CVE-2024-37726

Name of the Vulnerable Software and Affected Versions MSI Center versions 2.0.36.0 and earlier

Description A local privilege escalation vulnerability has been identified in MSI Center, allowing a low-privileged user to arbitrarily overwrite or delete high-privileged and critical files on a system. This issue is caused by the MSI Center application running with NT AUTHORITYSYSTEM privileges and writing files to a low-privilege user-controlled directory. The vulnerability can be triggered when a low-privileged user creates a directory, sets an OpLock on a file within that directory, and utilizes the "Export System Info" function in MSI Center to trigger a file write operation on the OpLocked file. While the OpLock is in place, the user can move the original file and create a junction to a target file, allowing the MSI Center application to overwrite or delete the target file with SYSTEM privileges.

Recommendations For MSI Center versions 2.0.36.0 and earlier, consider disabling the "Export System Info" function in MSI Center until a patch is available to prevent exploitation of this vulnerability. Restrict access to the MSI Center application to minimize the risk of unauthorized access to sensitive data or system control. As a temporary workaround, avoid using the MSI Center application with low-privileged user accounts to reduce the risk of privilege escalation attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.