Several vulnerabilities spotted in MSI digital assets

Researchers have discovered numerous security vulnerabilities in systems owned by Taiwanese computer giant Micro-Star International Co., Ltd. Exploitation of these vulnerabilities could allow remote code execution attacks on MSI digital assets. Fortunately, the tech giant quickly fixed the problem before any exploitation.

Vulnerabilities in MSI Digital Assets

Swascan, an Italian cybersecurity company, has discovered three critical vulnerabilities in MSI’s digital assets.

MSI (Micro-Star International Co., Ltd.) is a technology company based in Taiwan. It specializes in the design and development of computer hardware products. These include all-in-one PCs, industrial computers, computer peripherals, servers, graphics cards, laptops, and gaming devices.

Share details in one blog post, the researchers revealed that they found these vulnerabilities through their Domain Threat Intelligence (DTI) service when scanning MSI domains.

During passive vulnerability checks on some well-known Internet domains, Swascan’s cybersecurity research team detected significant vulnerabilities on a specific IP address.

Upon further investigation, they discovered three critical vulnerabilities, including:

  • An incorrect authentication flaw leading to an unauthenticated arbitrary file reading.
  • A password disclosure vulnerability caused by insufficiently protected credentials.
  • An operating system command injection vulnerability that allows remote code execution.

MSI fixed the bugs

After finding these bugs, the researchers reported the issue to MSI officials who quickly recognized the flaws.

Addressing the latest hacking news, Pierguido Iezzi, CEO and co-founder of Swascan, highlighted how tech companies remain exposed to cybersecurity vulnerabilities. However, close cooperation between security researchers and organizations can help resolve these issues quickly.

Large businesses, by nature, are complex and heterogeneous environments. MSI is no different. A large perimeter can present a series of complexities that could allow certain vulnerabilities to slip through the net of your own security department. This is why cooperation is so important.
Once again, the whole process shows how fundamental Cyber ​​Threat intelligence has become. Cyber ​​Security is above all prevention but Threat Intelligence, and therefore predictive security has become essential for the proper management of the Corporate Cyber ​​Security Framework!

Iezzi also appreciated MSI’s vigilance in addressing vulnerabilities.

As soon as we discovered these vulnerabilities, we reached out to MSI and provided evidence and PoCs to better explain the possible consequences of these CVEs.
MSI, on the other hand, has been exceptional in receiving and acknowledging the issue and working together to resolve the issue in accordance with vulnerability disclosure best practices.

Let us know your thoughts in the comments.

Sylvia B. Polson