Hi,
On update of Armoury Crate / GamerFirst and specifically after adjusting the FanXpert 4 inside the app;  After a reboot was requested and upon restart Windows Defender notification alerts as follows:

Threat Level: Severe
Detected:  VulnerableDriver:WinNT/Winring0.G
Affected items: C:\ProgramData\ASUS\GameFirst\hd.sys

Basically, the way in which Asus App controls the Fans via a nice UI is to hook into the OS at the kernel to inject their method for fan controls.

From Windows OS perspective this is correctly indicating to the user/Admin this sub-stub process injected directly into the kernel "Ring 0" if left to continue, nullifies the entire OS Security Posture. Secure Boot/TPM systems are all undermined.

If a payload is introduced upstream of ASUS GamerFirst builds or a vulnerability discovered inside any of the Dependency chain, it would have privileged root access, I assume this would make for a potential easy target for RedTeams. Furthermore, Windows is no longer the single source of truth for root code running on its machines at the kernel level..

Either way its bad.. ASUS needs to fix this Pronto
Solution:
Start by asking (Paying 😃 MS to validate their drivers, have them certified as WHQL and include in their next round of hotfixes.. Alternatively, Asus need to move the affected module out of their NodeJS based Electrum Armoury Crate App and into the Windows Store for the afflicted FanXpert module. the other stuff can remain inside the NodeJS app.