MSI Center Notebook Foundation service grants LocalSystem execution to any authenticated user via MSI_SERVICE_2 pipe
MSI Center exposes a SYSTEM-level named pipe to all authenticated users through weak ACLs and 3DES obfuscation. The flaw enables instant privilege escalation on millions of gaming and workstation systems. Similar OEM service issues indicate a recurring vendor pattern of insecure pre-installed tooling.
Operational impact is direct: an attacker with a standard user session can disable Windows Defender, persist via registry run keys, or deploy payloads without triggering UAC. MSI has not published a CVE or patch timeline in the primary disclosure. Remediation requires either removing the service or replacing the pipe ACL and encryption layer with proper service-to-service authentication.
MSI: Ships signed update disabling or hardening MSI_SERVICE_2 on 70 percent of supported Center installations inside 120 days
Sources (3)
- [1]Primary Source(https://mrbruh.com/msicenter/)
- [2]Supporting Source(https://www.bleepingcomputer.com/news/security/asus-armoury-crate-flaws-allowed-system-takeover/)
- [3]Supporting Source(https://nvd.nist.gov/vuln/detail/CVE-2023-41381)