[German]A quick note for Windows users who have the MSI Center from Micro-Star International installed on their system. There is a Local Privilege Escalation vulnerability CVE-2024-37726 in this software that allows an attacker to gain system privileges. Versions <= 2.0.36.0 are affected – anyone using this software on their system should therefore update to be on the safe side.
Advertising
What is MSI Center?
The MSI Center is the latest management software for motherboards from MSI and was developed for the MSI gaming series to offer gamers and other users optimized performance and efficiency.
MSI Center, Click to zoom
Users can download and manage the features they need via the MSI Center. MSI has published a description on this website.
Vulnerability CVE-2024-37726
In the MSI Center versions up to 2.0.36.0, however, there is a local privilege escalation vulnerability CVE-2024-37726, which allows a user with standard privileges to take over the system privileges available to the program. I came across this issue via the following tweet, which the colleagues from Security Online describe here.
Advertising
Carson Chan has published the details on GitHub. The vulnerability can be exploited by a user with low privileges by creating a directory and OpLocking a file in that directory. The user can then use the "Export system info" function in MSI Center to trigger a file write operation for the OpLocked file.
While the OpLock function is active, the user can move the original file and then create a junction (symlink link) to a target file. This allows the MSI Center to overwrite or delete the target file (linked by junction) with SYSTEM privileges. The discoverer of the vulnerability describes the procedure for exploiting the vulnerability in his GitHub post.
Successful exploitation of this vulnerability allows a user with low privileges to arbitrarily overwrite or delete critical system files, leading to possible privilege escalation. This could lead to a complete compromise of the system. MSI has released a new version (2.0.38.0) of the MSI Center on 3.7.2024, which fixes the vulnerability.
