EVGA Update all of your programs because they have vulnerability [FIXED with PX1 v 1.0.7] - EVGA Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
Back to Mobile

Mark Thread UnreadFlat Reading Mode ❐

EVGA Update all of your programs because they have vulnerability [FIXED with PX1 v 1.0.7]

Author Post Essentials Only Full Version
kacan22 iCX Member Total Posts : 307 Reward points : 0 Joined: 7/14/2017 Location: Europe Status: offline Ribbons : 2 Monday, May 04, 2020 2:19 AM (permalink) Hello, I want to report that FACEIT Anticheat and Riot Vanguard started blocking Precision X1, EVGA LEDSync and all other evga programs because they use WinRing0x64.sys This driver have vulnerability and can be used in cheating and other stuff. I only use FACEIT but it seems that RIOT Vanguard also banned that. It seems that Battleye and Easyanticheat will ban them aswell. I was reading that on reddit and all type of forums. So if we want to use EVGA programs we will need to stop playing MP games that use FACEIT AC, RIOT Vanguard, Battleye and EAC. When you start FACEIT AC you get error forbidden driver WinRing0x64.sys and you cant play games on faceit (csgo, pubg etc....) Posted: 25/03/2020 https://vuldb.com/?id.152265 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7240 Faceit Anticheat support message: Different versions of the same driver, which are even more exploitable than the one Throttlestop uses, we will not unblock these as they are a real security risk. You should contact the publisher of these software and tell them to fix their security issues if it's not fixed with the latest version. The WinRing0 driver that ThrottleStop uses has some other functions which are not safe, such as reading/writing to MSR without any kind of verification.It does not matter if ThrottleStop opens RwDrv for 1 millisecond or 10 seconds, this does not change anything to the fact this driver can be used for malicious purposes, and was actually used by the UEFI Rookit LoJax https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf I dont use this program but they use same driver but different versions (evga driver is from 2013) https://www.techpowerup.com/forums/threads/throttlestop-winring0x64-sys-vulnerability.266500/#post-4255357 They banned MSI Afterburner (msi fixed afterburner with last update), Throttlestop, Corsair programs, NZXT Cam etc.... (not programs but drivers they use). So your program wont work or it will but your system will be unstable. It would be cool if EVGA fix these drivers so we can use programs again while playing MP games. Problem will start when Battleye and EAC ban those drivers because tons of popular games use those anticheats. post edited by kacan22 - Monday, August 17, 2020 8:32 PM #1 7 Replies Related Threads
Sajin EVGA Forum Moderator Total Posts : 49227 Reward points : 0 Joined: 6/8/2010 Location: Texas, USA. Status: offline Ribbons : 199 Re: EVGA Update all of your programs becuase they have vulnerability. Monday, May 04, 2020 2:32 AM (permalink) https://www.evga.com/support/suggestions.asp See my current build here: https://forums.evga.com/My-bench-rig-unlimited-power-m3596024.aspx RTX 2080 Ti 4-way SLI?!?!: https://forums.evga.com/RTX-2080-Ti-4way-SLi-set-by-yours-truly-m2954756.aspx #2
kacan22 iCX Member Total Posts : 307 Reward points : 0 Joined: 7/14/2017 Location: Europe Status: offline Ribbons : 2 Re: EVGA Update all of your programs becuase they have vulnerability. Monday, May 04, 2020 2:39 AM (permalink) Sajin https://www.evga.com/support/suggestions.asp #3
kacan22 iCX Member Total Posts : 307 Reward points : 0 Joined: 7/14/2017 Location: Europe Status: offline Ribbons : 2 Re: EVGA Update all of your programs becuase they have vulnerability. Monday, May 04, 2020 11:18 PM (permalink) Reply from EVGA support: This would be due to the anti cheat software being to aggressive as it sees any LED software as a cheat in game for lighting. There is nothing we can do other than remove the feature as that would defeat the entire purpose of the software. You would need to contact the game developer due to the false positive from the any cheat software. Please let us know if you have any other questions or concerns in order to support you further. Regards, EVGA It wont be fixed. Well we will need to choose to play MP games or play only SP and have EVGA programs installed. #4
reinvented New Member Total Posts : 32 Reward points : 0 Joined: 5/22/2006 Status: offline Ribbons : 0 Re: EVGA Update all of your programs becuase they have vulnerability. Monday, May 04, 2020 11:58 PM (permalink) There's plenty of other programs that Riot's Vanguard blocks as well. Pretty much ANY monitoring tool, because it requests stuff from the sensors, etc. It even blocks iCUE from displaying anything in the dashboard, Core Temp from launching, etc. It's not necessarily a vulnerability, but as they said it's VERY aggressive. Looking to join some like-minded gamers? Join us on Discord! http://www.discord.gg/PHeYXrm #5
kacan22 iCX Member Total Posts : 307 Reward points : 0 Joined: 7/14/2017 Location: Europe Status: offline Ribbons : 2 Re: EVGA Update all of your programs becuase they have vulnerability. Wednesday, May 06, 2020 12:38 AM (permalink) reinvented There's plenty of other programs that Riot's Vanguard blocks as well. Pretty much ANY monitoring tool, because it requests stuff from the sensors, etc. It even blocks iCUE from displaying anything in the dashboard, Core Temp from launching, etc. It's not necessarily a vulnerability, but as they said it's VERY aggressive. Im not using RIOT Vanguard but FACEIT Anticheat. All those blocked programs used to work with FACEIT Anticheat. They updated anticheat database and added all those drivers that have vulnerability. EVGA Winring0x64.sys is from 2013 its even older from Throttlestop with less security holes (this program is project from random guys). If MSI and others are patching simillar drivers that have vulnerability why EVGA refuse to. MSI Afterburner last version is working normal, NZXT Cam program is getting their driver security holes patched soon (end of may). #6
BizSAR EGC Lead Admin / EVGA Forum Moderator Total Posts : 932 Reward points : 0 Joined: 7/13/2007 Location: Oregon, USA Status: offline Ribbons : 0 Re: EVGA Update all of your programs becuase they have vulnerability. Saturday, May 30, 2020 0:21 PM (permalink) Battleye has even been known to cause issues with Windows 10. I am running Precision X1 and have no issues in MP games. BizSAR EVGA 3090Ti FTW3 Ultra / ZOTAC 4070Ti Trinity OC - ASUS ROG PG279QM #7
kacan22 iCX Member Total Posts : 307 Reward points : 0 Joined: 7/14/2017 Location: Europe Status: offline Ribbons : 2 Re: EVGA Update all of your programs becuase they have vulnerability. Monday, August 17, 2020 7:17 PM (permalink) Just to report here. EVGA removed WinRing0x64.sys driver and created new ones. I tested both kernel anticheats (Vanguard and Faceit AC) they all work and Precision X1 work without single problem. WinRing0_1_2_0 driver file C:\Program Files\EVGA\WinRing0\WinRing0x64.sys https://posts.specterops.io/cve-2020-14979-local-privilege-escalation-in-evga-precisionx1-cf63c6b95896 PX1 1.0.7 fixed that #8

Jump to: