MSI Center Vulnerability Allows Local Privilege Escalation
A local privilege escalation vulnerability (ZDI-26-430, CVE-2026-6102) in MSI Center's NTIOLib_X64 driver allows attackers with initial code execution to gain SYSTEM privileges.

A critical local privilege escalation vulnerability has been identified in MSI Center, a utility software provided by MSI. The vulnerability, cataloged as ZDI-26-430 and assigned CVE-2026-6102, allows an attacker who has already gained low-privilege code execution on a target system to escalate their privileges to the highest level, effectively gaining SYSTEM access.
The core of the issue lies within the NTIOLib_X64.sys driver, a component responsible for handling certain system operations. Security researchers at the Zero Day Initiative discovered that this driver suffers from insufficient validation of the origin of commands it receives. This oversight enables a malicious actor to send specially crafted commands that trick the driver into executing arbitrary code with SYSTEM privileges.
Exploiting this vulnerability requires an attacker to first compromise the system with a low-privileged user account. Once initial access is established, the attacker can then leverage the flaw in the NTIOLib_X64.sys driver to elevate their permissions. This allows them to perform actions that are normally restricted to administrative users, including installing programs, viewing, modifying, or deleting data, and creating new accounts with full administrative rights.
The Zero Day Initiative has assigned this vulnerability a CVSS score of 7.8, classifying it as high severity. While it requires local access, the ability to escalate to SYSTEM privileges makes it a significant threat for any system running the vulnerable version of MSI Center. Such an escalation could be a crucial step in a broader attack chain, allowing an attacker to gain a foothold for further lateral movement or data exfiltration.
MSI has addressed this vulnerability by releasing version 2.0.69.0 of MSI Center. Users are strongly advised to update their software to this latest version to mitigate the risk. The vulnerability was reported to MSI on March 9, 2026, and the advisory was publicly released on July 15, 2026, following coordinated disclosure protocols.
The discovery and disclosure of ZDI-26-430 by security researcher zerozeroxz highlight the ongoing importance of thorough security auditing, even for utility software that may not be the primary target of attackers. Privilege escalation vulnerabilities remain a persistent threat, as they provide attackers with the necessary access to carry out more damaging actions on compromised systems.