A severe security vulnerability has been discovered in the Acer Control Center software, which could allow attackers to execute arbitrary code with system-level privileges. The vulnerability, identified in the ACCSvc.exe process, involves misconfigured Windows Named Pipe permissions that enable unauthenticated remote users to exploit the service’s features. This flaw creates a direct path for privilege escalation, potentially leading to the installation of persistent backdoors, deployment of ransomware, theft of sensitive user data, and complete compromise of the affected machine. Organizations utilizing Acer Control Center in their fleet of devices face significant risk if systems remain unpatched.
Source: https://cybersecuritynews.com/acer-control-center-vulnerability/
TPRM report: https://scoringcyber.rankiteo.com/company/acer
"id": "ace605061325",
"linkid": "acer",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Technology',
'name': 'Acer',
'type': 'Company'}],
'attack_vector': 'Misconfigured Windows Named Pipe permissions',
'date_resolved': '2025-05-15',
'description': 'A severe security vulnerability has been discovered in the '
'Acer Control Center software, which could allow attackers to '
'execute arbitrary code with system-level privileges. The '
'vulnerability, identified in the ACCSvc.exe process, involves '
'misconfigured Windows Named Pipe permissions that enable '
'unauthenticated remote users to exploit the service’s '
'features.',
'post_incident_analysis': {'corrective_actions': ['Download and install the '
'latest Acer Control Center '
'update',
'Consider implementing '
'network-level controls to '
'restrict access to '
'potentially vulnerable '
'systems',
'Temporarily disabling the '
'Acer Control Center '
'Service as a stopgap '
'measure'],
'root_causes': 'Improper security configurations '
'in Windows Named Pipe '
'implementation within the Acer '
'Control Center Service '
'(ACCSvc.exe)'},
'recommendations': ['Download and install the latest Acer Control Center '
'update',
'Consider implementing network-level controls to restrict '
'access to potentially vulnerable systems',
'Temporarily disabling the Acer Control Center Service as '
'a stopgap measure'],
'response': {'remediation_measures': ['Download and install the latest Acer '
'Control Center update',
'Consider implementing network-level '
'controls to restrict access to '
'potentially vulnerable systems',
'Temporarily disabling the Acer Control '
'Center Service as a stopgap measure']},
'title': 'Acer Control Center Vulnerability',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'Improper security configurations in Windows Named '
'Pipe implementation within the Acer Control '
'Center Service (ACCSvc.exe)'}