Microsoft gaming services 2.52.13001.0 unquoted service path Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-02-21 |
Type : local |
Platform : windows
This exploit / vulnerability Microsoft gaming services 2.52.13001.0 unquoted service path is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
# Discovery by: Johto Robbie
# Discovery Date: May 12, 2021
# Tested Version: 2.52.13001.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 x64 Home
# Step to discover Unquoted Service Path:
Go to Start and type cmd. Enter the following command and press Enter:
This application have no quote . And it contained in C:\Program Files. Put
mot malicious aplication with name "progarm.exe"
Stop & Start: GamingServices. "progarm.exe" will be execute
#Exploit:
An unquoted service path in
Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe, could lead to
privilege escalation during the installation process that is performed when
an executable file is registered. This could further lead to complete
compromise of confidentiality, Integrity and Availability.
#Timeline
May 12, 2021 - Reported to Microsoft
Feb 11, 2022 - Confirmed vulnerability has been fixed
Microsoft gaming services 2.52.13001.0 unquoted service path