MSI Center – How to gain SYSTEM privileges in seconds
MrBruh
63 points
12 comments
July 04, 2026
Related Discussions
Found 5 related stories in 1085.9ms across 14,015 title embeddings via pgvector HNSW
- MSYS2 and the No-Fuss Way to Get More GNU into Your Windows Tomte · 29 pts · June 22, 2026 · 45% similar
- CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root askl · 118 pts · March 18, 2026 · 42% similar
- RedSun: System user access on Win 11/10 and Server with the April 2026 Update airhangerf15 · 32 pts · April 16, 2026 · 41% similar
- BlueHammer abuses Windows Defender's update process to gain SYSTEM access BullsEye0 · 26 pts · April 11, 2026 · 41% similar
- FatGid: FreeBSD 14.x kernel local privilege escalation WhyNotHugo · 92 pts · May 21, 2026 · 41% similar
Discussion Highlights (5 comments)
huflungdung
You have physical access to the machine. Dump its bios and inject this https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-... Shrug.emoji
Klathmon
Is there any valid reason to still be using 3DES in 2026? It was formally deprecated in 2018 and has been surpassed in just about every single way by AES long before that. At this point I feel like it's use is such a huge red flag
nzeid
> After this minor hiccup, the experience with MSI was actually quite pleasant. They prepared a patch for the vulnerability within two days of me reporting it and told me which MSI Center release it was to be bundled with, and when they planned to release the new version. Was NOT expecting a happy ending. I don't know if the part of MSI Center with the pipe vulnerability is automatically installed on desktops but this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAM.
drdexebtjl
I wish the author went into a bit more detail about how MSI fixed it, as is usual in write ups like this. It left me thinking maybe the patch introduced a different vulnerability that’s still under an embargo :)
aucisson_masque
> So far, for the vulnerabilities I have reported to Google, ASUS, AMD, TP-Link, Netgear, MSI (and more), they have paid out a total of $0 in bug bounties. Why bother reporting to them ? You could just as well sell it to third parties if it doesn't interest them.