AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security alert for MSI Center: critical vulnerability discovered in Windows systems

A critical flaw in Windows systems allows limited users to obtain administrator privileges: find out how to protect yourself and what solutions to implement to avoid cyber attacks

A vulnerability (CVE-2024-37726) was discovered in MSI Center on Windows, allowing elevation of privilege. Users should update to version 2.0.38.0 to mitigate risks. This flaw can allow total control of the system by attackers.

This pill is also available in Italian language

A significant security vulnerability recently emerged in MSI Center software, which is widely used on Windows systems. Cataloged as CVE-2024-37726 and rated with a CVSS score of 7.8, this flaw allows users with limited privileges to gain total control of the system. Elevation of privilege is a technique where a user gains unauthorized access to higher levels, such as administrator, by exploiting this gap to perform normally prohibited operations, such as installing malware or modifying critical files, using symlinks to trick the operating system. The vulnerability affects all versions of MSI Center up to 2.0.36.0, exposing multiple Windows systems to potential threats.

Phases of vulnerability exploitation

The process of exploiting the vulnerability occurs in several key stages. In the first phase, a low-privileged user creates an accessible directory and a file within it, applying an OpLock to the file to prevent access by other processes. Subsequently, MSI Center is tricked into performing a write operation on this file. During this attempt, the attacker replaces the locked file with a symbolic junction that points to the desired target file. Finally, MSI Center, operating with elevated privileges, writes to the target file, allowing the attacker to overwrite or delete critical system files. This manipulation allows the attacker to perform malicious actions with administrator privileges.

Consequences and possible exploitations

This type of vulnerability opens the way to serious consequences for system security. An attacker could overwrite or delete critical files, potentially causing irreparable damage to the operating system. The ability to elevate privileges allows malware to be installed without requiring administrative permissions, thus compromising the security of system users. By using signed Windows binaries, the attacker can also bypass monitoring and antivirus processes. Furthermore, executing arbitrary code with elevated privileges allows one to gain full system control, including installing persistent backdoors and stealing sensitive data.

Solutions and mitigations

MSI has released a fix patch in MSI Center version 2.0.38.0, available on July 3, 2024. It is crucial to immediately update to the latest version to mitigate the risk from this vulnerability. CVE-2024-37726 poses a considerable threat to Windows systems using MSI Center, making it critical to take appropriate security measures and update in a timely manner to protect against possible cyber attacks. You are therefore advised to periodically check for software updates and implement robust security policies to prevent future vulnerabilities.

Follow us on Instagram for more pills like this

07/04/2024 19:32

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises