A critical local privilege escalation vulnerability has been identified in MSI Center versions 2.0.36.0 and earlier. Tracked as CVE-2024-37726, this flaw allows low-privileged users to gain elevated privileges on Windows systems. The issue arises from insecure file operations performed by MSI Center, which runs with NT AUTHORITY\SYSTEM privileges. By exploiting this vulnerability, an attacker can overwrite or delete critical system files, potentially leading to a full system compromise.
The exploitation process involves several steps. First, a low-privileged user creates a directory and sets an OpLock on a file within it. The user then triggers the “Export System Info” function in MSI Center, which performs a file write operation on the OpLocked file. During this operation, the user moves the original file and creates a junction to a target file, allowing MSI Center to overwrite or delete the target file with SYSTEM privileges. This manipulation can lead to significant system impacts, such as arbitrary file modifications and unauthorized program installations.
MSI Center versions 2.0.36.0 and earlier are affected by this vulnerability, while version 2.0.38.0, released on July 3, 2024, addresses the issue. Users are strongly advised to update to the latest version to mitigate the risk. The vulnerability underscores the importance of proper file system access controls and the dangers of applications running with elevated privileges. Organizations and users should prioritize updates and conduct security audits to prevent similar issues.
To verify if your MSI Center version is vulnerable, check the application version through the “About” section or by inspecting the executable file properties. If your version is 2.0.36.0 or earlier, update to version 2.0.38.0 or later. Until an update is available, consider uninstalling or disabling MSI Center as a temporary measure. Monitor MSI’s official channels for further security advisories and updates.
