A critical security vulnerability has been uncovered within MSI Center, affecting versions 2.0.36.0 and earlier, presenting a significant risk of privilege escalation on Windows operating systems. Tracked under CVE-2024-37726, the vulnerability arises due to insecure file operations performed by MSI Center, which operates with NT AUTHORITY\SYSTEM privileges. This fundamental flaw allows low-privileged users to exploit file manipulation mechanisms, thereby gaining unauthorized access to critical system components. Such exploitation can lead to the illicit modification, deletion, or takeover of essential files, potentially compromising system stability and security.
The vulnerability’s exploitation involves a systematic process where a low-privileged user first establishes an OpLock on a file. Subsequently, leveraging MSI Center’s “Export System Info” function triggers a file write operation. During this operation, the user manipulates file movements by relocating the original file and establishing a junction point to a target file location. This strategic maneuvering enables the MSI Center application to execute file operations with elevated privileges, inadvertently granting the attacker systemic control over critical system files.
In response to the identified security risk, MSI promptly released version 2.0.38.0 of MSI Center on July 3, 2024, which addresses the identified vulnerability. Users are strongly advised to update their installations to this latest version to mitigate potential exploitation and fortify system defenses against unauthorized privilege escalation attempts. This incident underscores the crucial importance of proactive software updates and robust cybersecurity practices in safeguarding against evolving threats targeting software vulnerabilities.There is a critical need for organizations and individual users to maintain stringent security protocols, including regular software updates, vulnerability assessments, and adherence to best practices in access control.
Reference:
