MSI Center Vulnerability Poses Risk to Filesystem Integrity

Apps & Games / MSI Center / Desktop / Windows / News MSI Center for Desktop Windows / MSI Center Vulnerability Poses Risk to Filesystem Integrity
07 Jul 2024

By exploiting a flaw in the way MSI Center handles permissions, a malicious actor can manipulate the filesystem and trick the software into overwriting or deleting critical files with elevated privileges. In this way, the attacker can take control of the system and perform any action, including installing malware, stealing sensitive data, or even executing arbitrary code with the highest level of privileges. All of this is done through the abuse of symlinks (symbolic links) used to deceive the operating system.

All versions of MSI Center up to and including 2.0.36.0 are vulnerable to this attack. This means that a significant number of Windows systems could be exposed to this serious threat.

Exploitation Steps

The vulnerability can be exploited through the following steps:

  1. Create an OpLock Directory: A low-privileged user creates a directory in an accessible location and, in turn, creates a file inside it. Next, the user uses a system tool to set an OpLock (Mandatory Locking) on the previously created file. An OpLock prevents other processes from accessing or modifying the file until the lock is released.
  2. Activation of the write operation via MSI Center: The “Export System Information” function in MSI Center is used to trigger a write operation to the OpLocked file.
  3. Replacing the original file with a symbolic link: As MSI Center attempts to write to the OpLocked file, the attacker replaces it with a symbolic link that points to the desired target file (e.g., a critical system file).
  4. Taking advantage of MSI Center’s High Privileges: When MSI Center attempts to complete the write operation, it will be unable to access the original file due to the OpLock. However, due to the previously created symbolic link, MSI Center will write to or overwrite the target file pointed to by the link. Since MSI Center runs with NT AUTHORITY\SYSTEM privileges, the attacker gains complete control of the target file, potentially overwriting it with malicious code or deleting it altogether.

In summary, this vulnerability exploits the combination of OpLocks and symbolic links to trick MSI Center into performing high-privileged actions on an arbitrary target file. A low-privileged attacker can leverage this method to gain system control, install malware, steal sensitive data, or cause other severe damage.

Possible Abuses

This vulnerability opens the door to a number of serious consequences, including:

  • Critical Files Compromise: An attacker can arbitrarily overwrite or delete high-privileged files, leading to potential irreparable damage to the operating system, applications, or sensitive data.
  • Silent Malware Installation: An attacker can leverage privilege escalation to install malicious software without administrator privileges, compromising the security of all system users. Furthermore, the exploitation of MSI Center, a signed Windows binary, enables the bypass of security monitoring or antivirus tools. This technique of utilizing standard Windows binaries is known as Living-Off-The-Land (LOTL).
  • Arbitrary Code Execution: An attacker can execute arbitrary code with SYSTEM privileges, gaining complete control over the system and potentially installing persistent backdoors or stealing critical data.
  • System Startup Compromise: An attacker can place malicious payloads in startup locations, triggering them automatically upon administrator login, compromising the entire system.

MSI has addressed the vulnerability in MSI Center version 2.0.38.0, released on July 3, 2024. Immediate patching to this version is crucial to mitigate the risk. The CVE-2024-37726

What is msi command center?

MSI Command Center is a user-friendly, intuitive software designed to help users control and customize their MSI motherboard and system settings. The tool allows for real-time monitoring and adjusting of various performance-related aspects such as CPU, memory, fan speeds, and temperatures. It offers features like overclocking, power management, and system tuning to enhance the overall performance and efficiency of MSI hardware components.

How to uninstall msi dragon center?

To uninstall MSI Dragon Center, follow these steps: 1. Open the Control Panel on your Windows PC. 2. Go to 'Programs and Features.' 3. Find 'MSI Dragon Center' in the list of installed programs. 4. Right-click on it and select 'Uninstall.' 5. Follow the on-screen prompts to complete the uninstallation process. Once done, it's also recommended to restart your computer to ensure all components and related files are completely removed.
Update: 07 Jul 2024
MSI Center

MSI Center download for free to PC or mobile

5
794 reviews
3011 downloads

News and reviews about MSI Center

Loading...