← All drivers
vulnerable
Driver

bs_def64.sys

ASUS BIOS flash utility driver

From ASUSTeK Computer
Status
On a known-vulnerable list
Known variants
3 distinct hashes
Field notes

bs_def64.sys is a legacy kernel driver from ASUSTeK Computer, described in its metadata as a "Default BIOS Flash Driver." It dates to 2006-2007 and was signed with an expired VeriSign certificate. The driver exposes physical memory access for the low-level operations a firmware update requires.

It is on the public LOLDrivers list and in the physmem_drivers research collection for that physical memory surface. If you find it on a modern system, it likely came from a very old ASUS BIOS utility. Remove it and use the current ASUS firmware tools instead.

What the record shows

bs_def64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 3 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “bs_def64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/bs-def64-sys