> After this minor hiccup, the experience with MSI was actually quite pleasant. They prepared a patch for the vulnerability within two days of me reporting it and told me which MSI Center release it was to be bundled with, and when they planned to release the new version.<p>Was NOT expecting a happy ending.<p>I don't know if the part of MSI Center with the pipe vulnerability is automatically installed on desktops but this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAM.
> this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAM<p>You should reverse engineer it and write a free software replacement!<p>I did this for my Clevo laptop's keyboard LEDs:<p><a href="https://github.com/matheusmoreira/ite-829x" rel="nofollow">https://github.com/matheusmoreira/ite-829x</a><p>Still one of my most satisfying projects and I use it to this day. These manufacturer apps are <i>so</i> bad. Clevo control center would take over a minute to display a window on screen, it was so aggravating. My replacement program works instantly and is scriptable.<p>The LED control was implemented over USB. Reversed it by capturing packets with wireshark and replaying them using libusb. MSI probably used ACPI/WMI for this which is much more annoying to work with. I gave up on reversing my laptop's ACPI/WMI features years ago but now that I've got AI I'm trying again, it's been a huge help.
I did some ACPI reverse engineering on an old Toshiba laptop some years ago, with the goal of improving the Linux ACPI drivers. Learnt a lot from it, and wrote a blog post that you might find interesting: <a href="https://vorpal.se/posts/2022/aug/21/reverse-engineering-acpi-functionality-on-a-toshiba-z830-ultrabook/" rel="nofollow">https://vorpal.se/posts/2022/aug/21/reverse-engineering-acpi...</a> (100% human written, and I hate that I have to specify that these days).
And this is the only way to set the charging limit on your laptop, which is awful practice.<p>Oh, and of course it's so bad, that if you once uninstalled it, you need a special cleanup software which may or may not work, but most likely you're done and can't install instgain.<p>All to set the charging level which, say, Framework exposes in BIOS.<p>I know there are some Linux-based ways that are supposed to safely write the threshold to EC, but none worked in my case (reasonably new model, supported by every piece of Linux-based software I checked), and one of them flipped the VMD Controller support on, which makes my nvmes invisible to the installed OS.<p>Awful, terrible piece of software.
> So far, for the vulnerabilities I have reported to Google, ASUS, AMD, TP-Link, Netgear, MSI (and more), they have paid out a total of $0 in bug bounties.<p>Not sure this is that happy of an ending. I wish there was more information why - is the payout process too cumbersome and why is this person continuing to provide uncompensated value to these companies?
I love those lights. Got a case with clear sides so it's blasting rainbows at my wall all the time.
No directly related to danger of MSI Center after years of suffering I've removed it.<p>As my work develop is focused on macOS and Windows apps, I need a Windows laptop and got a light Prestige 13 inch with 32GB and 125H.<p>It did the trick, but I had years of not understanding how the throttling works. Sometimes if I was using AC and battery was lower than 90% I had CPU throttled at 800Mhz or even 400Mhz never going over 1Ghz. it drove me nuts and my fiddling with MSI Center was always unexpected. I had some strange steps to like connect/disconnect charger, change MSI Center performance settings. none was reliable. (even with Windows Power Settings all the way to max)<p>Eventually I've found on a reddit thread this (strangely hidden) uninstaller:
<a href="https://www.msi.com/faq/9934" rel="nofollow">https://www.msi.com/faq/9934</a>
<a href="https://download.msi.com/uti_exe/nb/CleanCenterMaster.zip" rel="nofollow">https://download.msi.com/uti_exe/nb/CleanCenterMaster.zip</a><p>Leaving the throttling and fan to Microsoft + Intel seems to do much better work. I no longer look at the task manager for CPU frequency. it just works.<p>So I have no clue what are the advantages of MSI Center in the first place (maybe bios updating?)
> So far, for the vulnerabilities I have reported to Google, ASUS, AMD, TP-Link, Netgear, MSI (and more), they have paid out a total of $0 in bug bounties.<p>Why bother reporting to them ?<p>You could just as well sell it to third parties if it doesn't interest them.
I wish the author went into a bit more detail about how MSI fixed it, as is usual in write ups like this.<p>It left me thinking maybe the patch introduced a different vulnerability that’s still under an embargo :)
Video by GN has a little bit of info (but not a lot). Basically they made it so that the pipes only accept input from MSI signed software + the pipes can only invoke MSI signed executables.<p><a href="https://youtu.be/Eck8NnoaD4M" rel="nofollow">https://youtu.be/Eck8NnoaD4M</a>
More likely MSI just being MSI. They're infamous for being far more concerned about image than most vendors so don't expect much info.
Is there any valid reason to still be using 3DES in 2026?<p>It was formally deprecated in 2018 and has been surpassed in just about every single way by AES long before that.<p>At this point I feel like it's use is such a huge red flag
It was an architectural problem, not an encryption problem. Even with AES instead of 3DES, the same issue would exist, which is spoofing the commands of any of the legitimate MSI services.
I mean they're still using Inno Setup which was pretty cool in 2004.
For some reason, that holds an appxbundle per the article. I'd suspect they needed to run some pre- or post-install code (maybe to check for their hardware?).
Unfortunately plenty of folks still didn't got the memo MSI and MSIX exist.
I mean I still build windows installers with NSIS which has somehow just-worked for decades.
> However, because the named pipe only responds to authenticated users, successful exploitation requires valid login credentials for the target machine.<p>Eh
[dead]
You have physical access to the machine. Dump its bios and inject this <a href="https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx" rel="nofollow">https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-...</a><p>Shrug.emoji
<i>As you might have guessed, these are incredibly dangerous tools to be exposing to any authorised user</i><p>If your only goal is to stop users from doing what they want on the hardware they own, you are everything that is wrong with the "security" industry today.
You cut the rest of the sentence<p>> including ones without local admin<p>I don’t know anything about windows, but it looks like a local privilege escalation.
I don't want any random program on my computer to be able to change all of my system settings and terminate security processes.