them complete control over the victim’s system.
Bad news! The Asus Armoury Crate app, which comes preinstalled on many of the company’s gaming desktops, laptops, and ROG Ally X gaming handhelds, includes a severe flaw that could give hackers full Windows admin rights. That means your PC is the hacker’s PC now.
The good news is, a fix is available. If you have Armoury Crate installed, simply head to Settings > Update Center > Check for Updates > Update.
Armoury Crate is Asus’ all-in-one app for PC control, adjusting RGB lighting, fan curves, performance profiles, and more. It can also manage your Asus peripherals and software updates.
Mark Hachman / Foundry
Armoury Crate is handy, but this security flaw makes it very handy for hackers too. Cataloged as CVE-2025-3464, the Armoury Crate vulnerability is rated 8.8 out of 10 on the severity scale.
You can find the full technical details over on BleepingComputer, but the gist is that Asus relied on hardcoded security verification for its apps. Hackers can exploit this to leap-frog into full low-level system access, which can then be used to completely pwn your operating system.
You’d only be vulnerable to this exploit if the attacker somehow managed to gain access to your PC already. That’s good, as it greatly reduces the odds of infection, but it also means any malware you pick up could then parlay that rogue access to launch this devastating Armoury Crate bug.
Bottom line? If you’re on an Asus gaming PC, go update your Armoury Crate app right now, then be sure to run a full antivirus scan afterwards. Hackers haven’t been spotted leveraging this exploit in the wild, but better to be safe than sorry.
