A local privilege escalation vulnerability on Windows OS has been identified in MSI Center versions <= 2.0.36.0, which allows a low-privileged user to arbitrarily overwrite or delete high-privileged and critical files on a system. This vulnerability is caused by the MSI Center application running with NT AUTHORITY\SYSTEM privileges and writing the file to a low privilege user controlled directory, which allows a low-privileged user to manipulate the file system with symlink and trick the application into writing or overwriting files in arbitrary locations.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-37726