Pan32

If you had taken the time to read the thread, you would've seen the CVE report from October 2017 of this vunerability. Vanguard simply gave the wake up call for it, because this has been known for 2 and a half years, so he's correct in saying what he's saying.

The issue was never fully corrected. From https://github.com/shareef12/cpuz: As of version 1.81, the driver provided with CPU-Z has been patched to limit the set of callers that can open its device object and some IOCTL implementations have been removed. On requests to open the driver's device object, it will check to see if the current process has the SeLoadDriverPrivilege enabled. If this privilige is missing or disabled, the driver will reject the request with STATUS_ACCESS_DENIED. Note that when running as an Administrator, it is trivial to enable this privilege from usermode. Furthermore, the IOCTL to read control registers has been removed (although the physical memory read/write implementations remain). Without the ability to read the page table base from cr3, the exploitation method in this project is no longer feasible. Note that the CPU-Z driver provides numerous other IOCTLs that could be used for exploitation, such as reading from and writing to arbitrary model-specific registers. Seems like the correct way foward is to just not rely on this specific driver.

The reason iCUE (and NZXT CAM and some others) are getting hit is because they're using a cpuz driver from 2008 which has a vulnerability that allows escalation of priviledges and information disclosure that was reported in October of 2017. Link for those interested. This is definitely a fix that has to come from Corsair, iCUE should not be running a Kernel Driver from the last decade with vulnerabilitiesthat are known for 2 years. It's also rather ironic that this anticheat, which has been critisized quite a bit lately (and in part, for good reason) is the one that actually points out that we have a security hole like this.