MSI Installer Vulnerability Let Attackers Escalate Privileges with Windows Systems

A critical local privilege escalation vulnerability has been discovered in MSI Center versions 2.0.36.0 and earlier, allowing low-privileged users to escalate their privileges on Windows systems.
This security flaw, tracked as CVE-2024-37726, stems from insecure file operations performed by the MSI Center application running with NT AUTHORITYSYSTEM privileges.
A low-privileged user creates a directory and sets an OpLock on a file within it.
While the OpLock is in place, the user moves the original file and creates a junction to a target file.
This allows the MSI Center application to overwrite or delete the target file with SYSTEM privileges.
Security researcher carsonchan12345 said that manipulating this process can allow an attacker to overwrite or delete critical system files, leading to a full system compromise.
MSI has addressed this vulnerability in version 2.0.38.0 of MSI Center, released on July 3, 2024.
Users are strongly advised to update to this latest version to mitigate the risk.
This incident highlights the importance of proper file system access controls and the potential dangers of applications running with elevated privileges.
Organizations and individual users should prioritize updating affected systems and conduct thorough security audits to identify and address similar vulnerabilities.
To verify if your MSI Center version is affected by this vulnerability, you should check the version number of your installed MSI Center application.
The vulnerability affects MSI Center versions 2.0.36.0 and earlier.
If your MSI Center version is 2.0.36.0 or earlier, your system is potentially vulnerable.
The vulnerability has been fixed in version 2.0.38.0, released on July 3, 2024.
Update MSI Center to the latest version if available.
If an update is not yet available, consider temporarily uninstalling or disabling MSI Center until an update is released.
Monitor MSI's official website or support channels for security advisories and updates.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 04 Jul 2024 03:40:17 +0000

Cyber News related to MSI Installer Vulnerability Let Attackers Escalate Privileges with Windows Systems

MSI Installer Vulnerability Let Attackers Escalate Privileges with Windows Systems - A critical local privilege escalation vulnerability has been discovered in MSI Center versions 2.0.36.0 and earlier, allowing low-privileged users to escalate their privileges on Windows systems. This security flaw, tracked as CVE-2024-37726, stems ...
1 year ago Cybersecuritynews.com CVE-2024-37726

CVE-2024-56760 - In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: ...
11 months ago Tenable.com

CVE-2025-38062 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
2 years ago Techrepublic.com

CVE-2023-1314 - A vulnerability has been discovered in cloudflared's installer (< 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability ...
2 years ago

The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
2 years ago Cyberdefensemagazine.com

IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com

Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
2 years ago Bleepingcomputer.com

Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
2 years ago Bleepingcomputer.com

CVE-2023-1412 - An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (< 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic ...
2 years ago

CVE-2023-53175 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

CVE-2025-39674 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
2 years ago Securityboulevard.com

Windows Incident Response: Human Behavior In Digital Forensics, pt II - Targeted Threat ActorI was working a targeted threat actor response, and while we were continuing to collect information for scoping, so we could move to containment, we found that on one day, from one endpoint, the threat actor pushed their RAT ...
1 year ago Windowsir.blogspot.com

CVE-2023-30585 - A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the ...
1 year ago

Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
2 years ago Bleepingcomputer.com

New Chrome Installer Breaks With Error “This App can’t Run on your PC” on Windows 10 & 11 - Another method reported by affected users involves completely removing previous Chrome installations by deleting the Google folder under “C:\Program Files (x86)\Google” before attempting a fresh installation. This finding confirms that ...
8 months ago Cybersecuritynews.com

Sophos Intercept X for Windows Vulnerabilities Enable Arbitrary Code Execution - The registry ACL vulnerability CVE-2024-13972 impacts all Intercept X for Windows installations prior to version 2024.3.2, as well as Fixed Term Support (FTS) 2024.3.2.23.2 and Long Term Support (LTS) 2025.0.1.1.2 releases. Identified as ...
5 months ago Cybersecuritynews.com CVE-2024-13972

CVE-2024-27303 - electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system ...
1 year ago Tenable.com

Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses - As threat actors adapt their techniques, Microsoft has responded with significant security enhancements while organizations navigate a complex threat environment dominated by privilege escalation attacks and driver vulnerabilities. This Windows ...
7 months ago Cybersecuritynews.com CVE-2025-0289

Microsoft fixes Copilot issue blocking Windows 11 upgrades - Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. On Windows systems with more than one ...
1 year ago Bleepingcomputer.com CVE-2024-20666

New StealC V2 Expands to Include Microsoft Software Installer Packages and PowerShell Scripts - The malware also features a redesigned control panel with an integrated builder, allowing threat actors to customize payload delivery rules based on various factors including geolocation, hardware IDs (HWID), and installed software. The researchers ...
7 months ago Cybersecuritynews.com

Microsoft disables MSIX protocol handler abused in malware attacks - Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. The attackers exploited the CVE-2021-43890 Windows AppX Installer spoofing ...
1 year ago Bleepingcomputer.com CVE-2021-43890 FIN7

Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs - Microsoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2. Two weeks ago, the company introduced Copilot to Windows 10 Insiders ...
2 years ago Bleepingcomputer.com