nzeid

> After this minor hiccup, the experience with MSI was actually quite pleasant. They prepared a patch for the vulnerability within two days of me reporting it and told me which MSI Center release it was to be bundled with, and when they planned to release the new version.

Was NOT expecting a happy ending.

I don't know if the part of MSI Center with the pipe vulnerability is automatically installed on desktops but this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAM.

show comments
zipy124

MSI Center is one of the worst pieces of software that I can't get rid of. Some features I can't find easy ways to replicate such as controlling the fan/GPU/CPU profiles and battery charging. Updating the software takes FOREVER for what should be fairly simple, and it is extremely slow again for what should be simple software.

show comments
aucisson_masque

> So far, for the vulnerabilities I have reported to Google, ASUS, AMD, TP-Link, Netgear, MSI (and more), they have paid out a total of $0 in bug bounties.

Why bother reporting to them ?

You could just as well sell it to third parties if it doesn't interest them.

show comments
drdexebtjl

I wish the author went into a bit more detail about how MSI fixed it, as is usual in write ups like this.

It left me thinking maybe the patch introduced a different vulnerability that’s still under an embargo :)

show comments
rock_artist

No directly related to danger of MSI Center after years of suffering I've removed it.

As my work develop is focused on macOS and Windows apps, I need a Windows laptop and got a light Prestige 13 inch with 32GB and 125H.

It did the trick, but I had years of not understanding how the throttling works. Sometimes if I was using AC and battery was lower than 90% I had CPU throttled at 800Mhz or even 400Mhz never going over 1Ghz. it drove me nuts and my fiddling with MSI Center was always unexpected. I had some strange steps to like connect/disconnect charger, change MSI Center performance settings. none was reliable. (even with Windows Power Settings all the way to max)

Eventually I've found on a reddit thread this (strangely hidden) uninstaller: https://www.msi.com/faq/9934 https://download.msi.com/uti_exe/nb/CleanCenterMaster.zip

Leaving the throttling and fan to Microsoft + Intel seems to do much better work. I no longer look at the task manager for CPU frequency. it just works.

So I have no clue what are the advantages of MSI Center in the first place (maybe bios updating?)

Klathmon

Is there any valid reason to still be using 3DES in 2026?

It was formally deprecated in 2018 and has been surpassed in just about every single way by AES long before that.

At this point I feel like it's use is such a huge red flag

show comments
ezoe

These software from hardware vendors are awful quality just glancing at the GUI window.

userbinator

As you might have guessed, these are incredibly dangerous tools to be exposing to any authorised user

If your only goal is to stop users from doing what they want on the hardware they own, you are everything that is wrong with the "security" industry today.

show comments
eur0pa

> However, because the named pipe only responds to authenticated users, successful exploitation requires valid login credentials for the target machine.

Eh

show comments
huflungdung

You have physical access to the machine. Dump its bios and inject this https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-...

Shrug.emoji