CVE-2021-44899
Description
MSI Center <= 1.0.31.0 drivers allow local privilege escalation via crafted IOCTL requests enabling arbitrary physical memory, MSR, and IO port access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MSI Center <= 1.0.31.0 drivers allow local privilege escalation via crafted IOCTL requests enabling arbitrary physical memory, MSR, and IO port access.
Vulnerability
The vulnerability resides in multiple kernel-mode drivers shipped with Micro-Star International (MSI) Center versions up to and including 1.0.31.0. Affected drivers include atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, and WinRing0x64.sys. These drivers expose IOCTL handlers that do not properly validate the origin or privilege level of incoming requests, allowing any local user to send crafted IOCTL codes from user mode [2]. The bug is triggered by sending specific IOCTL requests to one of the vulnerable driver devices.
Exploitation
An attacker with local access—no special privileges required—can open a handle to the driver device (e.g., \\.\NTIOLib or \\.\WinRing0) and issue the appropriate IOCTL codes. By doing so, the attacker can invoke functions such as MmMapIoSpace to map physical memory into user-space virtual address space, __readmsr/__writemsr to read or write Model-Specific Registers, and __inbyte/__outbyte to read or write 1, 2, or 4 bytes from/to an I/O port [2]. No race conditions or user interaction beyond sending IOCTLs is required.
Impact
Successful exploitation grants the attacker a powerful set of low-level capabilities: reading and writing arbitrary physical memory, manipulating MSRs, and controlling I/O ports. These primitives can be combined to escalate privileges from a low-integrity non-administrator user to NT AUTHORITY\SYSTEM, achieving full local privilege escalation [2]. The scope of compromise is the entire machine, as SYSTEM-level access allows execution of arbitrary code with the highest Windows privilege.
Mitigation
As of the CVE publication date, no official patch or updated version of MSI Center has been released. Users should monitor the vendor's support channels for a fix. Until a patched version is available, the only workaround is to disable or remove the vulnerable drivers (e.g., by uninstalling MSI Center) if not required. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog at the time of writing [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Micro-Star International (MSI)/Centerdescription
- Range: <=1.0.31.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- voidsec.commitrex_refsource_MISC
- voidsec.com/advisories/cve-2021-44899/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.