Researchers discovered numerous security vulnerabilities in systems belonging to the Taiwanese IT giant Micro-Star International Co., Ltd. Exploiting these vulnerabilities could allow remote code execution attacks on MSI digital assets. Fortunately, the tech giant promptly addressed the matter before any exploitation occurred.
Vulnerabilities In MSI Digital Assets
Swascan, an Italian cybersecurity firm, has found three critical vulnerabilities affecting MSI digital assets.
MSI (Micro-Star International Co., Ltd.) is a Taiwanese-based technology firm. It specializes in the designing and development of computing hardware products. These include all-in-one PCs, industrial computers, computer peripheral devices, servers, graphics cards, laptops, and gaming devices.
Sharing the details in a blog post, the researchers revealed that they found these vulnerabilities via their Domain Threat Intelligence (DTI) service while analyzing MSI domains.
During passive vulnerability checks on some well-known internet domains, Swascan’s Cyber Security Research Team detected some important vulnerabilities on a specific IP.
Investigating further made them discover three critical vulnerabilities that include,
- An improper authentication flaw leading to an unauthenticated arbitrary file read.
- A password disclosure vulnerability due to insufficiently protected credentials.
- An OS command injection vulnerability allowing remote code execution.
MSI Patched The Bugs
After finding these bugs, the researchers reported the matter to MSI officials that promptly acknowledged the flaws.
Talking to Latest Hacking News, Pierguido Iezzi, CEO and co-founder of Swascan, highlighted how tech firms remain exposed to cybersecurity vulnerabilities. However, close cooperation between the security researchers and the organizations can help address these matters quickly.
Big companies, by nature, are complex and heterogenous environments. MSI is no different. A vast perimeter can present a series of complexities that could let some vulnerabilities slip through the net of your own security department. This is why cooperation is so important.
Once again, the whole process shows how fundamental Cyber Threat intelligence has become. Cyber Security is prevention first and foremost but Threat Intelligence, and consequently predictive security has become essential for the proper management of the Corporate Cyber Security Framework!
Iezzi also appreciated MSI’s vigilance towards patching the vulnerabilities.
As soon as we discovered these vulnerabilities, we contacted MSI and provided evidences and PoCs to better explain the possible consequences of these CVEs.
On their part, MSI was exceptional in receiving and acknowledging the problem and in working together to resolve the issue in line with the best practice of Vulnerability Disclosure.
Let us know your thoughts in the comments.