Was NOT expecting a happy ending.
I don't know if the part of MSI Center with the pipe vulnerability is automatically installed on desktops but this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAM.
You should reverse engineer it and write a free software replacement!
I did this for my Clevo laptop's keyboard LEDs:
https://github.com/matheusmoreira/ite-829x
Still one of my most satisfying projects and I use it to this day. These manufacturer apps are so bad. Clevo control center would take over a minute to display a window on screen, it was so aggravating. My replacement program works instantly and is scriptable.
The LED control was implemented over USB. Reversed it by capturing packets with wireshark and replaying them using libusb. MSI probably used ACPI/WMI for this which is much more annoying to work with. I gave up on reversing my laptop's ACPI/WMI features years ago but now that I've got AI I'm trying again, it's been a huge help.
Very good article, thank you!
Not sure this is that happy of an ending. I wish there was more information why - is the payout process too cumbersome and why is this person continuing to provide uncompensated value to these companies?
Oh, and of course it's so bad, that if you once uninstalled it, you need a special cleanup software which may or may not work, but most likely you're done and can't install instgain.
All to set the charging level which, say, Framework exposes in BIOS.
I know there are some Linux-based ways that are supposed to safely write the threshold to EC, but none worked in my case (reasonably new model, supported by every piece of Linux-based software I checked), and one of them flipped the VMD Controller support on, which makes my nvmes invisible to the installed OS.
Awful, terrible piece of software.
I'm really happy with my absolutely no RGB, AIO controlled with a pump header boring PC.
Why bother reporting to them ?
You could just as well sell it to third parties if it doesn't interest them.
companies should be better and if not, criminally liable for their bad code.
does this also apply to individual developers?
should Linux Torvalds or the ffmpeg developers go to jail if they merge a RCE zero-day into the Linux kernel or into ffmpeg?
if you cannot differentiate the 2, :insert rude thing here:
glad you are consistent in your beliefs
It left me thinking maybe the patch introduced a different vulnerability that’s still under an embargo :)
This does not inspire confidence. I'm assuming the pipe exists so that some GUI process running as the current user can perform privileged actions since the other end of the pipe runs as SYSTEM. At this point, just inject a thread into that GUI process and send the command - the service will think it is coming from MSI software, because it is.
The "only invoke MSI signed executables" mitigation is a good one, but if these two things are all they have done, while leaving the "arbitrary registry write" primitive in, then this is still 100% vulnerable to local privilege escalation.
The author got around a similar mitigation in their exploit for ASUS DriverHub (linked in the original article).
Can you or someone else expand on that?
As my work develop is focused on macOS and Windows apps, I need a Windows laptop and got a light Prestige 13 inch with 32GB and 125H.
It did the trick, but I had years of not understanding how the throttling works. Sometimes if I was using AC and battery was lower than 90% I had CPU throttled at 800Mhz or even 400Mhz never going over 1Ghz. it drove me nuts and my fiddling with MSI Center was always unexpected. I had some strange steps to like connect/disconnect charger, change MSI Center performance settings. none was reliable. (even with Windows Power Settings all the way to max)
Eventually I've found on a reddit thread this (strangely hidden) uninstaller: https://www.msi.com/faq/9934 https://download.msi.com/uti_exe/nb/CleanCenterMaster.zip
Leaving the throttling and fan to Microsoft + Intel seems to do much better work. I no longer look at the task manager for CPU frequency. it just works.
So I have no clue what are the advantages of MSI Center in the first place (maybe bios updating?)
It was formally deprecated in 2018 and has been surpassed in just about every single way by AES long before that.
At this point I feel like it's use is such a huge red flag
But DES is so broken that it's more of a giant flashing beacon saying "look here there are terrible decisions being made!"
msix is just a different beast entirely too.
I live on .NET/C++ universe in regards to Windows development, so it might be it isn't as nice for not blessed stacks.
If your only goal is to stop users from doing what they want on the hardware they own, you are everything that is wrong with the "security" industry today.
> including ones without local admin
I don’t know anything about windows, but it looks like a local privilege escalation.
Eh
Shrug.emoji