EIP-2026-117649

PRE-CVE

MSI - 'NTIOLib.sys' / 'WinIO.sys' Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117649. PoCs published by ReWolf.

AI-analyzed exploit summary This is a detailed technical analysis of a local privilege escalation vulnerability in MSI drivers (NTIOLib.sys, WinIO.sys, RTCore.sys) due to exposed physical memory access. The writeup includes root cause analysis, affected software, and exploitation steps but does not contain functional exploit code.

Description

MSI - 'NTIOLib.sys' / 'WinIO.sys' Local Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by ReWolf · textlocalwindows

https://www.exploit-db.com/exploits/40426

View Code ZIP pw:eip

This is a detailed technical analysis of a local privilege escalation vulnerability in MSI drivers (NTIOLib.sys, WinIO.sys, RTCore.sys) due to exposed physical memory access. The writeup includes root cause analysis, affected software, and exploitation steps but does not contain functional exploit code.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: MSI NTIOLib.sys, WinIO.sys, RTCore.sys (various versions)

No auth needed

Prerequisites: Presence of vulnerable MSI drivers · Local access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026