В драйверах ASUS и GIGABYTE обнаружены серьезные уязвимости
Некоторые уязвимости по-прежнему остаются неисправленными.
В драйверах ASUS и GIGABYTE обнаружены уязвимости, позволяющие повысить свои привилегии на системе и выполнить произвольный код. В общей сложности исследователи выявили семь уязвимостей в пяти программных продуктах и написали для них эксплоиты. Некоторые уязвимости по-прежнему остаются неисправленными.
Два проблемных драйвера GLCKIo и Asusgio устанавливаются утилитой Aura Sync (версия 1.07.22 и более ранние) от ASUS. Содержащиеся в них уязвимости (CVE-2018-18537, CVE-2018-18536 и CVE-2018-18535) позволяют локально выполнить код.
Проблемы обнаружил специалист компании SecureAuth Диего Хуарес (Diego Juarez). Исследователь сообщил о них производителю, однако после выхода двух новых версий Aura Sync две уязвимости по-прежнему остаются неисправленными.
Драйверы GIGABYTE поставляются с материнскими платами и видеокартами под брендами GIGABYTE и AORUS. Обнаруженные в них уязвимости позволяют злоумышленнику повысить свои привилегии через приложения GIGABYTE App Center (версия 1.05.21 и более ранние), AORUS Graphics Engine (версия 1.33 и более ранние), XTREME Engine (версия 1.25 и более ранние) и OC Guru II (версия 2.08).
CVE-2018-19320: Позволяет атакующему получить полный контроль над системой.
CVE-2018-19322: Позволяет без привилегий осуществлять чтение/запись в произвольной виртуальной памяти.
CVE-2018-19323: Позволяет вызвать синий экран смерти.
CVE-2018-19321: Уязвимость повреждения памяти, позволяющая получить полный контроль над системой.
Специалисты SecureAuth связались с GIGABYTE, однако, по словам производителя, уязвимости в продуктах отсутствуют.
Sorry I didn’t follow your instructions, but I was confused. So, should I disable this drivers for now? Could you tell me how to do it? I don’t run any overclocking programs.
I didn’t reinstall my Windows for now, but I will if I have to.
Sadly, I don’t have MEMORY.DMP, but I already changed my paging file size, as dmccoy suggests.
To be honest, I am also wondered about this GLCKIO.SYS service. I don’t have any Asus software AFAIK. But I have LEDs on my motherboard, maybe that’s it? And you’re right about meaning in Polish.
I’m updating my Nvidia drivers as soon as there is newer version, but maybe I should clean reinstall them by deleting using DDU and install again?
Sorry again, but I’m worried about my PC and simply I’m not thinking clear. :/
I didn’t run memory or hard drive tests yet, but I will at this weekend, because I need to move my desk to disassembly PC and have access to RAM sticks.
I also didn’t try to clean boot but I definitely try, when there will be new errors. So far there weren’t (except when running driver verifier for first time).
I already changed settings about paging file and memory dump.
BC AdBot (Login to Remove)
Yes, we’ll wait for you to get the MEMORY.DMP file, now that you have a large enough pagefile.
It’s generally true that you (almost) always want to install/run the latest drivers for hardware. However, graphics card drivers are an exception. Especially with Nvidia, it’s a gamble. Sometimes, you get a driver version that’s very stable, other driver versions are a disaster. In other words, newer is not necessarily better for graphics drivers, and especially for Nvidia cards.
Yes, it’s a good idea to always use DDU in safe mode to uninstall driver and then reboot at least once and go back into normal boot. Otherwise, not all driver files are removed/uninstalled and Windows can try to load those driver files again instead of different driver files.
If I had to guess, I’d guess that GLCKIO2.SYS is used by more than one manufacturer for RGB control. I would uninstall/remove that, if possible.
You have a lot of «homework» to do. We’ll wait to hear back from you.
— Use this to collect and post information about your PC hardware, software and configuration (Whether or not you have crashing).
Just to be sure, should I test my memory with memtest86+, which cannot recognise my RAM properly (no DDR4 support)?
It should be safe to uninstall it via Revo Uninstaller. Is there no entry for it in Add or Remove Programs in Settings?
Yes, I just learned about that. I don’t know if Memtest86+ is the best tool here.
It looks like Passmark’s Memtest86 V6 or above is best for testing DDR4
I’d test using that.
— Use this to collect and post information about your PC hardware, software and configuration (Whether or not you have crashing).
I already tested my RAM with Memtest86 V8 and there were errors only during hammer test, I wrote about it before. But that’s a test involving both RAM sticks at a time, I will test single sticks probably on Saturday.
Meanwhile, no BSoDs.
It’s hard for me to tell without doing a lot of reading, but it seems that some people do get errors in the Rowhammer part of the tests, even though their RAM is working well. How serious this is, I don’t know. Running Memtest on each stick is a good idea. Keep us posted.
— Use this to collect and post information about your PC hardware, software and configuration (Whether or not you have crashing).
OK! More research and: This GLCKIO2 is definitely connected with RGBFusion. Error about this service happened for first time when I uninstalled this software. From them it happens every time I boots the PC.
Which error started when you uninstalled it? If there’s some remnants left, like a service, we can probably forcefully but safely uninstall those too.
— Use this to collect and post information about your PC hardware, software and configuration (Whether or not you have crashing).
Did you see if there’s an uninstaller in Add or Remove Programs for the RGB app?
This page includes info. showing a list of files which should be on your drive for Aura (assuming it’s Aura you’ve got for your RGB software).
Do NOT use their tool, but tell me if you can see those files listed on that page.
If so, we’ll know it’s Aura.
— Use this to collect and post information about your PC hardware, software and configuration (Whether or not you have crashing).
There isn’t, that’s why I have an idea about installing once again this software and uninstalling with Revo to be sure there’s nothing left.
I’ll check later, I’m not near my PC right now.
EDIT: Sorry, I just noticed that you mentioned above that GLCKIO2.SYS is related to the GB Rgbfusion program. Is there an uninstaller for that?
If so, I think you should try installing it again, so it can be thoroughly uninstalled.
However, if it has an installer, it should also be available under Add or Remove program in Windows. That’s Microsoft’s programming convention. If not, they’re violating the conventions. But then again, that’s not unusual. I can’t remember, but I seem to recall with Windows 7/8/10, MS eventually found a way to enforce that convention, so if a program didn’t have a proper uninstall routine, MS wouldn’t allow it to install in the first place. Maybe I’m dreaming.
— Use this to collect and post information about your PC hardware, software and configuration (Whether or not you have crashing).
Do you have any idea why we are seeing Windows installs with such tiny pagefile sizes configured? I assume those were preconfigured by Windows, and not the users, but why so tiny?
Yes. during the average Windows installation, Windows does pre-allocate a page file.
It used to be that the page file allocation size had to be equal in size to installed physical RAM +
200 MB. If not, then the system was incapable of producing memory dumps. This is because memory dumps are written to the page file.
Beginning with Windows 8, I believe, Windows now allows a much smaller page file to be allocated and it is a variable size, so that when a BSOD or an APPcrash occurs, the system can increase the size of the page file and write the dump to it.
4 GB RAM for x64 became the norm for Vista and Windows 7 for many, but when Windows 8, then 8.1, then 10 came out, people were outfitting their systems with 12, 16, 32 and even 64GB of RAM. This change coincided with the ever-increasing popularity of the then-new SSDs. Many were trying to get by with 128 GB or 256 GB SSD size, only to find a huge chunk was pre-allocated for the page file and therefore caused people to run extremely low or to run out of hard disk space. For many, the answer was to cut-down/delete the page file.
I remember an OP that had a dual-quad core system with 128 GB RAM and a nearly 200 GB page file. This was under Windows 7 and I just could not believe what I was seeing. There is very little chance that any of the 200 GB page file would ever be used except in the event of a BSOD. Some apps like Notepad and SysInternal’s Process Monitor do write directly to the page file, but these are the exceptions, not the norm. If you run Notepad and have no page file, a temporary one will be created.
My page file was allocated during initial system boot-up on 12-20-2013 with a base allocation size of 8576 MB (
8.6 GB). I currently am using 2768 MB (
2.8 GB) of virtual memory (due to many open Notepads); my peak virtual memory usage since last re-boot was 7992 MB (
8 GB). Current RAM usage = 10.4 GB/ 12 GB installed physical RAM (obtained from Process Explorer).
Anyway, that is my theory on why we have seen dramatically reduced page files beginning with Windows 8.
The Hibernation File (c:\hiberfil.sys) has been trimmed too. Instead of it being equal to the amount of physical RAM, it now is about 75% in size of total physical RAM.
Question glckio2 service failed to start
kubabir
Prominent
So i had problems with my computer crashing on startup (it would start up and go into bluescreen than restart itself 2-4 times) so i formated the drives. I installed new windows 10 and now i have a different problem. It doesn’t crash on startup however it does so when idle or using the browser. It goes into bluescreen and the sound buggs (a loud soung keeps playing untill it restarts).
irql not less or equal is the most popular error message. but i also had «System thread exception not handled» with problem source «dxgkrnl.sys» when i go into the event viewer it says «The GLCKIO2 service failed to start due to the following error: The system cannot find the file specified.»
I checked my ram with memtest86 and the windows 10 tool and it showed no errors
I tried clean boot and the same thing happened.
Nothing is overclocked
I should probably add that couple of days ago it would happen once a day but today i have been using my pc for 2 hours and it crashed like 10 times already (even on clean boot)
I have read that glckio2 is related to aorus software. I had the osd sidekick instaled and it installs rgb fusion automaticly (i have aorus monitor) but i uninstalled both of them (also tried to do so with uninstallation program. I have used CCleaner to clean registry.
I have my system and programs one the ssd and the harddrive is only for games
What is GLCKIO2?
GLCKIO2.sys is a Windows driver. A driver is a small software program that allows your computer to communicate with hardware or connected devices. This means that a driver has direct access to the internals of the operating system, hardware etc. The free file information forum can help you determine if GLCKIO2.sys is a Windows system file or if it belongs to an application that you can trust.
GLCKIO2.sys file information
The process known as GLCKIO2 belongs to software RGB Fusion by ASUSTeK Computer (www.asus.com).
Description: GLCKIO2.sys is not essential for the Windows OS and causes relatively few problems. The file GLCKIO2.sys is located in a subfolder of «C:\Program Files (x86)» (for instance C:\Program Files (x86)\GIGABYTE\RGBFusion\). The file size on Windows 10/8/7/XP is 19,392 bytes. 
The driver can be started or stopped from Services in the Control Panel or by other programs. There is no information about the author of the file. There is no detailed description of this service. The file is certified by a trustworthy company. The program has no visible window. The file is not a Windows core file. GLCKIO2.sys appears to be a compressed file. Therefore the technical security rating is 46% dangerous.
Important: Some malware camouflages itself as GLCKIO2.sys. Therefore, you should check the GLCKIO2.sys process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer’s security. This was one of the Top Download Picks of The Washington Post and PC World.
Score
User Comments
One user thinks GLCKIO2.sys is essential for Windows or an installed application.
Best practices for resolving GLCKIO2 issues
A clean and tidy computer is the key requirement for avoiding problems with GLCKIO2. This means running a scan for malware, cleaning your hard drive using 1 cleanmgr and 2 sfc /scannow, 3 uninstalling programs that you no longer need, checking for Autostart programs (using 4 msconfig) and enabling Windows’ 5 Automatic Update. Always remember to perform periodic backups, or at least to set restore points.
Should you experience an actual problem, try to recall the last thing you did, or the last thing you installed before the problem appeared for the first time. Use the 6 resmon command to identify the processes that are causing your problem. Even for serious problems, rather than reinstalling Windows, you are better off repairing of your installation or, for Windows 8 and later versions, executing the 7 DISM.exe /Online /Cleanup-image /Restorehealth command. This allows you to repair the operating system without losing data.
To help you analyze the GLCKIO2.sys process on your computer, the following programs have proven to be helpful: A Security Task Manager displays all running Windows tasks, including embedded hidden processes, such as keyboard and browser monitoring or Autostart entries. A unique security risk rating indicates the likelihood of the process being potential spyware, malware or a Trojan. B Malwarebytes Anti-Malware detects and removes sleeping spyware, adware, Trojans, keyloggers, malware and trackers from your hard drive.
Publishers
A way to uninstall RGB Fusion from your system
The following executable files are incorporated in RGB Fusion. They take 8.22 MB ( 8624008 bytes) on disk.
This info is about RGB Fusion version 3.18.0919.1 alone. You can find below info on other releases of RGB Fusion:
A way to erase RGB Fusion from your computer using Advanced Uninstaller PRO
RGB Fusion is an application offered by GIGABYTE. Sometimes, people try to erase this program. Sometimes this can be difficult because performing this by hand takes some know-how related to PCs. One of the best EASY way to erase RGB Fusion is to use Advanced Uninstaller PRO. Here is how to do this:
1. If you don’t have Advanced Uninstaller PRO on your Windows PC, add it. This is good because Advanced Uninstaller PRO is a very potent uninstaller and all around utility to take care of your Windows PC.
3. Click on the General Tools button
4. Press the Uninstall Programs feature
5. A list of the programs installed on your computer will be made available to you
6. Scroll the list of programs until you locate RGB Fusion or simply click the Search field and type in «RGB Fusion». The RGB Fusion app will be found automatically. Notice that when you select RGB Fusion in the list of applications, the following data regarding the program is made available to you:
8. After removing RGB Fusion, Advanced Uninstaller PRO will ask you to run an additional cleanup. Click Next to perform the cleanup. All the items that belong RGB Fusion which have been left behind will be found and you will be asked if you want to delete them. By removing RGB Fusion using Advanced Uninstaller PRO, you can be sure that no Windows registry entries, files or folders are left behind on your system.
Your Windows computer will remain clean, speedy and ready to serve you properly.
Disclaimer
The text above is not a piece of advice to uninstall RGB Fusion by GIGABYTE from your computer, nor are we saying that RGB Fusion by GIGABYTE is not a good application for your PC. This text simply contains detailed info on how to uninstall RGB Fusion supposing you want to. The information above contains registry and disk entries that Advanced Uninstaller PRO stumbled upon and classified as «leftovers» on other users’ computers.
2018-09-20 / Written by Andreea Kartman for Advanced Uninstaller PRO
